Malware Analysis Report

2024-11-30 02:51

Sample ID 240418-hyqk6sff4z
Target 0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe
SHA256 0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149
Tags
epsilon evasion persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149

Threat Level: Known bad

The file 0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe was found to be: Known bad.

Malicious Activity Summary

epsilon evasion persistence spyware stealer

Epsilon Stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Enumerates VirtualBox registry keys

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Checks computer location settings

Reads user/profile data of web browsers

Identifies Wine through registry keys

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Checks for VirtualBox DLLs, possible anti-VM trick

Enumerates physical storage devices

Program crash

Unsigned PE

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Detects videocard installed

Suspicious behavior: CmdExeWriteProcessMemorySpam

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Kills process with taskkill

Enumerates processes with tasklist

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-18 07:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win7-20240220-en

Max time kernel

118s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2924 wrote to memory of 2984 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2924 wrote to memory of 2984 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2924 wrote to memory of 2984 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2924 -s 88

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win10v2004-20240412-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 972 wrote to memory of 3492 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 972 wrote to memory of 3492 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 972 wrote to memory of 3492 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3492 -ip 3492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:18

Platform

win7-20240221-en

Max time kernel

121s

Max time network

136s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win7-20240319-en

Max time kernel

119s

Max time network

138s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win7-20240221-en

Max time kernel

119s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000fe7e9d6113ff16e98cb018eab4db59c2d8a4e20e75eebc4a2e4f7005d292d655000000000e80000000020000200000004b6856cfee847bddb5182df654cb2b113007cd2e061955cd187ca130630d4187200000004599e683765231b1820aa54e87e46f1b01253ed8ab495465806dad6bfe99be1840000000b5a0b8ddd17654af8a17d1c1fd8c6f6fbbe6d8670b8c1838d35d7afdc004f3792cca3620910d7c804726f36920f8666547ad558ecb491cf6f1dc0ad3fd8d99a4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000163887c4a2fb038498f9ce18a2c699a6485df16b5eedd9d161ff2a901121f706000000000e80000000020000200000006b789a5aed1eebec6409b8612d7d90b36000738424a41c77b43d55ddeed3e8b290000000e6673e2292e1bbc797715db81ba17e2ead5d76b865b40dc4c4dd5eec325bb15aa05e7d038f68fefe8633fd8a5f7e7409b4c9fe4626ff39a1fc1d34268466f1dc2c8110e0521d19dac3d3f6bae88eba6485d20b06b2578ff893e94fec7b5acd0658e0caf9c2c4d0282972431785e159266771212c147a74a051becaf40f1ec15242f3a76cfd9a60e751debcebe1a962f440000000a7b54d4ec0e42c0155851ad55b2eb275e00efff04bef8a229928d5f7c0cb3b96dbca908d4f9fd65bd9cb32c42082b716a817c3843bbfb5e1308424e5ecf8b447 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d28bb95f91da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419586163" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E35E6D11-FD52-11EE-BFAA-5267BFD3BAD1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabAD03.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarB333.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec8ba7131ffab2a27568538a220bc1c3
SHA1 f6a1252046794d000877fabb3559d066eef56119
SHA256 6b1c4d791f56f0b12091d36b73b73dacda06113e1d805b8ec1ee2e8b51b2639b
SHA512 50bb61c77a9c6dec2b7dbb8d66ebf7fcee2eb767e41e65d9015b09d65efc765a87200813460e2a62737f8b0bf7399f6556b7bd1d80f8081a0e6e889c18ed017a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 141a8bfe0df8ace695e60529b9f72f67
SHA1 6cdd80f521c0c6d4ae7f43dac6e82a0f7ed1159a
SHA256 d62c74ab5a27f25c487bfed32f81d215ac1db624ebb2f7dadc26dcc874025e10
SHA512 9233576990324d1fdd2a927392956b63fb4b5c90fce7b134ec7b0e2e970a53935115e844b3fc9116ea94eefae2cf443070bc28b117a8a6cba35a555571b565ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02377011da3a569b1edc7a73268a96db
SHA1 254aab491a61e84eaed4950250161e472a8d5fcf
SHA256 2317317c5718295b1eceb82d6a98d94a210bf831cbb8eeb4853742e37685acfb
SHA512 154e54a3ea05188cd885c658fcddec446af37ca4d719d7b565cc300f5ba7716f62fddf6dc7a9602ffc29b8b433b638bfbb02b6b9ff6d90eec27049b466e81293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a763f645cceabec760cf18eaa200ec22
SHA1 69c1700cbe7f55adbdd83c198c85a474f0db7592
SHA256 a9d03e8f16ec3cdc0a65029a3864c7b9112230265cd345e7564469090caf9840
SHA512 0315f4bad62c2243f2699288e032c410496d29628d30ef8302a8a75070282318184fd5b0b47e133beaa621e5053f07139e3b8b6a8e2de07c4fc95340a3bdcf26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66c7b886d3b1d517562100f18b9ba597
SHA1 272cf5e07b66603d55c7d3eac181846285e5e4bd
SHA256 dc73ff8041b1b4a2a79072796e1531b02948297338ebb8949a26e5ffb5aa03f4
SHA512 896ef04b6e6e5353ff8b94bed59f6c31f1932fe8f198e248baa7af34d4a13b7d81a5bf87a80937d3e0e2a5e11b2c3425e0eac0d2f2647bd71134fb7c0aace131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db3af982c1676f8f34ae5a04edf7a35c
SHA1 43d9d2594c11c825e66b861fda6db4da759e8a9d
SHA256 78dd60b334091aa12647eb05c966bc0164aa46bf6949be38e5c90aad8c855c81
SHA512 6e7c52346dc9dd072eee706c448a1d5356d11112807fe348e3d4ab9aad0163a4cd72c211e95f27b5e59f89452750d8bbd4833632d5c89a4f4a0d7e45c6c5b6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15d23c4f47e147083cc23c092e059b1b
SHA1 8b3adc54764214af4d0ca59e9a9e2a920c57e510
SHA256 92899c6ea405835a074fb34fe9f9bbc4e59f825223823f308d2ac3ade2234685
SHA512 30fa831180f05aff428bae9053cf8140b44615318b884406f84d5ddbd6d4ae0fb69b12f59da5e51ae4b9a3797a0e68d1d0c64ced6f9080d60a7130f5bad22dd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07761de644b5ee8e0402abf92af7e1a1
SHA1 3cead653ce125b0a6de296d44b427835d04c11b6
SHA256 4350485f2d47ff8dd6e63e28a2d47c9922a52e914226f378d53292ee92d57858
SHA512 0ba00d955a1fb39c1beacfa31e100547aff8b3cae07f741897515cd7e02fdba284e3c8487ebb10fead7a24505f2c397b600cb53585c6ce9bdc2b4a12f5791515

