epsilon | 0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EpsilonFruit.exe
Size

69.7MB
MD5

3b75fbd96388d92a64dc14d9aeea8235
SHA1

5e8ac216d79c651babaff716638433e0ec1e3b36
SHA256

0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149
SHA512

9294154deae66eb89c03dc4d5cd018025eaa3b943f4c193edd8216ae13acdf549ea0a5687da1ee39e51c3b8b8dde76f94b37da1186ce05bb5b359f5f2ff6f79e
SSDEEP

1572864:U45L3pDgGUo6tl3M4nqp9rLqDND6+wO+OfbQHe2G2hCN/h:7Dgx3Zq/rLfRO+HeXKCNh

Score

10^/10

epsilon evasion persistence spyware stealer

Malware Config

Signatures

Epsilon Stealer
Information stealer.
stealer epsilon

Enumerates VirtualBox registry keys 2 TTPs 5 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

EpsilonFruit.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService	EpsilonFruit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF	EpsilonFruit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo	EpsilonFruit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest	EpsilonFruit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse	EpsilonFruit.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

EpsilonFruit.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__	EpsilonFruit.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	EpsilonFruit.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__	EpsilonFruit.exe

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

EpsilonFruit.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions EpsilonFruit.exe
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

EpsilonFruit.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools EpsilonFruit.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	EpsilonFruit.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools	EpsilonFruit.exe

Checks BIOS information in registry 2 TTPs 3 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EpsilonFruit.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	EpsilonFruit.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	EpsilonFruit.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	EpsilonFruit.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EpsilonFruit.exeEpsilonFruit.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	EpsilonFruit.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	EpsilonFruit.exe

Executes dropped EXE 64 IoCs

Processes:

EpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exescreenCapture_1.3.2.exe

pid	process
1664	EpsilonFruit.exe
5060	EpsilonFruit.exe
5104	EpsilonFruit.exe
1500	EpsilonFruit.exe
5056	EpsilonFruit.exe
2376	screenCapture_1.3.2.exe
1884	screenCapture_1.3.2.exe
3412	screenCapture_1.3.2.exe
4516	screenCapture_1.3.2.exe
1292	screenCapture_1.3.2.exe
4472	screenCapture_1.3.2.exe
3780	screenCapture_1.3.2.exe
2684	screenCapture_1.3.2.exe
4564	screenCapture_1.3.2.exe
968	screenCapture_1.3.2.exe
3384	screenCapture_1.3.2.exe
1544	screenCapture_1.3.2.exe
4756	screenCapture_1.3.2.exe
2992	screenCapture_1.3.2.exe
4728	screenCapture_1.3.2.exe
4456	screenCapture_1.3.2.exe
4956	screenCapture_1.3.2.exe
2844	screenCapture_1.3.2.exe
4200	screenCapture_1.3.2.exe
3284	screenCapture_1.3.2.exe
1444	screenCapture_1.3.2.exe
4916	screenCapture_1.3.2.exe
3556	screenCapture_1.3.2.exe
3588	screenCapture_1.3.2.exe
4320	screenCapture_1.3.2.exe
2584	screenCapture_1.3.2.exe
2008	screenCapture_1.3.2.exe
4068	screenCapture_1.3.2.exe
3384	screenCapture_1.3.2.exe
4992	screenCapture_1.3.2.exe
4072	screenCapture_1.3.2.exe
3584	screenCapture_1.3.2.exe
3880	screenCapture_1.3.2.exe
4456	screenCapture_1.3.2.exe
2928	screenCapture_1.3.2.exe
4452	screenCapture_1.3.2.exe
1976	screenCapture_1.3.2.exe
4068	screenCapture_1.3.2.exe
4756	screenCapture_1.3.2.exe
4372	screenCapture_1.3.2.exe
4656	screenCapture_1.3.2.exe
4640	screenCapture_1.3.2.exe
2984	screenCapture_1.3.2.exe
4816	screenCapture_1.3.2.exe
2924	screenCapture_1.3.2.exe
2376	screenCapture_1.3.2.exe
4400	screenCapture_1.3.2.exe
3012	screenCapture_1.3.2.exe
1504	screenCapture_1.3.2.exe
4192	screenCapture_1.3.2.exe
1384	screenCapture_1.3.2.exe
808	screenCapture_1.3.2.exe
1732	screenCapture_1.3.2.exe
4444	screenCapture_1.3.2.exe
4108	screenCapture_1.3.2.exe
3824	screenCapture_1.3.2.exe
4816	screenCapture_1.3.2.exe
1384	screenCapture_1.3.2.exe
3780	screenCapture_1.3.2.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

EpsilonFruit.exe

description ioc process

Key opened \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Wine EpsilonFruit.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Wine	EpsilonFruit.exe

Loads dropped DLL 15 IoCs

Processes:

EpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exe

pid	process
2348	EpsilonFruit.exe
2348	EpsilonFruit.exe
2348	EpsilonFruit.exe
1664	EpsilonFruit.exe
1664	EpsilonFruit.exe
1664	EpsilonFruit.exe
5060	EpsilonFruit.exe
5104	EpsilonFruit.exe
1500	EpsilonFruit.exe
5060	EpsilonFruit.exe
5060	EpsilonFruit.exe
5060	EpsilonFruit.exe
5056	EpsilonFruit.exe
1664	EpsilonFruit.exe
3792	EpsilonFruit.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe"	reg.exe

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

27 ipinfo.io
28 ipinfo.io
Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs
Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery
T1082

Processes:

EpsilonFruit.exe

description ioc process

File opened (read-only) \??\VBoxMiniRdrDN EpsilonFruit.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.

System Information Discovery
T1082

Processes:

WMIC.exe

pid process

2584 WMIC.exe
Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

3588 tasklist.exe
1960 tasklist.exe
Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

3384 taskkill.exe

flow	ioc
27	ipinfo.io
28	ipinfo.io

description	ioc	process
File opened (read-only)	\??\VBoxMiniRdrDN	EpsilonFruit.exe

pid	process
2584	WMIC.exe

pid	process
3588	tasklist.exe
1960	tasklist.exe

pid	process
3384	taskkill.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

EpsilonFruit.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	EpsilonFruit.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	EpsilonFruit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	EpsilonFruit.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

EpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exeEpsilonFruit.exe

pid	process
1664	EpsilonFruit.exe
1664	EpsilonFruit.exe
1500	EpsilonFruit.exe
1500	EpsilonFruit.exe
5104	EpsilonFruit.exe
5104	EpsilonFruit.exe
3792	EpsilonFruit.exe
3792	EpsilonFruit.exe
3792	EpsilonFruit.exe
3792	EpsilonFruit.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

EpsilonFruit.exeWMIC.exeAUDIODG.EXEEpsilonFruit.exetaskkill.exetasklist.exeWMIC.exe

description	pid	process
Token: SeSecurityPrivilege	2348	EpsilonFruit.exe
Token: SeIncreaseQuotaPrivilege	2008	WMIC.exe
Token: SeSecurityPrivilege	2008	WMIC.exe
Token: SeTakeOwnershipPrivilege	2008	WMIC.exe
Token: SeLoadDriverPrivilege	2008	WMIC.exe
Token: SeSystemProfilePrivilege	2008	WMIC.exe
Token: SeSystemtimePrivilege	2008	WMIC.exe
Token: SeProfSingleProcessPrivilege	2008	WMIC.exe
Token: SeIncBasePriorityPrivilege	2008	WMIC.exe
Token: SeCreatePagefilePrivilege	2008	WMIC.exe
Token: SeBackupPrivilege	2008	WMIC.exe
Token: SeRestorePrivilege	2008	WMIC.exe
Token: SeShutdownPrivilege	2008	WMIC.exe
Token: SeDebugPrivilege	2008	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2008	WMIC.exe
Token: SeRemoteShutdownPrivilege	2008	WMIC.exe
Token: SeUndockPrivilege	2008	WMIC.exe
Token: SeManageVolumePrivilege	2008	WMIC.exe
Token: 33	2008	WMIC.exe
Token: 34	2008	WMIC.exe
Token: 35	2008	WMIC.exe
Token: 36	2008	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2008	WMIC.exe
Token: SeSecurityPrivilege	2008	WMIC.exe
Token: SeTakeOwnershipPrivilege	2008	WMIC.exe
Token: SeLoadDriverPrivilege	2008	WMIC.exe
Token: SeSystemProfilePrivilege	2008	WMIC.exe
Token: SeSystemtimePrivilege	2008	WMIC.exe
Token: SeProfSingleProcessPrivilege	2008	WMIC.exe
Token: SeIncBasePriorityPrivilege	2008	WMIC.exe
Token: SeCreatePagefilePrivilege	2008	WMIC.exe
Token: SeBackupPrivilege	2008	WMIC.exe
Token: SeRestorePrivilege	2008	WMIC.exe
Token: SeShutdownPrivilege	2008	WMIC.exe
Token: SeDebugPrivilege	2008	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2008	WMIC.exe
Token: SeRemoteShutdownPrivilege	2008	WMIC.exe
Token: SeUndockPrivilege	2008	WMIC.exe
Token: SeManageVolumePrivilege	2008	WMIC.exe
Token: 33	2008	WMIC.exe
Token: 34	2008	WMIC.exe
Token: 35	2008	WMIC.exe
Token: 36	2008	WMIC.exe
Token: 33	528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	528	AUDIODG.EXE
Token: SeShutdownPrivilege	1664	EpsilonFruit.exe
Token: SeCreatePagefilePrivilege	1664	EpsilonFruit.exe
Token: SeDebugPrivilege	3384	taskkill.exe
Token: SeDebugPrivilege	1960	tasklist.exe
Token: SeIncreaseQuotaPrivilege	3272	WMIC.exe
Token: SeSecurityPrivilege	3272	WMIC.exe
Token: SeTakeOwnershipPrivilege	3272	WMIC.exe
Token: SeLoadDriverPrivilege	3272	WMIC.exe
Token: SeSystemProfilePrivilege	3272	WMIC.exe
Token: SeSystemtimePrivilege	3272	WMIC.exe
Token: SeProfSingleProcessPrivilege	3272	WMIC.exe
Token: SeIncBasePriorityPrivilege	3272	WMIC.exe
Token: SeCreatePagefilePrivilege	3272	WMIC.exe
Token: SeBackupPrivilege	3272	WMIC.exe
Token: SeRestorePrivilege	3272	WMIC.exe
Token: SeShutdownPrivilege	3272	WMIC.exe
Token: SeDebugPrivilege	3272	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3272	WMIC.exe
Token: SeRemoteShutdownPrivilege	3272	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

EpsilonFruit.exe

pid process

1664 EpsilonFruit.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

EpsilonFruit.exeEpsilonFruit.execmd.exe

description	pid	process	target process
PID 2348 wrote to memory of 1664	2348	EpsilonFruit.exe	EpsilonFruit.exe
PID 2348 wrote to memory of 1664	2348	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 2836	1664	EpsilonFruit.exe	screenCapture_1.3.2.exe
PID 1664 wrote to memory of 2836	1664	EpsilonFruit.exe	screenCapture_1.3.2.exe
PID 2836 wrote to memory of 2008	2836	cmd.exe	cmd.exe
PID 2836 wrote to memory of 2008	2836	cmd.exe	cmd.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5060	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5104	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5104	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 1500	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 1500	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe
PID 1664 wrote to memory of 5056	1664	EpsilonFruit.exe	EpsilonFruit.exe