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76dad8dab175d13f6f3f3fc74bc69f3c
SHA1 98e5e1b1bfceeea5d45274ad039a5c29cf07e2b7
SHA256 9c8aa164a23638067d234e14647f2b4d914187c8d5d322b3f63fb480524259d9
SHA512 30fb4dd19e906e4e0ee22b5f0059177102560b8779dde66c5dae8444348fdd6e3b42d312e90fbf810f1111022ff212a4f6ae977583ca567b12788ef71b1b25cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49ab018daa8948c7b716304dee9187ee
SHA1 cdc843926fa4324862c3abfa006c9baa287ad025
SHA256 cf40fa744cb5179f2e8f2bb8d3a2561e019ac2586906f849faea5a1bdbe1f79f
SHA512 9e50986e329e2581626f0dcc5a5e430838fd9bd76ab9ff158ea7f9e9231a4f78ec59f7912d45633b2645506406ac3407215ac7e1ceaa6d650571196d7b61b77c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1fb9badb5c7eef3c52065ba0299dacd
SHA1 4dbc01083c9ab389944fb0bfe71f06b4d43a4f4a
SHA256 5f8e00659be13bde20c191cdbc14c0c759f21c55702bb1fab9ce8916eac9b913
SHA512 37eddc92e525fb7502892955d1818e08fd9cb42b289c178d3ddda9cc0f68278b388312a0f9292812c6eac9780b072370d2e3a6ab5008c9dacbe5d61f09a0d981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce4fabd0110b9dbe28e36c480116a8b2
SHA1 da7270f723d6998ce663c13638cfb59cd11d368c
SHA256 a7ec57ee863a7f4c8dd1fca9f7c2dd3daf6347145e5a6ab6c5f2ec9d664315e0
SHA512 25b39dd81015006caca205627b3e7899411a8914cb43419a15208fe33b5f071866bcb6629b3c9f074bc020a0667da347e36362fd8aa347b73b9dcb77a56e8745

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b12a612efdf268101c6283ce54eef8f7
SHA1 a0de3f465199407b307daaaeea90f0b6eecbe074
SHA256 dd49e23a7b35328a61a94e2cf7de95c9d264bf26e58c68f4dd61b5ceae24a7c2
SHA512 c8204dc8e5d2af42a0ee505462c90db0f4944bb4b6d9622768fbfe731aba3f974386a606f32f7a1c223ff859371813d51b1edde1a8255307f56d99197195ce8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7f938803ba1b8802dc3416bd5ad25c2
SHA1 8a2b9223dc72b27f8acd76b91beb2483a16784fb
SHA256 4377e2326b547d99cdaa15e64b04c96d864902d6a0493c81f52f91d8574d0483
SHA512 5793fc3d5b9dd4c218a9b10734496ed9743b7cf50d9383817756c3ddea27a1a492d0e1578e7f1c16a9d5abcb0486199f16cfbe412f0625ec0bbc9e00f4ffee13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a02b6d10b925eb73b2ba9d0ef9bd50d8
SHA1 cd139ee7f8c04fafe11c1d44ccf944357302712f
SHA256 d2cc725573045e42a7a314deb3bcadfeb1f14013b89759cd5d57818151fd4f62
SHA512 4232266e4732e2edcda56cfc631450cafec338fb5d563d9b86bfd8da4217a0dcf134c62ee8f5846568ff67c3f509f6f20bf6dc626981715b96336cfc861afce2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d92a22b9a181a6912331478a77fd2a8
SHA1 2284ee8852ec9eb08233cb63cab72caf73374c58
SHA256 fa7941d9d79117294079f2caeeec7bd5e7d9c62d5095f1b644fb46172a30e8d8
SHA512 013ba62489acedd1f050cd84e78c54d3f1c364a9cf7ee2e6aaf0d0cc280ebd69291cca00682285477d1d3d733035dea6e49d7a64738d6cd4018f75e7495c1d69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9cf8ee2cb0769c7f88d682a1ff3dc25
SHA1 8f2c26589510da941ed9017b0b0ed485a5e645a8
SHA256 ca0555d45694c450c0bc63bd9592ce79a4daee8cebf7c064990b8224e3ccabf5
SHA512 9a88a897e9887d47874cb7b401a96a70651ac960e8f426195182c1a953dcc82dafa19f3330a48f475d21e4bd442bb1721cac1a98a18f534084e3b49e43827043

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win7-20240220-en

Max time kernel

120s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

109s

Max time network

157s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

Signatures

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES66B9.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC218DC1B31CE74ED78DDBE789686B43B6.TMP"

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp

Files

\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC218DC1B31CE74ED78DDBE789686B43B6.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES66B9.tmp

MD5 32f447eb0a19f80695761d9144a5c4d1
SHA1 45d2c6ae690130fdd81fefb59810b42847f618bc
SHA256 4f6042e7974aeb397a6c6f478ac852ca01341c55ac75345fc37c966e95d46dca
SHA512 50e01eafacc16c2d1119287c1a84c257ee5ce7dca463eb792af03ac8de384123ebfe594280fd3ebe4bce9cccbccd42c79f953df0c6efae7b883f0529235d9923

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 024ccc4b25daa608e3a0870a8c972b84
SHA1 9adea57ff36f5f97b1a0fcc368952c33cc8b0d0b
SHA256 38e0a39c6cc5c022657a6686c9c142ac38cf9a05af2089e9d5cf9aa42a22da6a
SHA512 30fd0824678fed366e566645d48afef013d74278339c0ad0c59177dbbf65da2d4d18f3c4b7e31473f9b03a8f8efc3c4347cceaef5e39ddb3628ba6b0f7102adb

memory/3188-9-0x0000000000070000-0x000000000007A000-memory.dmp

memory/3188-11-0x00007FFA32610000-0x00007FFA330D1000-memory.dmp

memory/3188-12-0x00007FFA32610000-0x00007FFA330D1000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:15

Platform

win7-20240221-en

Max time kernel

73s

Max time network

37s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win7-20240215-en

Max time kernel

121s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

137s

Max time network

170s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win7-20240215-en

Max time kernel

118s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win7-20240221-en

Max time kernel

121s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:15

Platform

win10v2004-20240226-en

Max time kernel

129s

Max time network

166s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3460 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.74:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win7-20240221-en