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
  C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
  2⤵
  - Enumerates VirtualBox registry keys
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Looks for VirtualBox Guest Additions in registry
  - Looks for VMWare Tools registry key
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Identifies Wine through registry keys
  - Loads dropped DLL
  - Checks for VirtualBox DLLs, possible anti-VM trick
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic CsProduct Get UUID
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2008
- - C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
    "C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1776,8346313879302311758,10971609972747785774,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
    "C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2064 --field-trial-handle=1776,8346313879302311758,10971609972747785774,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
    "C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2320 --field-trial-handle=1776,8346313879302311758,10971609972747785774,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
    "C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2932 --field-trial-handle=1776,8346313879302311758,10971609972747785774,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
    3⤵
    PID:1080
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM chrome.exe /F
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
    3⤵
    PID:2368
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
      4⤵
      PID:2360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
    3⤵
    PID:3820
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
      4⤵
      PID:4168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1504
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:1960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
    3⤵
    PID:2280
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
    3⤵
    PID:3284
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
    3⤵
    PID:3040
  - - C:\Windows\system32\cmd.exe
      cmd /c chcp 65001
      4⤵
      PID:3920
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:968
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ig41cm.j7wps.jpg" "
    3⤵
    PID:1484
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      PID:4100
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9D98.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1361840983144B9F8075E98C19C290AC.TMP"
        5⤵
        
        PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ig41cm.j7wps.jpg"
      4⤵
      Executes dropped EXE
      PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"
    3⤵
    PID:4944
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f
      4⤵
      Adds Run key to start application
      PID:3344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2828
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ibupgu.rm0ul.jpg" "
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ibupgu.rm0ul.jpg"
      4⤵
      Executes dropped EXE
      PID:1884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-756ka9.3p3pr.jpg" "
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-756ka9.3p3pr.jpg"
      4⤵
      Executes dropped EXE
      PID:3412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2716t8.70ub7.jpg" "
    3⤵
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2716t8.70ub7.jpg"
      4⤵
      Executes dropped EXE
      PID:4516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-qibmh0.q0rjp.jpg" "
    3⤵
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-qibmh0.q0rjp.jpg"
      4⤵
      Executes dropped EXE
      PID:1292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1v4pv10.548l.jpg" "
    3⤵
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1v4pv10.548l.jpg"
      4⤵
      Executes dropped EXE
      PID:4472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ime3fa.b65hg.jpg" "
    3⤵
    PID:516
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ime3fa.b65hg.jpg"
      4⤵
      Executes dropped EXE
      PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1p75m1g.hdqb.jpg" "
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1p75m1g.hdqb.jpg"
      4⤵
      Executes dropped EXE
      PID:2684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-161jy8w.l0rkl.jpg" "
    3⤵
    PID:1444
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-161jy8w.l0rkl.jpg"
      4⤵
      Executes dropped EXE
      PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6yheat.1jljo.jpg" "
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6yheat.1jljo.jpg"
      4⤵
      Executes dropped EXE
      PID:968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-eqf8mw.4axuh.jpg" "
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-eqf8mw.4axuh.jpg"
      4⤵
      Executes dropped EXE
      PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1in2hf.vzuwi.jpg" "
    3⤵
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1in2hf.vzuwi.jpg"
      4⤵
      Executes dropped EXE
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bx1gdy.4xgw8.jpg" "
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bx1gdy.4xgw8.jpg"
      4⤵
      Executes dropped EXE
      PID:4756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ob9aem.nzygh.jpg" "
    3⤵
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ob9aem.nzygh.jpg"
      4⤵
      Executes dropped EXE
      PID:2992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-cpzqv1.wrp8e.jpg" "
    3⤵
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-cpzqv1.wrp8e.jpg"
      4⤵
      Executes dropped EXE
      PID:4728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1442y15.60ul.jpg" "
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1442y15.60ul.jpg"
      4⤵
      Executes dropped EXE
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-11dnkvs.yw9rj.jpg" "
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-11dnkvs.yw9rj.jpg"
      4⤵
      Executes dropped EXE
      PID:4956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-k4apby.b39t8.jpg" "
    3⤵
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-k4apby.b39t8.jpg"
      4⤵
      Executes dropped EXE
      PID:2844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-7uswit.yjkjd.jpg" "
    3⤵
    PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-7uswit.yjkjd.jpg"
      4⤵
      Executes dropped EXE
      PID:4200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-187unx4.4lr5.jpg" "
    3⤵
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-187unx4.4lr5.jpg"
      4⤵
      Executes dropped EXE
      PID:3284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-7skldr.14rfl.jpg" "
    3⤵
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-7skldr.14rfl.jpg"
      4⤵
      Executes dropped EXE
      PID:1444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-k3bvyv.9htkg.jpg" "
    3⤵
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-k3bvyv.9htkg.jpg"
      4⤵
      Executes dropped EXE
      PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-686op1.3rf6r.jpg" "
    3⤵
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-686op1.3rf6r.jpg"
      4⤵
      Executes dropped EXE
      PID:3556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-x4xff7.xezk.jpg" "
    3⤵
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-x4xff7.xezk.jpg"
      4⤵
      Executes dropped EXE
      PID:3588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-121butt.2yxf.jpg" "
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-121butt.2yxf.jpg"
      4⤵
      Executes dropped EXE
      PID:4320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-rdhq2i.n6wh.jpg" "
    3⤵
    PID:4004
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-rdhq2i.n6wh.jpg"
      4⤵
      Executes dropped EXE
      PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ihj1pc.r8d2.jpg" "
    3⤵
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ihj1pc.r8d2.jpg"
      4⤵
      Executes dropped EXE
      PID:2008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1o2cs1q.3gxm.jpg" "
    3⤵
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1o2cs1q.3gxm.jpg"
      4⤵
      Executes dropped EXE
      PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1svlm24.xqwb.jpg" "
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1svlm24.xqwb.jpg"
      4⤵
      Executes dropped EXE
      PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8f4g9s.vnfyd.jpg" "
    3⤵
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8f4g9s.vnfyd.jpg"
      4⤵
      Executes dropped EXE
      PID:4992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-nwbj3d.3jj5.jpg" "
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-nwbj3d.3jj5.jpg"
      4⤵
      Executes dropped EXE
      PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kq9ie.abtwb.jpg" "
    3⤵
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kq9ie.abtwb.jpg"
      4⤵
      Executes dropped EXE
      PID:3584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-or0yza.fzs8.jpg" "
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-or0yza.fzs8.jpg"
      4⤵
      Executes dropped EXE
      PID:3880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6vf349.q47ry.jpg" "
    3⤵
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6vf349.q47ry.jpg"
      4⤵
      Executes dropped EXE
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tnovh3.5c2dk.jpg" "
    3⤵
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tnovh3.5c2dk.jpg"
      4⤵
      Executes dropped EXE
      PID:2928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ptpnj3.f0srb.jpg" "
    3⤵
    PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ptpnj3.f0srb.jpg"
      4⤵
      Executes dropped EXE
      PID:4452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1fyc93u.m3st.jpg" "
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1fyc93u.m3st.jpg"
      4⤵
      Executes dropped EXE
      PID:1976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1sa0bus.1bpt.jpg" "
    3⤵
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1sa0bus.1bpt.jpg"
      4⤵
      Executes dropped EXE
      PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lzey3d.uqby.jpg" "
    3⤵
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lzey3d.uqby.jpg"
      4⤵
      Executes dropped EXE
      PID:4756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hlhet.3ynkj.jpg" "
    3⤵
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hlhet.3ynkj.jpg"
      4⤵
      Executes dropped EXE
      PID:4372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-101ni5l.m3br.jpg" "
    3⤵
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-101ni5l.m3br.jpg"
      4⤵
      Executes dropped EXE
      PID:4656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-dh0six.gccn8.jpg" "
    3⤵
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-dh0six.gccn8.jpg"
      4⤵
      Executes dropped EXE
      PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1nphuq5.ocwo.jpg" "
    3⤵
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1nphuq5.ocwo.jpg"
      4⤵
      Executes dropped EXE
      PID:2984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1150fr9.soao.jpg" "
    3⤵
    PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1150fr9.soao.jpg"
      4⤵
      Executes dropped EXE
      PID:4816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-yuqv6n.xgr88.jpg" "
    3⤵
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-yuqv6n.xgr88.jpg"
      4⤵
      Executes dropped EXE
      PID:2924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oz51l4.1ajo.jpg" "
    3⤵
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oz51l4.1ajo.jpg"
      4⤵
      Executes dropped EXE
      PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-xfqdvi.q3a3d.jpg" "
    3⤵
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-xfqdvi.q3a3d.jpg"
      4⤵
      Executes dropped EXE
      PID:4400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15sndyk.rzoik.jpg" "
    3⤵
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15sndyk.rzoik.jpg"
      4⤵
      Executes dropped EXE
      PID:3012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hbllr1.3wwp.jpg" "
    3⤵
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hbllr1.3wwp.jpg"
      4⤵
      Executes dropped EXE
      PID:1504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1h3fzro.nks5i.jpg" "
    3⤵
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1h3fzro.nks5i.jpg"
      4⤵
      Executes dropped EXE
      PID:4192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qhc119.qnb5.jpg" "
    3⤵
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qhc119.qnb5.jpg"
      4⤵
      Executes dropped EXE
      PID:1384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ex968o.gi6hc.jpg" "
    3⤵
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ex968o.gi6hc.jpg"
      4⤵
      Executes dropped EXE
      PID:808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1akpnfr.ghh6.jpg" "
    3⤵
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1akpnfr.ghh6.jpg"
      4⤵
      Executes dropped EXE
      PID:1732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-17055oy.te0u.jpg" "
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-17055oy.te0u.jpg"
      4⤵
      Executes dropped EXE
      PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14a7hax.4146.jpg" "
    3⤵
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14a7hax.4146.jpg"
      4⤵
      Executes dropped EXE
      PID:4108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-jcydx.9m0g6c.jpg" "
    3⤵
    PID:2620
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-jcydx.9m0g6c.jpg"
      4⤵
      Executes dropped EXE
      PID:3824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wpuhmz.f3s3.jpg" "
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wpuhmz.f3s3.jpg"
      4⤵
      Executes dropped EXE
      PID:4816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ek1bph.dcjx.jpg" "
    3⤵
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ek1bph.dcjx.jpg"
      4⤵
      Executes dropped EXE
      PID:1384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-34orki.6hiex.jpg" "
    3⤵
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-34orki.6hiex.jpg"
      4⤵
      Executes dropped EXE
      PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1vfrnvh.vq5l.jpg" "
    3⤵
    PID:1080
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1vfrnvh.vq5l.jpg"
      4⤵
      PID:3292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1owl4js.jefu.jpg" "
    3⤵
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1owl4js.jefu.jpg"
      4⤵
      PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4p788h.z4v83.jpg" "
    3⤵
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4p788h.z4v83.jpg"
      4⤵
      PID:2320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-q97uwc.mww9.jpg" "
    3⤵
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-q97uwc.mww9.jpg"
      4⤵
      PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-jshs0j.1cqs.jpg" "
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-jshs0j.1cqs.jpg"
      4⤵
      PID:2252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1p2mqvg.t9q4.jpg" "
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1p2mqvg.t9q4.jpg"
      4⤵
      PID:1480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-18s7w51.dg4c.jpg" "
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-18s7w51.dg4c.jpg"
      4⤵
      PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gfv7gt.gni7j.jpg" "
    3⤵
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gfv7gt.gni7j.jpg"
      4⤵
      PID:1484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ut0f6z.9a4jm.jpg" "
    3⤵
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ut0f6z.9a4jm.jpg"
      4⤵
      PID:2324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lkis6v.gg3a.jpg" "
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lkis6v.gg3a.jpg"
      4⤵
      PID:4424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oqupkm.5p1b.jpg" "
    3⤵
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oqupkm.5p1b.jpg"
      4⤵
      PID:1812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-muiaa8.jfygr.jpg" "
    3⤵
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-muiaa8.jfygr.jpg"
      4⤵
      PID:4940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19jgiu2.6wsgh.jpg" "
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19jgiu2.6wsgh.jpg"
      4⤵
      PID:3568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kd9da3.mz8e.jpg" "
    3⤵
    PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kd9da3.mz8e.jpg"
      4⤵
      PID:4292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zmgg67.so7h.jpg" "
    3⤵
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zmgg67.so7h.jpg"
      4⤵
      PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-5nourj.925qd.jpg" "
    3⤵
    PID:2768
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:772
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-5nourj.925qd.jpg"
      4⤵
      PID:3012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-krrzjy.pot5f.jpg" "
    3⤵
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-krrzjy.pot5f.jpg"
      4⤵
      PID:1976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-11adw36.pmvk.jpg" "
    3⤵
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-11adw36.pmvk.jpg"
      4⤵
      PID:2856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gxbffo.hqncq.jpg" "
    3⤵
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gxbffo.hqncq.jpg"
      4⤵
      PID:4744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1l027l9.5hsk.jpg" "
    3⤵
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1l027l9.5hsk.jpg"
      4⤵
      PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lt74n5.bzb7.jpg" "
    3⤵
    PID:2852
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lt74n5.bzb7.jpg"
      4⤵
      PID:1292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1pl5y82.q8j7.jpg" "
    3⤵
    PID:4204
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1pl5y82.q8j7.jpg"
      4⤵
      PID:4208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1abs8yf.pcul.jpg" "
    3⤵
    PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1abs8yf.pcul.jpg"
      4⤵
      PID:3500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-649syj.3tduf.jpg" "
    3⤵
    PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-649syj.3tduf.jpg"
      4⤵
      PID:1732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-lc8lq1.5gq6.jpg" "
    3⤵
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-lc8lq1.5gq6.jpg"
      4⤵
      PID:744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-f1dxp6.ojwk.jpg" "
    3⤵
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-f1dxp6.ojwk.jpg"
      4⤵
      PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1gc6bv1.youhh.jpg" "
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1gc6bv1.youhh.jpg"
      4⤵
      PID:2684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-137jjf4.ip5v.jpg" "
    3⤵
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-137jjf4.ip5v.jpg"
      4⤵
      PID:4744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1d9cjy9.yasej.jpg" "
    3⤵
    PID:1316
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1d9cjy9.yasej.jpg"
      4⤵
      PID:4192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14d3brw.9fcj.jpg" "
    3⤵
    PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14d3brw.9fcj.jpg"
      4⤵
      PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-mkrlr8.ddrh.jpg" "
    3⤵
    PID:812
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-mkrlr8.ddrh.jpg"
      4⤵
      PID:2924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1d63izn.59f7.jpg" "
    3⤵
    PID:4628
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1d63izn.59f7.jpg"
      4⤵
      PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qeq3uq.1uj0g.jpg" "
    3⤵
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qeq3uq.1uj0g.jpg"
      4⤵
      PID:3916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1i96rdx.n7o5j.jpg" "
    3⤵
    PID:740
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1i96rdx.n7o5j.jpg"
      4⤵
      PID:808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-hpfj96.fnuxt.jpg" "
    3⤵
    PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-hpfj96.fnuxt.jpg"
      4⤵
      PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-luxi56.nr4y.jpg" "
    3⤵
    PID:3376
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-luxi56.nr4y.jpg"
      4⤵
      PID:2856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1f368d7.rdc3i.jpg" "
    3⤵
    PID:932
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1f368d7.rdc3i.jpg"
      4⤵
      PID:2712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-f5qfsx.wyx3.jpg" "
    3⤵
    PID:1548
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-f5qfsx.wyx3.jpg"
      4⤵
      PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-36nci4.k3qmq.jpg" "
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-36nci4.k3qmq.jpg"
      4⤵
      PID:4372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-axq6uu.e2z2o.jpg" "
    3⤵
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-axq6uu.e2z2o.jpg"
      4⤵
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6ideuv.sr93o.jpg" "
    3⤵
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6ideuv.sr93o.jpg"
      4⤵
      PID:4736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1wnfte7.vjng.jpg" "
    3⤵
    PID:4292
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1wnfte7.vjng.jpg"
      4⤵
      PID:4100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kxx0m3.a18mg.jpg" "
    3⤵
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kxx0m3.a18mg.jpg"
      4⤵
      PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1x5alqf.r5tp.jpg" "
    3⤵
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1x5alqf.r5tp.jpg"
      4⤵
      PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-sdal5x.e74hj.jpg" "
    3⤵
    PID:5108
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-sdal5x.e74hj.jpg"
      4⤵
      PID:2856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-xwr6x7.hbgfc.jpg" "
    3⤵
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-xwr6x7.hbgfc.jpg"
      4⤵
      PID:4040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1m853mk.n19a.jpg" "
    3⤵
    PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1m853mk.n19a.jpg"
      4⤵
      PID:3192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1vdf8ab.hz6a.jpg" "
    3⤵
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1vdf8ab.hz6a.jpg"
      4⤵
      PID:4656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ffo4dx.tnuu.jpg" "
    3⤵
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ffo4dx.tnuu.jpg"
      4⤵
      PID:2016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-nr89q5.cy2sh.jpg" "
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-nr89q5.cy2sh.jpg"
      4⤵
      PID:4160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ptxvms.t8ix.jpg" "
    3⤵
    PID:4728
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ptxvms.t8ix.jpg"
      4⤵
      PID:2836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ggcnzc.kz5q9.jpg" "
    3⤵
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ggcnzc.kz5q9.jpg"
      4⤵
      PID:3484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-154sdlx.u0zq.jpg" "
    3⤵
    PID:808
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-154sdlx.u0zq.jpg"
      4⤵
      PID:3968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1gffei0.21yv.jpg" "
    3⤵
    PID:2316
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1gffei0.21yv.jpg"
      4⤵
      PID:1724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ke5a6c.eyw2.jpg" "
    3⤵
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ke5a6c.eyw2.jpg"
      4⤵
      PID:5108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-a8deoz.u6u69.jpg" "
    3⤵
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-a8deoz.u6u69.jpg"
      4⤵
      PID:4428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10i5q71.4gfq.jpg" "
    3⤵
    PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10i5q71.4gfq.jpg"
      4⤵
      PID:3504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-enrc4o.agvaw.jpg" "
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-enrc4o.agvaw.jpg"
      4⤵
      PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10c19ik.f9n9.jpg" "
    3⤵
    PID:4348
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10c19ik.f9n9.jpg"
      4⤵
      PID:2352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-18kncby.0y3s.jpg" "
    3⤵
    PID:4372
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-18kncby.0y3s.jpg"
      4⤵
      PID:1988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1dw9lwk.0qzl.jpg" "
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1dw9lwk.0qzl.jpg"
      4⤵
      PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1g5tfma.4bfc.jpg" "
    3⤵
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1g5tfma.4bfc.jpg"
      4⤵
      PID:3980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-mcep4i.9m11.jpg" "
    3⤵
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-mcep4i.9m11.jpg"
      4⤵
      PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4sfrat.f0nbw.jpg" "
    3⤵
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4sfrat.f0nbw.jpg"
      4⤵
      PID:3824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-160560e.br7.jpg" "
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-160560e.br7.jpg"
      4⤵
      PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-en9c9y.tfbuv.jpg" "
    3⤵
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-en9c9y.tfbuv.jpg"
      4⤵
      PID:3376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wzy757.jp69f.jpg" "
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wzy757.jp69f.jpg"
      4⤵
      PID:3064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-n4y52b.k2qv.jpg" "
    3⤵
    PID:932
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-n4y52b.k2qv.jpg"
      4⤵
      PID:3900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1fceure.0psv.jpg" "
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1fceure.0psv.jpg"
      4⤵
      PID:2356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1mgyhde.nw61.jpg" "
    3⤵
    PID:1488
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1mgyhde.nw61.jpg"
      4⤵
      PID:1624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10mx9eo.hcbsm.jpg" "
    3⤵
    PID:4780
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10mx9eo.hcbsm.jpg"
      4⤵
      PID:2992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-t1rhj1.07drl.jpg" "
    3⤵
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-t1rhj1.07drl.jpg"
      4⤵
      PID:612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-29jo3u.5ak85.jpg" "
    3⤵
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-29jo3u.5ak85.jpg"
      4⤵
      PID:2504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1agi4k0.td4p.jpg" "