Max time kernel

117s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 224

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

151s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

Signatures

Epsilon Stealer

stealer epsilon

Enumerates VirtualBox registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\SOFTWARE\Wine C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3480 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 3480 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 4652 wrote to memory of 4404 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4652 wrote to memory of 4404 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 3480 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

Processes

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1808,2879747437798345549,15893513907764644888,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1936 --field-trial-handle=1808,2879747437798345549,15893513907764644888,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2324 --field-trial-handle=1808,2879747437798345549,15893513907764644888,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2784 --field-trial-handle=1808,2879747437798345549,15893513907764644888,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2cc 0x340

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\system32\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-27wp5f.7fal4.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES662C.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCD46725BFBA7D469896194B974C656C.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19edj65.zvv7k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-27wp5f.7fal4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19edj65.zvv7k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1kc978f.uolvg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1kc978f.uolvg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-2f2itd.af0yl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-2f2itd.af0yl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-i9kumd.v8m7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-i9kumd.v8m7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bkeklh.3tz7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bkeklh.3tz7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7qo6oz.q0hui.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7qo6oz.q0hui.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1f38umq.bebf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1f38umq.bebf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1b5d1xx.btqb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1b5d1xx.btqb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1d9g6dd.k6ug.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1d9g6dd.k6ug.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-3zerzh.h9mu9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-3zerzh.h9mu9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-cv2c6c.37bck.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-cv2c6c.37bck.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1iox3uz.8fmf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1iox3uz.8fmf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-17gw6i8.uhob.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-17gw6i8.uhob.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-vg2pn6.rmade.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-vg2pn6.rmade.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mqflvh.mzbt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mqflvh.mzbt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19a46x0.kjqe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19a46x0.kjqe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ky2jco.rrp9b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ky2jco.rrp9b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-pn9kyx.9ln2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-pn9kyx.9ln2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ewqgxy.calpd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ewqgxy.calpd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bhxgua.afmhv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bhxgua.afmhv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1x2kdzd.aahj.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1x2kdzd.aahj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-14mcih4.y4w3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-14mcih4.y4w3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-jgap96.5545.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-jgap96.5545.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-16gpbiz.xhiv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-16gpbiz.xhiv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-c15nmx.lemkv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-c15nmx.lemkv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1x4g7mf.xny.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1x4g7mf.xny.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ek9sr1.0k00g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ek9sr1.0k00g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qwv59c.rqstl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qwv59c.rqstl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h7p5ub.3a9e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h7p5ub.3a9e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-3q964u.y7llv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-3q964u.y7llv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ny7per.0m8t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ny7per.0m8t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-z5q34o.oiqdj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-z5q34o.oiqdj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1nvcwyr.r6l7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1nvcwyr.r6l7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1op6mzs.elmg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1op6mzs.elmg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1verthc.xi41f.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1verthc.xi41f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8ohua.uy4e56.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8ohua.uy4e56.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-9hyqw1.4zd7.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-9hyqw1.4zd7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-llcs7z.do3pq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-llcs7z.do3pq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qxykuz.euv5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qxykuz.euv5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-65taib.gyv2j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-65taib.gyv2j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-150jtn3.h45k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-150jtn3.h45k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-190myj4.p9pn.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-190myj4.p9pn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1pz85pa.e99q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1pz85pa.e99q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nv7m1j.s7pop.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nv7m1j.s7pop.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-qsmswk.knwls.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-qsmswk.knwls.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1djqayx.1n05.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1djqayx.1n05.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-mmdde0.1tdi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-mmdde0.1tdi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18sdmdh.zu6s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18sdmdh.zu6s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ep9evh.ogxd.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ep9evh.ogxd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-a3xkdk.hru7a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-a3xkdk.hru7a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-emiukt.rmc3v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-emiukt.rmc3v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1n10wi1.szjck.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1n10wi1.szjck.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8zbrlt.offfw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8zbrlt.offfw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-d4sxbs.f1zs9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-d4sxbs.f1zs9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lexmyt.angbp.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lexmyt.angbp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qu1wxt.43sz.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qu1wxt.43sz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ahvz0y.kdwk.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ahvz0y.kdwk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ztf05m.vm7a.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ztf05m.vm7a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-q64q2a.nqdl.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-q64q2a.nqdl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ehypxv.k40q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ehypxv.k40q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-embqnu.r95r.