    3⤵
    PID:4368
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1agi4k0.td4p.jpg"
      4⤵
      PID:4816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1r4a36h.amic.jpg" "
    3⤵
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1r4a36h.amic.jpg"
      4⤵
      PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-104zkp9.e8re.jpg" "
    3⤵
    PID:4912
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-104zkp9.e8re.jpg"
      4⤵
      PID:1080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15i8bu2.o07b.jpg" "
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15i8bu2.o07b.jpg"
      4⤵
      PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-3dw6yg.89vqm.jpg" "
    3⤵
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-3dw6yg.89vqm.jpg"
      4⤵
      PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gqh0zw.wgw67.jpg" "
    3⤵
    PID:4260
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gqh0zw.wgw67.jpg"
      4⤵
      PID:640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1iowdez.xs7n.jpg" "
    3⤵
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1iowdez.xs7n.jpg"
      4⤵
      PID:5072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1s7wu9p.hx2oj.jpg" "
    3⤵
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1s7wu9p.hx2oj.jpg"
      4⤵
      PID:2536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zuy1c7.nber.jpg" "
    3⤵
    PID:1792
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zuy1c7.nber.jpg"
      4⤵
      PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-w1wtv0.ldfli.jpg" "
    3⤵
    PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-w1wtv0.ldfli.jpg"
      4⤵
      PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1h3o9ss.pf5ii.jpg" "
    3⤵
    PID:2992
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1h3o9ss.pf5ii.jpg"
      4⤵
      PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19dxv4v.wlee.jpg" "
    3⤵
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19dxv4v.wlee.jpg"
      4⤵
      PID:3156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-lo8fja.tyc89.jpg" "
    3⤵
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-lo8fja.tyc89.jpg"
      4⤵
      PID:1732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1b2hpc9.c4ke.jpg" "
    3⤵
    PID:3864
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1b2hpc9.c4ke.jpg"
      4⤵
      PID:2592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ix6z45.m17q.jpg" "
    3⤵
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ix6z45.m17q.jpg"
      4⤵
      PID:808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-i50i1n.e87c.jpg" "
    3⤵
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-i50i1n.e87c.jpg"
      4⤵
      PID:1128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-unsyc5.4l84q.jpg" "
    3⤵
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-unsyc5.4l84q.jpg"
      4⤵
      PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-11ne05t.mmpp.jpg" "
    3⤵
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-11ne05t.mmpp.jpg"
      4⤵
      PID:3196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gzkg4p.2r96p.jpg" "
    3⤵
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-gzkg4p.2r96p.jpg"
      4⤵
      PID:2744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-pqsatp.i1rbd.jpg" "
    3⤵
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-pqsatp.i1rbd.jpg"
      4⤵
      PID:3324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-13tplgd.y1w.jpg" "
    3⤵
    PID:3528
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-13tplgd.y1w.jpg"
      4⤵
      PID:1384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1sk93lk.vnxe.jpg" "
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1sk93lk.vnxe.jpg"
      4⤵
      PID:4320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-yesd9z.h0q99.jpg" "
    3⤵
    PID:4372
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-yesd9z.h0q99.jpg"
      4⤵
      PID:3920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-r6agvf.j4w3s.jpg" "
    3⤵
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-r6agvf.j4w3s.jpg"
      4⤵
      PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qznnjy.w0gkl.jpg" "
    3⤵
    PID:4396
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qznnjy.w0gkl.jpg"
      4⤵
      PID:1688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bkcug.q80dhj.jpg" "
    3⤵
    PID:740
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bkcug.q80dhj.jpg"
      4⤵
      PID:3484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19oyfqj.uurog.jpg" "
    3⤵
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19oyfqj.uurog.jpg"
      4⤵
      PID:2336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-sow0ik.fe2gb.jpg" "
    3⤵
    PID:4104
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-sow0ik.fe2gb.jpg"
      4⤵
      PID:1628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2yiy6r.s3fc1.jpg" "
    3⤵
    PID:5004
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2yiy6r.s3fc1.jpg"
      4⤵
      PID:2304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1e0lk8k.4465.jpg" "
    3⤵
    PID:3548
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1e0lk8k.4465.jpg"
      4⤵
      PID:4472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-mlxjhc.5ypfg.jpg" "
    3⤵
    PID:4168
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-mlxjhc.5ypfg.jpg"
      4⤵
      PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1jsjal5.ca4l.jpg" "
    3⤵
    PID:932
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1jsjal5.ca4l.jpg"
      4⤵
      PID:2320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-fxsf9f.75fca.jpg" "
    3⤵
    PID:2844
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-fxsf9f.75fca.jpg"
      4⤵
      PID:2540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6xqyfn.sm3ij.jpg" "
    3⤵
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-6xqyfn.sm3ij.jpg"
      4⤵
      PID:812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-e50qau.1dgji.jpg" "
    3⤵
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-e50qau.1dgji.jpg"
      4⤵
      PID:2044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-45brd7.1sybr.jpg" "
    3⤵
    PID:4476
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-45brd7.1sybr.jpg"
      4⤵
      PID:1444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1meqj8e.18zv.jpg" "
    3⤵
    PID:4208
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1meqj8e.18zv.jpg"
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8d5xfp.oidqm.jpg" "
    3⤵
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8d5xfp.oidqm.jpg"
      4⤵
      PID:4188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hvg7q6.3vdo.jpg" "
    3⤵
    PID:1004
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hvg7q6.3vdo.jpg"
      4⤵
      PID:740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ggho0f.qzman.jpg" "
    3⤵
    PID:4792
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ggho0f.qzman.jpg"
      4⤵
      PID:4400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wqmgii.263b.jpg" "
    3⤵
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wqmgii.263b.jpg"
      4⤵
      PID:4104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-j8zfo8.m2pqg.jpg" "
    3⤵
    PID:2244
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-j8zfo8.m2pqg.jpg"
      4⤵
      PID:2196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14xipmv.7byq.jpg" "
    3⤵
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14xipmv.7byq.jpg"
      4⤵
      PID:3052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kxbu48.m519.jpg" "
    3⤵
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kxbu48.m519.jpg"
      4⤵
      PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4sp0v4.t38vl.jpg" "
    3⤵
    PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4sp0v4.t38vl.jpg"
      4⤵
      PID:932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1h9sdzc.88q2.jpg" "
    3⤵
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1h9sdzc.88q2.jpg"
      4⤵
      PID:3324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1szom16.3n21.jpg" "
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1szom16.3n21.jpg"
      4⤵
      PID:812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1bix9fi.3hqxf.jpg" "
    3⤵
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1bix9fi.3hqxf.jpg"
      4⤵
      PID:3640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-174aqb9.5wmy.jpg" "
    3⤵
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-174aqb9.5wmy.jpg"
      4⤵
      PID:2992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1gg0gez.cnrb.jpg" "
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1gg0gez.cnrb.jpg"
      4⤵
      PID:1680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-du63ow.grg6w.jpg" "
    3⤵
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-du63ow.grg6w.jpg"
      4⤵
      PID:2096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-67pnau.gb6op.jpg" "
    3⤵
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-67pnau.gb6op.jpg"
      4⤵
      PID:4736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1x0383j.2xcbl.jpg" "
    3⤵
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1x0383j.2xcbl.jpg"
      4⤵
      PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10p41cm.6i6j.jpg" "
    3⤵
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-10p41cm.6i6j.jpg"
      4⤵
      PID:2864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-fracuh.fs95u.jpg" "
    3⤵
    PID:2324
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-fracuh.fs95u.jpg"
      4⤵
      PID:3040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tnuch9.vefge.jpg" "
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tnuch9.vefge.jpg"
      4⤵
      PID:4288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2nbl4o.b44ah.jpg" "
    3⤵
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2nbl4o.b44ah.jpg"
      4⤵
      PID:3220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19w2irx.2rjy.jpg" "
    3⤵
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19w2irx.2rjy.jpg"
      4⤵
      PID:4656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-16ifvqk.p7exl.jpg" "
    3⤵
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-16ifvqk.p7exl.jpg"
      4⤵
      PID:8
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-o5ndg7.iuf8h.jpg" "
    3⤵
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-o5ndg7.iuf8h.jpg"
      4⤵
      PID:2356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1rgq0ra.87r9.jpg" "
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1rgq0ra.87r9.jpg"
      4⤵
      PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1dow936.hf68.jpg" "
    3⤵
    PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1dow936.hf68.jpg"
      4⤵
      PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bwdc6z.m7xda.jpg" "
    3⤵
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bwdc6z.m7xda.jpg"
      4⤵
      PID:1956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-plzsek.fsk8p.jpg" "
    3⤵
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-plzsek.fsk8p.jpg"
      4⤵
      PID:4544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4s7h74.55xdd.jpg" "
    3⤵
    PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4s7h74.55xdd.jpg"
      4⤵
      PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ucw7d1.osou.jpg" "
    3⤵
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ucw7d1.osou.jpg"
      4⤵
      PID:2704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hpv0cg.47wkg.jpg" "
    3⤵
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1hpv0cg.47wkg.jpg"
      4⤵
      PID:3260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-rzsz9x.ofvjr.jpg" "
    3⤵
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-rzsz9x.ofvjr.jpg"
      4⤵
      PID:2560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-grvokz.30154.jpg" "
    3⤵
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-grvokz.30154.jpg"
      4⤵
      PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1mdwuty.zcgq.jpg" "
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1mdwuty.zcgq.jpg"
      4⤵
      PID:4460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1khuq18.197w.jpg" "
    3⤵
    PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1khuq18.197w.jpg"
      4⤵
      PID:4748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-129lj4x.7gz.jpg" "
    3⤵
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-129lj4x.7gz.jpg"
      4⤵
      PID:3900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-101g6fc.5ecm.jpg" "
    3⤵
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-101g6fc.5ecm.jpg"
      4⤵
      PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1g0yiqw.4d8z.jpg" "
    3⤵
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1g0yiqw.4d8z.jpg"
      4⤵
      PID:4160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ymapou.99pgl.jpg" "
    3⤵
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ymapou.99pgl.jpg"
      4⤵
      PID:1792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1awbsv1.icoe.jpg" "
    3⤵
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1awbsv1.icoe.jpg"
      4⤵
      PID:4724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1v9me6o.d9nb.jpg" "
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1v9me6o.d9nb.jpg"
      4⤵
      PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1luql20.ta12.jpg" "
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1luql20.ta12.jpg"
      4⤵
      PID:3012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1xhrq2a.6vt8.jpg" "
    3⤵
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1xhrq2a.6vt8.jpg"
      4⤵
      PID:3880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-rjq3ro.hrr1k.jpg" "
    3⤵
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-rjq3ro.hrr1k.jpg"
      4⤵
      PID:1960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1uj0jce.xxjc.jpg" "
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1uj0jce.xxjc.jpg"
      4⤵
      PID:2196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8vxhsq.2y1rt.jpg" "
    3⤵
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8vxhsq.2y1rt.jpg"
      4⤵
      PID:2940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bg9k26.22w3v.jpg" "
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-bg9k26.22w3v.jpg"
      4⤵
      PID:760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4flpn2.g0f4z.jpg" "
    3⤵
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-4flpn2.g0f4z.jpg"
      4⤵
      PID:4748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-vmo78v.ie0b.jpg" "
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-vmo78v.ie0b.jpg"
      4⤵
      PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1m6pvfk.e27e.jpg" "
    3⤵
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1m6pvfk.e27e.jpg"
      4⤵
      PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-192fk79.awyz.jpg" "
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-192fk79.awyz.jpg"
      4⤵
      PID:4160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1tskbwe.k8ie.jpg" "
    3⤵
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1tskbwe.k8ie.jpg"
      4⤵
      PID:4404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oe7h9q.oshh.jpg" "
    3⤵
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oe7h9q.oshh.jpg"
      4⤵
      PID:4724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-177dzrz.131i.jpg" "
    3⤵
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-177dzrz.131i.jpg"
      4⤵
      PID:1732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-a24vce.wcl2b.jpg" "
    3⤵
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-a24vce.wcl2b.jpg"
      4⤵
      PID:2768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1fl1d4m.j2oq.jpg" "
    3⤵
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1fl1d4m.j2oq.jpg"
      4⤵
      PID:644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zipu0s.cjdxf.jpg" "
    3⤵
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zipu0s.cjdxf.jpg"
      4⤵
      PID:3824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kctjhi.vy09.jpg" "
    3⤵
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1kctjhi.vy09.jpg"
      4⤵
      PID:2196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zhqpuy.wfrzs.jpg" "
    3⤵
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-zhqpuy.wfrzs.jpg"
      4⤵
      PID:2856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-e7gt8w.iy1qk.jpg" "
    3⤵
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-e7gt8w.iy1qk.jpg"
      4⤵
      PID:3548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-t5wg24.j9m2o.jpg" "
    3⤵
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-t5wg24.j9m2o.jpg"
      4⤵
      PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1giu6dr.s1jx.jpg" "
    3⤵
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1giu6dr.s1jx.jpg"
      4⤵
      PID:4008
- - C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
    "C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4020 --field-trial-handle=1776,8346313879302311758,10971609972747785774,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15ewhhf.62li.jpg" "
    3⤵
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15ewhhf.62li.jpg"
      4⤵
      PID:4964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-9646j7.0rtma.jpg" "
    3⤵
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-9646j7.0rtma.jpg"
      4⤵
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ws6hs5.tcg6n.jpg" "
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-ws6hs5.tcg6n.jpg"
      4⤵
      PID:3916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2k03b1.8zphz.jpg" "
    3⤵
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2k03b1.8zphz.jpg"
      4⤵
      PID:4436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-inxu9l.obrij.jpg" "
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-inxu9l.obrij.jpg"
      4⤵
      PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tlrozm.io17.jpg" "
    3⤵
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tlrozm.io17.jpg"
      4⤵
      PID:4400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1xhqv8o.0plw.jpg" "
    3⤵
    PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1xhqv8o.0plw.jpg"
      4⤵
      PID:3316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-etkis.gwe63u.jpg" "
    3⤵
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-etkis.gwe63u.jpg"
      4⤵
      PID:1628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-nmqzq5.aitx.jpg" "
    3⤵
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-nmqzq5.aitx.jpg"
      4⤵
      PID:5108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lplooo.d3ns.jpg" "
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lplooo.d3ns.jpg"
      4⤵
      PID:760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2s6wpu.nbcki.jpg" "
    3⤵
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2s6wpu.nbcki.jpg"
      4⤵
      PID:2180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1uiy6ol.gkrr.jpg" "
    3⤵
    PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1uiy6ol.gkrr.jpg"
      4⤵
      PID:4008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qolert.d0fa.jpg" "
    3⤵
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qolert.d0fa.jpg"
      4⤵
      PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lkgupv.nbp7f.jpg" "
    3⤵
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1lkgupv.nbp7f.jpg"
      4⤵
      PID:2248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1d7qyps.m7e4.jpg" "
    3⤵
    PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1d7qyps.m7e4.jpg"
      4⤵
      PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14ra5zu.i03c.jpg" "
    3⤵
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-14ra5zu.i03c.jpg"
      4⤵
      PID:1696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1y4zfzz.wj7a.jpg" "
    3⤵
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1y4zfzz.wj7a.jpg"
      4⤵
      PID:2592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-p3c2i.dcacg.jpg" "
    3⤵
    PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-p3c2i.dcacg.jpg"
      4⤵
      PID:1128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15lwcm0.hk7a.jpg" "
    3⤵
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-15lwcm0.hk7a.jpg"
      4⤵
      PID:2864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1n9rxqe.tei.jpg" "
    3⤵
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1n9rxqe.tei.jpg"
      4⤵
      PID:1628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-stc768.e3oe.jpg" "
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-stc768.e3oe.jpg"
      4⤵
      PID:2244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8ly8nv.i450g.jpg" "
    3⤵
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-8ly8nv.i450g.jpg"
      4⤵
      PID:4260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tbz19f.tklo.jpg" "
    3⤵
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-tbz19f.tklo.jpg"
      4⤵
      PID:2320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oulsv0.zhjm.jpg" "
    3⤵
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1oulsv0.zhjm.jpg"
      4⤵
      PID:8
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qo8w4n.6zsw.jpg" "
    3⤵
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qo8w4n.6zsw.jpg"
      4⤵
      PID:3188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-12rkehv.736g.jpg" "
    3⤵
    PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-12rkehv.736g.jpg"
      4⤵
      PID:832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1214og7.ju0f.jpg" "
    3⤵
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1214og7.ju0f.jpg"
      4⤵
      PID:3820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1uh8grf.dm6z.jpg" "
    3⤵
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1uh8grf.dm6z.jpg"
      4⤵
      PID:1932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-9kiiyy.ylrls.jpg" "
    3⤵
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-9kiiyy.ylrls.jpg"
      4⤵
      PID:4436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-199w732.jtjx.jpg" "
    3⤵
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-199w732.jtjx.jpg"
      4⤵
      PID:2820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19xub0q.izrzi.jpg" "
    3⤵
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-19xub0q.izrzi.jpg"
      4⤵
      PID:2752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1l4qdnb.p6ogj.jpg" "
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1l4qdnb.p6ogj.jpg"
      4⤵
      PID:4104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ok63j9.fc5m.jpg" "
    3⤵
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ok63j9.fc5m.jpg"
      4⤵
      PID:3420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-128nn7h.xdha.jpg" "
    3⤵
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-128nn7h.xdha.jpg"
      4⤵
      PID:1692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1q0nnkp.64k7.jpg" "
    3⤵
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1q0nnkp.64k7.jpg"
      4⤵
      PID:1400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wtcjsx.54oir.jpg" "
    3⤵
    PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-wtcjsx.54oir.jpg"
      4⤵
      PID:3208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qw1ytz.tm0pg.jpg" "
    3⤵
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1qw1ytz.tm0pg.jpg"
      4⤵
      PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-njyni.fbekej.jpg" "
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-njyni.fbekej.jpg"
      4⤵
      PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ow0rco.0k00g.jpg" "
    3⤵
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ow0rco.0k00g.jpg"
      4⤵
      PID:4300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-16n67ia.6rovf.jpg" "
    3⤵
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-16n67ia.6rovf.jpg"
      4⤵
      PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-quci11.zbvdj.jpg" "
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-quci11.zbvdj.jpg"
      4⤵
      PID:1956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2212pp.t4vdz.jpg" "
    3⤵
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-2212pp.t4vdz.jpg"
      4⤵
      PID:1852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1vs3bjc.8znt.jpg" "
    3⤵
    PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024317-1664-1vs3bjc.8znt.jpg"
      4⤵
      PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

Filesize
862B

MD5
f3ac7a0e31b9af1b495241eff29915ad

SHA1
286fe23eba741cd3fca3f3e9a919021946655392

SHA256
f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a

SHA512
b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024317-1664-161jy8w.l0rkl.jpg

Filesize
83KB

MD5
5ae5810db188bc8fd21fb519254e19ea

SHA1
d3e7d47b8d40b4d2d827f8912d695654cc864ff5

SHA256
854b3261a8259c5a6e52ccd589c3e88308162ef9547c33249fa75bf6f8e25c85

SHA512
38f50cd2c3dd29b95930166c8b6144f92444718b6b55ea520ca1c0a0e96e29b3fc45dca8af41b02895accae5a357e857bab8fb7b9ecd7c2f307c0f7b12338302

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024317-1664-1ibupgu.rm0ul.jpg

Filesize
83KB

MD5
3108539a4e127876fa0f6d90219f5189

SHA1
c555c334bbd01830d7f377ff64cac8eaff48d393

SHA256
9a4862c0934e271873447502bb93a237192d97b20dde3154679a9f64402cdd51

SHA512
9585318f356bcbddda518e6a42e168fe0628e71098cac9224e2017a4fc8b8cb47c77383284c90c56aae64ff6231167430a943236a2add1716d2e1a58f2f2f7ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

Filesize
8.3MB

MD5
75135e6d0085ef8f446dc57fbbeb032c

SHA1
04c2d7bf31b38b4c88629cef2c1eb4c35df75692

SHA256
9722c3730566c17370138de7d02e5983e1dc81fea31bd63eef034092f61a6dc7

SHA512
2076b7f29ffc2fc0af40df77771432f48981061354fa8574559f04546e87b5b524eb8b3cbc75fad66340b12383eddae6cb4b604cfc5fcc49daeca2b4e4090f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

Filesize
8.1MB

MD5
81c8e1036634ca8dfb34636758965272

SHA1
7d0fe6e80c414e8954fa55c99e3c53a9a168a803

SHA256
e1339c42cc5f6278c8de299d4b6d0bed7e27053028dbbc2775794d08e8c75053

SHA512
2b78e688847eb67ae07a0f03a393696ae6c340791c30999a1b31e1e2ed973a3aa9b0614beab0dd3f9bccb188d3c9be64d7ea0c88a91bd2871c5adcafe1922088

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

Filesize
6.9MB

MD5
8b9ca8fa15609e8fa8a7e3cd63cafd14

SHA1
04e68e3ccd73a8d6d6ace40e6e2dd568020a455f

SHA256
40d6194470ab8d9739fa77751556935c57f7e90d41f385baea8312e022e309bb

SHA512
639e41ac8612f943da0c63cbd0c99b4eb477c1df841313a7cc6b35b1df63aae24f24a786b4f4b548c98a301a7a3b71e96b34ee008ba481b652b0a9cdee1262d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

Filesize
7.4MB

MD5
09268fc0a0e95243e18c15c299eb95b5

SHA1
efe2bc2d4bc573f360ff156d13c9cf1110c80c87

SHA256
7f056f7d360fa1ffa07ef133a49e4fa3b822477cd5e99cfca97bcd8c6529c928

SHA512
01748f846f3c01b9da5bca62569b2e6517401200f2b04371f5a5396e3cea857c6b434c0b01c9623f4cb9ebf236b0823f3266c2d71405cf18e6290d0a54c08411

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

Filesize
6.2MB

MD5
f05cd8c210ddac3ef122e55894666f1b

SHA1
df51e81ade0b7a8e5decc886c63a489e092e8f44

SHA256
e93fca7c24569e81ee63ade26b60e4b94ee68fd190df660b7657c0cfbc7be016

SHA512
09f4aeae3fa4b88925b0fb38ce9552b6f4a47aaff52cb6d550dc80e8af29a3ebcc9552cbb1e3514feb4a161c6c9830e64727c42eaafb3c1ba43f7fe62d616160

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

Filesize
8.1MB

MD5
dd13c625765cffb28bb8c86244c48491

SHA1
6b69d7d0e0f79ea4b3570dc7655eaa3d0c8c3745

SHA256
6afc4bd67ec04531b6dcdd34867b3d8db116e4e5e2cccdb6fbaf9961c6edb49e

SHA512
c518cdc9c2b4ebc4abc3112ab348c83ca2adbaecc20e810072609c6d7986b6daa72772a4048e46158135a9efbe040a829c2e92fb2ae69ee02556972a1cc20e53

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\chrome_100_percent.pak

Filesize
138KB

MD5
9c1b859b611600201ccf898f1eff2476

SHA1
87d5d9a5fcc2496b48bb084fdf04331823dd1699

SHA256
53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

SHA512
1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\ffmpeg.dll

Filesize
2.6MB

MD5
12cb29b61007fd6cd166882635241038

SHA1
31bacefd2d7238fb5ac77f728bb39a27b400dbb0

SHA256
2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c

SHA512
cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\icudtl.dat

Filesize
9.1MB

MD5
6290b0cdebab3776df14c1d96487b7ea

SHA1
01cd53efbcca1a0920d7a1038c93b10049461b41

SHA256
c485192cedecb2c17abfa5a54fa2a5316fb5558e717dc2117280b8f80b96c151

SHA512
6080757985c4a03e9a534d679964706142539a40a4166955834a8a6ec980c82466dccc43e6a764fe5a9cf8784f2479ac890ec89ec32b527a98b0dadebfc91699

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\locales\ar.pak

Filesize
185KB

MD5
d7eecfb7cc52b3dfb69d8047dc6aa12d

SHA1
fa5e4e98395c4bb14259c2e3c36fc84b55f0c3d5

SHA256
e38cd21fb917db4671ab331ee505948e109e2a0c6a2f3ad0e64d09863efb7df8

SHA512
2ebc6f7749e50bb3a9c27d2235be1478fc2d58a7b6f5c4cbbda09ad4f28ee3873881dda16ea668eeb63dd259a23ac68c73e4ab4295d51a22c36284d9c8667ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar

Filesize
8.9MB

MD5
5a528a884cd773e6170786bd68802961

SHA1
5f75bcf412c54229f54728509e2b29785c248648

SHA256
c6fe63c6e20ceb47b85d4dae6f40c9bd4e21ab1466dd89a74a5af57e406a1c97

SHA512
a022bd7875fc5d18e88207d47e0b9968a4e406fb9d3d49cf12bc39d2e729f99e23af46c10a0cbfef7e23d233e2d5010a6834f17d9dcc5823d85d5b96e887fcf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\v8_context_snapshot.bin

Filesize
656KB

MD5
c384ae622a7a6c7ec328678af12922c2

SHA1
25165dcaf78d3d29a16e4f979370e0b009ede240

SHA256
977a027c50bd79e93ec015fbebaccfaaa8885b88c76f7e5a2c33337d6d5173c3

SHA512
d0571f5e18dcf14a591a76243d52094bb843b0779630f31cbb66fd738c1c35d10bb7ef751eb01a953305ee19f2777f4d3ca6f9b132199b2af357c0b03185d9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\4cfdb056-9033-4b8c-a747-b4d5e9410cc5.tmp.node

Filesize
163KB

MD5
b0e113443ddc1ee234acbf0eb0e6f8a0

SHA1
84cc562b82570ec05df6dbbfc8f29fbb16ec68c7

SHA256
8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215

SHA512
306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\64c6b5a8-c18f-41f5-ac08-15cb3a7857c3.tmp.node

Filesize
2.7MB

MD5
08b28072c6d59fdf06a808182efed01f

SHA1
35253af00af3308a64cff1eda104fd7227abb2f4

SHA256
7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5

SHA512
f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

Download Submit
C:\Users\Admin\AppData\Local\Temp\83cd2dde-6766-407e-bb00-afc312eef24f.tmp.node

Filesize
652KB

MD5
1f86d23226fffe71b8784029d8c5125b

SHA1
9cc9bc5a5ca25a682746480dff1677d0ff5ec16c

SHA256
265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd

SHA512
4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES9D98.tmp

Filesize
1KB

MD5
e0f8b2ff83360b2f1451614afc48a71c

SHA1
e2ef79367ae4365b872c41b432cc5578fcceb656

SHA256
97342e9161b5c2301421f1ba712e40ddd1a15a82b65975d549192bdff2e4c9a3

SHA512
f927d324a232127fa0d16c0a745190887354f2092354cda36a9e5236945cd98b2720a32eb588084eebcda0f8c2e5c270c0178a853eec0fdd13f5d7f54def2492