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-embqnu.r95r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7ishtg.co7wh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7ishtg.co7wh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qokecd.j9fmf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qokecd.j9fmf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-6asrtl.igjfe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-6asrtl.igjfe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ky27p5.94ot9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ky27p5.94ot9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19ol9mb.uib6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19ol9mb.uib6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mna0l6.1jkr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mna0l6.1jkr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-x53ldu.2kvi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-x53ldu.2kvi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1oyk934.6vos.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1oyk934.6vos.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5h779b.ysn7u.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5h779b.ysn7u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vgre5z.ceubk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vgre5z.ceubk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-11eppe5.l15bk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-11eppe5.l15bk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cnp8s6.bzvy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cnp8s6.bzvy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19ssh0a.7y1w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19ssh0a.7y1w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-tlxp6q.xuj9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-tlxp6q.xuj9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-viwi2l.ftqtm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-viwi2l.ftqtm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19jqnpb.03lz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19jqnpb.03lz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1b4vsah.oo8dk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1b4vsah.oo8dk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h0e1e.1zyfl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h0e1e.1zyfl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-yf0vqa.aib1s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-yf0vqa.aib1s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-2r1m1u.cz0fg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-2r1m1u.cz0fg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8cgtso.wnwd9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8cgtso.wnwd9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5bjb4a.n3cif.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5bjb4a.n3cif.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-k8bix8.n6sfg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-k8bix8.n6sfg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1j8n7sq.mk2g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1j8n7sq.mk2g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1v027zy.1orq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1v027zy.1orq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qccnu6.pwfa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qccnu6.pwfa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1r8fjdx.cky9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1r8fjdx.cky9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5vt2r1.rnkig.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5vt2r1.rnkig.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-15e62mg.z61a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-15e62mg.z61a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8ahpvg.y3w4g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-8ahpvg.y3w4g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-iz5aje.bn8l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-iz5aje.bn8l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-x55dge.x1dl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-x55dge.x1dl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1pxpbdf.ndtx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1pxpbdf.ndtx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qatimc.smno.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qatimc.smno.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tjqrag.3hf2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tjqrag.3hf2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18idxlm.qxzj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18idxlm.qxzj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-pc9usv.0p6pm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-pc9usv.0p6pm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vyoaao.lyw4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vyoaao.lyw4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-6ybywe.c2am.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-6ybywe.c2am.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10ifljx.tkx1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10ifljx.tkx1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-uxbsvg.uvwci.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-uxbsvg.uvwci.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ebz1kv.jjpzv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ebz1kv.jjpzv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1sm9dnt.dtoj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1sm9dnt.dtoj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lvoap8.8q1q9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lvoap8.8q1q9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1yzs984.sfkml.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1yzs984.sfkml.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tpr7b0.mtm1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tpr7b0.mtm1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-17irrq8.mr79g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-17irrq8.mr79g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bv2g8q.3sdo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bv2g8q.3sdo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bsmm2h.7neyl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bsmm2h.7neyl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1xoeqyg.qieph.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1xoeqyg.qieph.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1q01csx.bzid.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1q01csx.bzid.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ctozko.82jd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ctozko.82jd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lna3r2.21vst.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lna3r2.21vst.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7jshdi.jpyc6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7jshdi.jpyc6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-r7afzj.grrej.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-r7afzj.grrej.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hz896g.f1jn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hz896g.f1jn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1np5jw0.bhre.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1np5jw0.bhre.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-jwz5wl.so6ue.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-jwz5wl.so6ue.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ofvr0y.y1o1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ofvr0y.y1o1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19yaid1.lipk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19yaid1.lipk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mwg9jo.iz7p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mwg9jo.iz7p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cj7um7.hgv8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cj7um7.hgv8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nxqpui.sqfx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nxqpui.sqfx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rf97ax.guun.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rf97ax.guun.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7mgxuc.c27bi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7mgxuc.c27bi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5cwhqy.96m4v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5cwhqy.96m4v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-m05mdr.yrjr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-m05mdr.yrjr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-kyzvw0.5qo3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-kyzvw0.5qo3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tqhbdd.e1te.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tqhbdd.e1te.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hhqrww.ewyv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hhqrww.ewyv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1k233rh.bpnc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1k233rh.bpnc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-weo3ct.4doba.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-weo3ct.4doba.