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

Filesize
240B

MD5
810ae82f863a5ffae14d3b3944252a4e

SHA1
5393e27113753191436b14f0cafa8acabcfe6b2a

SHA256
453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c

SHA512
2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

Filesize
231B

MD5
dec2be4f1ec3592cea668aa279e7cc9b

SHA1
327cf8ab0c895e10674e00ea7f437784bb11d718

SHA256
753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc

SHA512
81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\EpsilonFruit.exe

Filesize
8.6MB

MD5
3c8a5fe94ee5f001a65d07786b6e439d

SHA1
224031b7a06f894721c0a6a1a00337c9602c133c

SHA256
573a09ad8d0ae2da9ac1a9113e16d6930bca689dcf14c1d5b37efb9033e8fcba

SHA512
bdf6436a0e6463a770cfd82434fe90fdbf96f8b4def76492b61d2466949da356d499c259c1950dc7758df5957eb32d6c786f7d5b6e68f889eae0b97b7e52d310

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\LICENSES.chromium.html

Filesize
5.2MB

MD5
df37c89638c65db9a4518b88e79350be

SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50

SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463

SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
b51a78961b1dbb156343e6e024093d41

SHA1
51298bfe945a9645311169fc5bb64a2a1f20bc38

SHA256
4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

SHA512
23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\icudtl.dat

Filesize
7.9MB

MD5
b5d0676da3673a62550cc7b1a7e99467

SHA1
f84036def2cbaf7ebbbc11755fe4909412d5556a

SHA256
9970837589db322f4d4de3e0b16fca22ede72f7e88762ba978baaa44334a4493

SHA512
2fa395c6098d1043f3d82ceb854298b99500bb8c09c85ce11795bc018840537f0463eb92cc49279441ab48be50485710ae6280802883c640853b522755585c96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\libEGL.dll

Filesize
437KB

MD5
979b72ca6e98fc7fdcfcc50d77906fb5

SHA1
dc4b874f495ed73c90b39feb566a48a081371c4b

SHA256
73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9

SHA512
bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\libGLESv2.dll

Filesize
6.7MB

MD5
5300049a47fd88310ef94f9e37eeb247

SHA1
89672d16382a75781eeca002c850c17cfc46e851

SHA256
33863ea4047e4eaae8f24bfa3491bb809d4c3d44489ae2bbe5e3af9e5cc1fe50

SHA512
b38ef83cb40923654ae1efcdb8af63e1fb47f640a0cbeac350b97f24da1365da23d757cacef1f9e994ace0b076b4bc1408644347aec3c94995bb27d184a93c09

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\am.pak

Filesize
180KB

MD5
b319cd4192f5bd03bab4644ee51e4ebc

SHA1
49c52f43f542022a97d2ae18a56a266deb901496

SHA256
ab1d0f3bedb5806fa7268773b6193928cdb40e641d8563c14df1bf962434d5f2

SHA512
3fe8284422bb7de7f2e3e121b8657b7686586d597b4d453b2e38f119fd25bddd61c1218f22cc8e4bbf37f393411bb866c0d6c166207b5bbfeb45f5459e29e370

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\bg.pak

Filesize
202KB

MD5
8448caa7a70f74dc0c6e453e7487bedb

SHA1
a7f67df94ee9532d26c6e6e827d61414f4516d0c

SHA256
19f49a247dfa1328799a1be9a556d940618ceefc04a5dfd813e5c023d086a41a

SHA512
337293839e64f514152c7558f2d1cbb301730675936ecfc11242d1346c9da535896dddaa8ad563a40303cdc8884f80af679c324b31325d40b7141a8738ab14bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\bn.pak

Filesize
261KB

MD5
124d35950327fec461c07dfb6dde72eb

SHA1
f3d7791dd6bdf88f65a62ec2e8170ee445b6a37a

SHA256
def934201f35a643c8b097be42fe86f2a08cef5523cb61e2d94cb33ae373f502

SHA512
05a993c9ba52083b8a7f0b3662eb8e4a873d23f309d334cb4e4088fa5e33d8503fdc6d19f247c4920cdd91a165995c514b2a061c26fc44f89e864516ffdde9b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ca.pak

Filesize
126KB

MD5
90d8b16ace2fc684d0ddde0d71f64831

SHA1
ead7dbeffb3c102d3547c8c256135991b547ade9

SHA256
020350f4a902c79e0f1f5366e209b2c309ac51b6e72d9ccf51cdde2fab756e3e

SHA512
bfeec65e7c001d7a29c18e6bfc2b4c6688c828419d0e9823d524a7b35c24a3303c1cfb8f14a98d965d4ab41c5110842ec64cb7a2928309b0bd31291e85b168b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\cs.pak

Filesize
129KB

MD5
2c9e55ed46954a8eaa27105f3f074ca2

SHA1
bb4a36964cd1e8f140c9937586b5215fbd7a9632

SHA256
86f1847450d5c341893fa097fa6d4e0964963c0c2466a985d014dab0b65f34e6

SHA512
cf7141a3db9d44c0940e88ded1f326b5ca4031d18f8a8236b313c6a6c41289e9dfd12c3367181edcbd5425deb584b082df004bd6db0ca55a1da151703af575bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\da.pak

Filesize
117KB

MD5
66e780528890dc0f484a3d6938ac281a

SHA1
5f46f7915cf101b88d29213b457f37e24d5a083e

SHA256
e698945093c1f562d0e591c03d9670a9b01d0eaa56a2c80c1d12d91d88b7b407

SHA512
9cbc2b054bd3f9d39050a4a189fcf0127a43b9991ecdc9453679c53b38cf8a25138057648a756e01fc9b4825c009a8894ef68b94faca83cd35d268fb05556af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\de.pak

Filesize
127KB

MD5
8e560e240bb79e453167f70409226619

SHA1
bde183d2191d42797a300f0c4cd83e1db278c928

SHA256
61c4a4b5c309128ba86a5345db04798be0680905543c6986f7b3cc4b1ba72729

SHA512
5564555eb203fe86e9630dc223e4012c7e3501d68554b6b7138a3c6064d39b868e7e2e0e8b994169e918e9c6f67066440b89c7ab10f48731a84fab84c2e7ff82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\el.pak

Filesize
223KB

MD5
b3724a4dcb17bd341da403acfdff0bf5

SHA1
05fc9eb29381f1befbafb937c564a87205779264

SHA256
0adb6e5173572ab4a3df5671cf053196f158294bc1e07275a7e6fb6d8da81b06

SHA512
3ccd57eb43840573bbd7e6d8b24028213acf58040b2795a975ca4750e4a9500d8af74bebac1b47f2d9b87204c68707d53b0d927c0aeac1fa1bfdb1c899e66f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\en-GB.pak

Filesize
102KB

MD5
05f7b55019ba0a9da84073cec0a954c3

SHA1
b46462fa8c614161ec42fa791e4ce3163c92ea8c

SHA256
a690e642a6b781efc3da2e8c83e554d6e8b9ae6ac34f6f0a4f327dd9ea7cb7f1

SHA512
30e93503db60b8c7a8dc902efa960583316cb83337eca102f0bdafc47d3b59ad5ea1eb99b5b9deb0ff66345d551485963e4c61ce555298880aafcd298057fd34

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\en-US.pak

Filesize
103KB

MD5
b58cb46758c6bc8fe4385ec2ce4e50b7

SHA1
34026e96e02220cea46a31c2319f695ca2e0a914

SHA256
e34c459684971971765943e8b5b2d1751b329a9502f0fd6649679823f725b8c3

SHA512
702384f9d6d77da08fc8c49a5f65957c56e363e1ad37f9d0611092d248db1f79636a6cf336e55669e002194f589f584b5663b4d77e54fa95e18f84eb4864d7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\es-419.pak

Filesize
124KB

MD5
f9958dd6ce0ce1acea070bbf317b1160

SHA1
0dbc4020e505a053cdbe6a0a9506829498a8a25c

SHA256
ea868929f537d48e846f86020762c59c77a0ec67765c3af22e08fcc853f94c2e

SHA512
35a6e5fdff6b4e3a076eea70b7c551f1d303b4db4e63aabbbde54b4fefe40d750a03440bed7851f12750661ff8b87c5ce3382b0c71d0e171f729a7a82f968cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\es.pak

Filesize
126KB

MD5
09e0feb85585bb4a220a3ab3f21adb9b

SHA1
e564afb37d5f5305585ad1081a26b34ebee73ccf

SHA256
cf7ea140dceac78042e0d35da45a4fe732eb04e1d2b138bee4cc2dc5e7e9a0fa

SHA512
8317bd2b4f509edabac1a74ec32bcfd54b14598799537d90178ec349cd71fe967d5c677403c85e305a6f2e94722c20a83e65c0bdb29a6265c5355683856f4ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\et.pak

Filesize
113KB

MD5
3ca246cd997a68bb4a6daa8b3b81908d

SHA1
842bf5f6bdd29ccccb24ea412497acdb37a5f805

SHA256
25c1e1306160779466d8c039ea296db65d12dcf21d2ad794a36ab62b1a7901fe

SHA512
32135a0c29bf666833292b557634d4510c185f711d7ad8625e981811ea082dca0d1714f481c9c8ce8b3acefd18469093d48fc05bc0160ffb87d1e2b90f4cba1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\fa.pak

Filesize
179KB

MD5
46412682e8d0743714fc28a520aeb35d

SHA1
dc6bd723efd460a56d205bc199e3be4c98698ba4

SHA256
9861d5260b98b384603ef02e97dac0295fd255e550b57fd427bbef24b1cd7b17

SHA512
c77c5344c6a7af4035f865aa7e3a3aaab39b11c4a3bdd94aa99f15dbc6ec7cf4b6057ff48fd55e2ff41041728fecf80dcd488578dc1db249ab1b7598fa438f14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\fi.pak

Filesize
115KB

MD5
a3b5292c5e2e981dc4ce9504f638a542

SHA1
6cf480f3d7cb5df71bdd4089a1821f2eb2dacecc

SHA256
f4f2438a3810ccda4740442cdd964e43883cdeb820715cbd7be03cfa6b1e55ed

SHA512
6ed819896e2aa72d73bd2af731f7f714119fbe7d1fce5909d1a9d9ecb99c6369505e6d33f1f9ebadcb0da608f9aec365bc6cb5f6e22373d577cced7e317772c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\fil.pak

Filesize
129KB

MD5
7c3df3c13393e1b24e4e96f2b9082a6a

SHA1
caae1c99b589e14184e9f2c89f698a2558f4ec3c

SHA256
27196aee4a6248bee44ea2b5a3de90ccc2cd53f8ce1beeb796aa4d7e25bd43ae

SHA512
2d85d37d9560cd6ff460e32c3c569851ae28d794b5319ce74c010cad527c4004e54c993d5440bd22d6e51d86c4c4683f8db03c38abca4839a10e2efe46ae35e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\fr.pak

Filesize
135KB

MD5
a17cca5f1db7cedccda9c5a7784bebd0

SHA1
c5e0a0d24a14a535406886c00ad10d20638341b4

SHA256
e8da96855f7238a6ee3162b08d46e5ab84d98179dabf535060ef5fccdb36bc79

SHA512
0bb2217e44f1c8cd9e4cc2127454e1fd137c6fa101914bd230b9089d6317f599c9dfdddafe3d5cbc0fdc036e7b4f6e5cb528bddc572b5e26c8e0322f1a7d0b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\gu.pak

Filesize
252KB

MD5
10c1dc999bc7ab62e1f26b0497afa7bb

SHA1
68da1055b8acdf016b152a2f401322d3d76885b5

SHA256
b9690f3c550deb0827e409015abf3bcaab01c9acd33e96932e85ac84ff4c7831

SHA512
c10a956fdfab446b74f1dd2a169201f0b7ddc4ff1d7a635b9c81f07942ea0d34ea327e2e7f07e3a672ac85c8b8ce7a0e871d02946da4fb5e8e75713e56cbce61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\he.pak

Filesize
155KB

MD5
5db44f8dc63c819b0ae2a5458e36447f

SHA1
6b440ad4bdef6acd31ca8be5d085db26a49a209b

SHA256
bee5f133cc85f8ca280f9f41df6790aa65161fe8dac8dea7e26fc609240e84a1

SHA512
cd0d104597c5c926480443b5d1a16526ec0e48c3d6dca6233ec7cfa63f01f2f5674d9ac9a86a45b789a94fcb3b63aeaf92351bac2f4920a25dd8d4fcd1edce19

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\hi.pak

Filesize
260KB

MD5
815dfb3eeb9a69919ecf2562b6d4ad34

SHA1
2d0fb4c2a19b7a991974783b51b13c7b3610b686

SHA256
a480e95a5cf338a90f7d077e4147f45696db9ad6e8cae1765ccc5ef05fb48505

SHA512
0e6c8374ed7f6f3b523c2dd5455b598ab0650da8ce3a8243a1a42c6327db9a694947a508a90edf95685c84120cc73964a16c7ec49835ea398dcc6186d08ef1b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\hr.pak

Filesize
123KB

MD5
ebdf0ad52e9a0f8c8735614775ff5a94

SHA1
787feb9f703daa094814464b090aa5d36725e007

SHA256
b9c21e5187e8649157f5e49e014b8c285866ec839638344a31234b60a17e7d47

SHA512
e2853884687393fa2b0f8e4b27af5664c223fd5bb2862e5ef788f912771eb9d61e7ca1fc39f29ab679f49986b5a95b9da44727c69c99dfd3bb8ea2f4e974ada3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\hu.pak

Filesize
134KB

MD5
4b5fea4bd49738337ab10bb3f1e6bda4

SHA1
0f27220019e099b658a9c563995dc2b022fb1d68

SHA256
e526c9c9a8c4d27c432d3cc30766fbdec6c536b696a7ccb7e9376f0e55147b90

SHA512
4e271f8ca0028ff5b8a86e8610174739d2d2b7a267381562bbac3543d03f6895b3361c2f6fcfbcaea6f5aad1690e878ae0de5c905de12b213c2c5c396caafa66

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\id.pak

Filesize
111KB

MD5
39378b548f712608903ee8aa25db212d

SHA1
7f5a3466a4c8609c6bab7ed3dbc9fed52cfe1e62

SHA256
426a302448ec17e313724b38bda9ad4d5c031da48a1ed3690b547b51a06229a2

SHA512
7d2d823445316f5a63df286af2f1e28b90b8e3a04aabc835020b17f690d95f7ba2d0261876495345876cf826fc57dd0a9577e79af7e609adb8c71b8b4ff03550

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\it.pak

Filesize
124KB

MD5
5b03bfc915b62aceb06b9c670fb77e33

SHA1
9c88ef98dea5a7d7be8571354ad3c033033a40b8

SHA256
1f9a38c852c05577aba397c388b35037eec6b9d90593800b5b57bac437b42684

SHA512
b22c4db0b56c136e9263a15bb2a31a9213ac20321b189cb0572bd1f0b0b9989a7e698d94750d9c5d01557f4b247abf9a8cff1940bab03fdb737a8276d96ed1d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ja.pak

Filesize
148KB

MD5
640bb80728453be0104566caeeb8eb82

SHA1
362b46036c58421f4b0f9b2f714b21e244aeee44

SHA256
1bfb337c19c9d04bc53df2d2eca6b73c11df33b6fd07a6a3fce5427ef0f38cd4

SHA512
1bd764ec56166ac59fd2acb1ac81140bab2ba7f326c0bbdc9cd30ff6246fcdd98e49310b0528fb0d8a9256ac06ca3e145a3906a1815dbe395d989443650f81b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\kn.pak

Filesize
286KB

MD5
5a599f47d2e2ff1aaf4c8ccf8bafd10c

SHA1
32aa52f2e90348725eb619187272e9c5a7396bd9

SHA256
e55425a4ab6425f60a9389e5c19dcd5bf437816ae09a21cd53750819040143d2

SHA512
7ecb69b70d5782e22ef9047fbfa29c0778e894c5cd987d33d65e68616ba2a42a133abe16f2af70aee4fdcb34c7e8e3d3bc3c556c754a010132610628516ad456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ko.pak

Filesize
124KB

MD5
e2a95b73f9081efce223a180b7791c16

SHA1
addd6ac05707597b917ff9f7c3f7524be26df7ca

SHA256
afac9566a4e1fdb2be75faee46bf9182f81b85373d60cb583f1051b12d9719e9

SHA512
70eb91347c21f0e648e9fcf82ffbef5e3eeb6c0268f85fddc7ad4eaea2e22eadeab653476196240a75361505f40b0bdf8602b0f414faaa77354f0fe76ba4e09c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\lt.pak

Filesize
135KB

MD5
720c1b3c95e8613f2cd9e40f3d160ed6

SHA1
1ea62b51f1a2c80b92e3348de260032427a9c79f

SHA256
51027bfd566fa26cd561f9bbfd2b4a6d2e41e0ddd786b7338cecc43423b3e6d5

SHA512
32ad5243df09d642e058550d2ec58a8a8de00cc442da551c195958a95af7c82c4d2b63b27d474a065b0ced5680d3e005b2a36301d02fca09413e165089f47822

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\lv.pak

Filesize
134KB

MD5
fe9ff0063f35ba05d27cba720e2e69d5

SHA1
16a87c24f027eda9865df7090ac8023c7ae5b57b

SHA256
43bf3b7181b607d8769da6c2cf671e2a429439aee253dd774ab5bf5aa5fedde0

SHA512
794b1b87ca400798574be56cf8da9adef78f1f9f91dd42fb23e6355caf0455f8d982f2b3d9bc252673704375eb4ccf32d58ed1cbbadf8780590e5777ef41c035

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ml.pak

Filesize
302KB

MD5
a66617706e80fd5ff8ab6ba8dadafef8

SHA1
3718d0afa1bff72ad7164e41cb46981811583422

SHA256
51b2c600046abfa5774b85665d4c882daa3c90bad5559185f9335ff61f04fede

SHA512
4de6fabef9db34791d0d165b5064e68ffa19630482219e4c72e6dc0f9e9e56b1941297862bb2e267cc02c3d3327193a233f642b11cf74e1892270721a2d7dc74

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\mr.pak

Filesize
248KB

MD5
da44d4ade4c258629118dbf534f0c2cb

SHA1
d93756c9d2d2db7755b4b7d47042a451435cca7d

SHA256
fcf1d938863cbc4d4a1d62de0eacbfd17fee4a0f5a9fcc09627bc22a98e268c4

SHA512
827c291ccfea31799e2fd48ee35aa179006a7bb3420c0346b5f1291abb4560f84b952a2bae820ef129ad77719edb16873328e7f0d030f9e2970e0c620fe59328

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ms.pak

Filesize
115KB

MD5
63c4977a1e8f5ab37881705d084b47ca

SHA1
f716932d886b8a5441397dd6a8625cef88e85bcb

SHA256
8b18fef24ad28663e4dc5a5113a35111a78b848d70ea7fef4156ad75bdb4fea9

SHA512
3afd4f8db5a0880319b13009bcdc14892b8710b2ac91dea8641f1f632866ac564791f1d302e1208aeeb9977e613fefd6bc7c0a0fd5cb5d031a768362bc0d85ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\nb.pak

Filesize
114KB

MD5
23d5480b833f65f1f55cc3bbfbdf53c0

SHA1
639eff4556e4d6c879abf305176f23c014927042

SHA256
7ce821732e743c2da1f81527355226df11a21eec137940a034afeb34618c5daa

SHA512
b46b25a4dc294dab0f34e5ec733dfe7e1c73c6ce2817640a620e9a0c196292a7a4737f0f10806efba4d5831d5a2f0833925083983927b0d74cbc5c46e9c8b953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\nl.pak

Filesize
118KB

MD5
6e404adeb945cb7952a8c4129e098759

SHA1
a870715beab03f3a53c74b5aac2f314b517184b3

SHA256
7531e450f725f7ac75ceaeceb09155786d367a4456f4e71e7523af9219748434

SHA512
30917740d923ca25fb9f3c32bca100d58388f5c6d3516a29f3a39d1ca8ab3e4058b271224c8b9554479d91718cca3dc1c9cb08b38b19ccc36a0d57ed0146ab70

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\pl.pak

Filesize
129KB

MD5
def25f809c246d15d8a2f41a78b504c9

SHA1
4462b50e5613b1519987584d974fa0efd1812ced

SHA256
165005f81f071a315d0c4183fb3bc899e464c4cbf2dc450ffa09ae6bb5d517d2

SHA512
e6f17d5426ba98348209a51632db0cfe19287baf3752948bd76acb77b7eca51aae905adf7c316b17cc44856231d034f044cc056b0e0f1ce3b4999dea29597cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\pt-BR.pak

Filesize
123KB

MD5
7b7bf21b01ccfb27af8cd37d738f1106

SHA1
da1db09ee88c005610ed08dcde1b2cd73bcebd84

SHA256
1feb01da1f443fee8ff01c3b585d8f0ebe6a5e242483cf6f0f93088e76913e76

SHA512
ea0bf1357616fd33b41c7189eafd2948324bbfdedb043974dcd0f78693fe868a4d37ee2c0e979d9795cad63cbe70fba0794641beece737886cf92bc29622e464

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\pt-PT.pak

Filesize
123KB

MD5
b7598cb8f05f465909ddb0045d60162e

SHA1
b794c944dd5287e550a3e46bc9a0584d3d753eb1

SHA256
c338f6de946cca52c457d236037cf1c9f13b6c73796b713f390524f321b401d6

SHA512
a53e9d6af760c4aebd418de134ba23ebc27076b02082e9eb1afb1bb7ec93a45ea22a4961c49023d7ca8b2d3aa99462ec35180797982a481ae823ac19b4b96f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ro.pak

Filesize
126KB

MD5
1ab0cbe10cb7c3d5beadc7b04a881885

SHA1
eca1fe3842b4a1b070a0f9ba1a27fd3e6284ba80

SHA256
9a80b326b712debc0d6e9639b45352fed1c4a49ec37490b49b8506c636fd2947

SHA512
581e42422db7ead773990036ce49a5d2589f3af610604582a4820dcee1c37d2923fbace738a42cb8b87407915e1693bbca6a2234a0716c7c8d875ca30915289b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ru.pak

Filesize
201KB

MD5
d269143626296c69906523810139e9af

SHA1
43abe13a4837892644774bf06eb89cafec49ac95

SHA256
b1bd2d1cc678784ab73a691d4a3dc876be78eee0a30661ac2666a9b8ab864ecf

SHA512
76b0cc1841dba7d4b4175b0c10d6c36c7f3e8ea4ad0b4e4c091391e2754913cb6c02f0285b73372d604a395b23995998090a0c68b607b4106226b7ac67ceff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\sk.pak

Filesize
131KB

MD5
3ee3730ba0f6894f2651e4e1be37a214

SHA1
3a3adb77fcb6d0514a221e6671d815a1cb7a2c35

SHA256
23c8d9722e0a2e22fbc8ae1bebb9cff456fe026c986a211565fa9398376e64af

SHA512
000928407693007645230ab593a6055e6005e6c2cb362057ce8a1915ad96030a03b134ee20e3197daac9920c69df188867d3c5a603a3e36c2eccb0bdcd549206

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\sl.pak

Filesize
124KB

MD5
c20064c5c0dae644ce4ccc0a2234c128

SHA1
a50411c1431ae1f4fac74a34f1716809a0623380

SHA256
576891a9a61b9cd50024e507e93d32476332977db8e29ef3d46427015d4d26e6

SHA512
04f979cfc813c6b1d3a5d9b3b306c415529a1fb72e415e2742ee25ccebf04bbe3abca91bd66aa3633a97a1383f3c4b915319b8d0b25c0ef6eb8c2e08312dc01e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\sr.pak

Filesize
190KB

MD5
0cf9aea120b76672d2b5e30e928459c5

SHA1
0219aaa5d84847fe86762baa82b7b8b301239c9d

SHA256
b6aeb180462d8f312762a419b45c910929e2322d45bbf2b84b0871ccf7838945

SHA512
e79a0800571ab7b64602db4941b689231edb20d65a89272b7dcae53426b7811791df8f6ef174c83680a6adf931efc3d47f133b971254c139e8b04953b8a10979

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\sv.pak

Filesize
114KB

MD5
007d56b78104f7e245f7c84f07949f25

SHA1
8e3104a8c26f8418f44e19640d9babcd68a640c1

SHA256
e6c9329d7184190a0282f6440dcad5531f9656514a37b7dcb5a510ef17f3793c

SHA512
30c492d48aff33af8a0290cbe29864ff5c7d46dc50f5c4c6d5c96e6aa273926840b28b78958070e1534038e66c0142ab65153d32d28b56fb5dca28844370a946

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\sw.pak

Filesize
118KB

MD5
89c5dce32ff87d5fb2b8e815f7e4cbab

SHA1
ca3138ea6103a5ba39e35c53e980b44c9889d386

SHA256
ca8d57f632880f7b736ef7f8c5f35ddc867e50919b1f7d835bae76f823ebed13

SHA512
9e3ded0e33f9441f31e95317ac6a7a140ee5c63bea8b1bf8c03952804fb6783e61e7971d5cbe1c698d3c4067233b78bf37099054fcfe38b091829f5435e6d435

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\ta.pak

Filesize
300KB

MD5
3dcd0523ccad674f2e93de57ad0082fe

SHA1
fd4a28ee288a1f33ee7260ae80df93aae9718039

SHA256
72ef4527f01018c90c583e48f37d20bfa684012bc00cb9ab5ffa3e222b9c7f3a

SHA512
2ec95b89051b019e98e6a1852e5e89e1c985a10998af1cb2603e5766698a2880355d8e6b959e60e9edb84354e99d0286708027c39a8add816c172ad1efe35b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\te.pak

Filesize
279KB

MD5
1eccb7be373fc3144ada2df9e493cc07

SHA1
eef3e05afdf910671a046cf90291c17731bdb378

SHA256
bd0a936ab62ab6ab172a192b7c082b824706f6b3d88580a6b6be32809354fc2a

SHA512
ea30d14fb7c2ad54263e12eb8469e6b058afb30448900b55d944aa87e266d735f2a04d2f29303087f2d13f379483d681285182e6ad2bb25bf36e311828e2a08f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\th.pak

Filesize
235KB

MD5
1a66feba0d44231b935d83a7f36a09a0

SHA1
3e674234b10350ebec218c904a9c90f3edd29711

SHA256
11fd04f3b33d09041d646d34e61fa15b96c12dbc62e229b64306356de6155cac

SHA512
b7617094a6d27670c0720dc5dade4a866ecdd68c45c1b9e6dfe1c3074dd1957bd7459210d111ef33727122666b24c2449cce9f3e903aae59dcbe438b38c8a021

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\tr.pak

Filesize
121KB

MD5
2bcae092530d06fba9b23492ac4a1d6a

SHA1
4114af7364210a4bcd10099911083de2abc25d40

SHA256
65105386d6b52445fdc7660648259b43a04849a05035d749858d9f64d4209836

SHA512
e87778246b98d87f2f29e2abb02290b829cdcb753fd9b184fec61b0523452e262527432b73a11eba86d547ffce2ce00b4180ae8367419e2174b825ed290345b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\uk.pak

Filesize
204KB

MD5
ba2462d8b3b975bb265bcce6a3410cf6

SHA1
3caba82b3e14350a33711db68d98e6d211ac9fe5

SHA256
1dc63c538f6b96cf4e70284c078a6e18f58f599db2a2ec594da23b244944c9cc

SHA512
a46441e2c97032928dfc19b178cd3261887b7076917a4fe829083151c8298703c3921001cd62c630b35504444f069973605b487c954623ce16682491fccb7d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\vi.pak

Filesize
144KB

MD5
806b7d282e74565b95264ebbe6794d48

SHA1
3aabe2d802283fb9b3ef43932c1b7638ef6a1053

SHA256
7b4bf97b78a07422359b709ea17d1d6aa038e12ec420cd0fc7dce4b313fe4af7

SHA512
7380b7a2b239932d1167f194f81a1c867983fe318a1e48d246470de0c94837edd6c0a641e06f888e36ff5041fc2a69d19cf1a46bef816d07fd3ecda42b84e524

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\zh-CN.pak

Filesize
105KB

MD5
c82a124cc6e87ad403a67007b9c1fdb0

SHA1
1d4f1c0a3cda7d4a75a0f4035bc6d2718102f09c

SHA256
f597245963ca7b42b2a7e5e80af5258972002fd4bcd3a21c875e4051df3eb1a9

SHA512
5e45df31658039144316299879b4f1de7eb157fb830d08e8d93d3ccc2e033b1f8e2f59d29e11785ac8346988d5ba2afc373c01bc4a58ba3cc4439d9aff1ada87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\locales\zh-TW.pak

Filesize
104KB

MD5
ad19e8ac7f2b5e5f67b9f5671299d19e

SHA1
4a6936a4971c2b9a414f40de3eb5dafe1b5b3e52

SHA256
e30d22153e0860246c8c37855a385471ad1e74e1eadf56476a1ea980f9204d86

SHA512
4f283deaad6ef0327baf7cdfef063293d27c1746431261553a6c7925832fe77c8017c6d11f36c5ec657ecd3b563099c9e35bd2cbe52c12ee734f4bef9bffe077

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\resources.pak

Filesize
4.8MB

MD5
2db0729cb0a452b13400e0ad97a46a8e

SHA1
2aaaa7e0e932e7b46958214cce81d60099cfc2a0

SHA256
af41c2d4484ee3b86b63bde75f150bf67f78a6257d91b397b6b15d47b041e177

SHA512
967bcac22315ecbe76c5a1cec4439523a92710791ea6112aedeb2d294419714e7aab5526f868898c6c2cb83886dc98c694dddd314766c2ae373f55f3529a65fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\resources\app.asar

Filesize
9.6MB

MD5
1db94b9a25c01cab47298742e8a49c95

SHA1
dd88db63b7be72c155ca1626040f509e4469bb21

SHA256
79257cf2d9f8cea53a53a46a034c718a983cb73c65b910003f4e5ff5717644bd

SHA512
8a1b98f750408a1fa00ba7cb832ffbd8e8e9d36170c9c655128ad444f4a49a10168c892149f874ecf5a9a6ea5ba0184cdc72d6accd96d75bc28c949bfa13075c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

Filesize
350B

MD5
8951565428aa6644f1505edb592ab38f

SHA1
9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2

SHA256
8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83

SHA512
7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Filesize
3KB

MD5
d226502c9bf2ae0a7f029bd7930be88e

SHA1
6be773fb30c7693b338f7c911b253e4f430c2f9b

SHA256
77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f

SHA512
93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

Filesize
13KB

MD5
da0f40d84d72ae3e9324ad9a040a2e58

SHA1
4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

SHA256
818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

SHA512
30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\snapshot_blob.bin

Filesize
342KB

MD5
19f1e25cc7c427dbfb519ce6dc2c7e64

SHA1
5578aa048412482650bb51b04ccbf038155f5c8b

SHA256
b6531c8ff3a288d00e4625cfc5019ccdac9cb8a53e723792616aace3b27f90c3

SHA512
ef07c82a8a3f36bc8492d0c0a964ee57c3bae3188c7c67eb555b9d117739b5a09e44183dbf9f2cf17ac386d7d777b62b534b2f55edec977c75ec3d6b5b535620

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\swiftshader\libEGL.dll

Filesize
450KB

MD5
2ffc36c5555a36a4f26c1aa7a8108b4a

SHA1
2ec38b17a0e9d5b0a4c397921aa4430607d32edc

SHA256
f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5

SHA512
0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.0MB

MD5
41d3387761bbb79d4820e8d242561027

SHA1
27dfda8ce933af12578fb64f3171f40f56bace55

SHA256
ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5

SHA512
cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\vk_swiftshader.dll

Filesize
4.4MB

MD5
37bba2c66e2364a5b3e6666864f3b604

SHA1
f2ecffd48760482ba055aa50cd78c5ac02d09ba2

SHA256
23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46

SHA512
6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\7z-out\vulkan-1.dll

Filesize
819KB

MD5
ad4a5dcf631afd553b4fed8a269c7897

SHA1
f1bded0b28ee8aed4a52a6d19d871eba4828e0f2

SHA256
3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db

SHA512
8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7020.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Filesize
12KB

MD5
513d3b0cca07a4b9a006556090544e57

SHA1
825e05211ff5e253a8e5b8ba5c66af1946464f23

SHA256
a9596e71f24e0c3f420f12e87bbec856797b3866bba3a897970b20c22a1e2efd

SHA512
8ca9d54eec30e22c0fbb01b91081f7a65917e369f40f30f4b0ca687b7780820a2bc9c6f4972b936ba82a488b0a95be5885ae45b2fbf7fcad7897a2dc9c104576

Download Submit
C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State

Filesize
393B

MD5
f4a6efc6460607e88b6a538255926475

SHA1
0dbbcf37082133280a5f7e822afc1cf9465b3188

SHA256
9b9871ba8eb29d68bd041f81678f04278316c5fd772b30a4fad757ad34c2eabd

SHA512
06de17f881dbb63292995511c7644fb7a0b6a17d283af933380020e412b4a1f1de54b381da011f7711cbae5e458e0114970d3a303fba41ea62026b4b61a93e93

Download Submit
C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State~RFe58c435.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1361840983144B9F8075E98C19C290AC.TMP

Filesize
1KB

MD5
a6f2d21624678f54a2abed46e9f3ab17

SHA1
a2a6f07684c79719007d434cbd1cd2164565734a

SHA256
ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

SHA512
0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

Download Submit
memory/968-843-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/968-784-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1292-744-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1292-741-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1444-850-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1444-895-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1544-795-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1544-798-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1884-794-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/1884-726-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2008-880-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2376-780-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2376-718-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2376-713-0x0000000000AF0000-0x0000000000AFA000-memory.dmp

Filesize
40KB

Download
memory/2584-919-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2584-872-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2684-770-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2684-767-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2844-833-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2844-881-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2928-918-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2992-807-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/2992-810-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3284-890-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3284-847-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3384-790-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3384-888-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3384-787-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3412-731-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3412-728-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3556-860-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3556-857-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3584-902-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3588-865-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3588-862-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3780-763-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3780-760-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3792-1859-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1874-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1873-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1871-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1869-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1860-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1861-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1872-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1875-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3792-1865-0x000001DB36680000-0x000001DB36681000-memory.dmp

Filesize
4KB

Download
memory/3880-909-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/3880-906-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4068-885-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4072-899-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4200-840-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4200-837-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4320-870-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4320-869-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4452-923-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4456-911-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4456-824-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4456-827-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4472-753-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4472-756-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4516-806-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4516-735-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4564-774-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4564-841-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4728-821-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4728-816-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4756-804-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4756-801-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4916-852-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4916-855-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4956-829-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4956-876-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/4992-894-0x00007FFCD72C0000-0x00007FFCD7D81000-memory.dmp

Filesize
10.8MB

Download
memory/5060-572-0x00007FFCF7780000-0x00007FFCF7781000-memory.dmp

Filesize
4KB

Download