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-e9j7k.biav7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-e9j7k.biav7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7gxbz3.ltxn8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7gxbz3.ltxn8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1sjxecn.asrj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1sjxecn.asrj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-17x1ck9.125y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-17x1ck9.125y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5lgwqu.jbkdj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-5lgwqu.jbkdj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-hjdfmz.o7gzg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-hjdfmz.o7gzg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1i6xl8x.m0lh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1i6xl8x.m0lh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-2un7xp.a3zxo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-2un7xp.a3zxo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ffh2ox.lvpf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ffh2ox.lvpf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hrw3xi.nhag.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hrw3xi.nhag.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-60c6aj.h7sa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-60c6aj.h7sa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h8xcrc.43smg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h8xcrc.43smg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1u86p3e.vmt1f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1u86p3e.vmt1f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1w83ux6.gtnsi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1w83ux6.gtnsi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1jvkvxh.e0nyh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1jvkvxh.e0nyh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-agdkqb.dhh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-agdkqb.dhh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1g3besv.w8ju.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1g3besv.w8ju.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1phpk08.45pi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1phpk08.45pi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-sjwyyq.kh13.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-sjwyyq.kh13.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-xu0akm.1wd9j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-xu0akm.1wd9j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-r0p43h.y40b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-r0p43h.y40b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-iu25yv.vr5r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-iu25yv.vr5r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-m6a5zv.ubwp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-m6a5zv.ubwp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rd99ld.th4ti.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rd99ld.th4ti.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-s8rhv3.vq5r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-s8rhv3.vq5r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h7e5j1.zzgif.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h7e5j1.zzgif.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1o7sft.3lpst.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1o7sft.3lpst.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-mqa501.cwd2s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-mqa501.cwd2s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1q1pus1.wck1h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1q1pus1.wck1h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rvhe4x.iavp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rvhe4x.iavp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-dzjbx4.j4b7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-dzjbx4.j4b7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19ewgs0.vrkm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19ewgs0.vrkm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1dbkmkh.1589.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1dbkmkh.1589.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1euubez.b0w2k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1euubez.b0w2k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-13t4is4.wc1b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-13t4is4.wc1b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18h95ip.za6p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18h95ip.za6p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1e3imuw.g2w1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1e3imuw.g2w1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-te2o6z.cnyvb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-te2o6z.cnyvb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-djjsgs.cgumi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-djjsgs.cgumi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1odhxj6.gerbj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1odhxj6.gerbj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-auid99.m8kwn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-auid99.m8kwn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h7048z.fj29.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1h7048z.fj29.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1d0zwpd.8bd8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1d0zwpd.8bd8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-n2ofy1.cmnz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-n2ofy1.cmnz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-rcekg3.6f7ys.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-rcekg3.6f7ys.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7vpba4.ixcic.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7vpba4.ixcic.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-155m8ye.hhyp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-155m8ye.hhyp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-132tedm.s7yw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-132tedm.s7yw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rdkyre.tnbs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1rdkyre.tnbs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vqeou2.98hn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vqeou2.98hn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-y0zr9y.nwe1o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-y0zr9y.nwe1o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ul072b.jsk9l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ul072b.jsk9l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hsbt7u.0m2q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hsbt7u.0m2q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-kiwpu8.osejn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-kiwpu8.osejn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-em1wmy.333o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-em1wmy.333o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-t66crt.vy9i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-t66crt.vy9i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-vvmna7.ujqp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-vvmna7.ujqp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f1jnto.vyx4q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f1jnto.vyx4q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-145ymy1.4sif.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-145ymy1.4sif.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-123wdb4.cqcnl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-123wdb4.cqcnl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ti7d9k.lns5f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ti7d9k.lns5f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-rnves.lcnx6g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-rnves.lcnx6g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-sucl5r.r1sp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-sucl5r.r1sp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19kaj5v.0jc1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19kaj5v.0jc1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bewuz7.azdb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1bewuz7.azdb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mstvaz.fxpk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mstvaz.fxpk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-22r75p.x2fzb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-22r75p.x2fzb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tfwzgf.ldpr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1tfwzgf.ldpr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-j3vw41.zee7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-j3vw41.zee7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bovitn.aa6l4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bovitn.aa6l4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-qmsc4j.12exr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-qmsc4j.12exr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-v2wr9o.pfwfm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-v2wr9o.pfwfm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1fql7ho.08bw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1fql7ho.08bw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1flls6g.18n8h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1flls6g.18n8h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lx6qvu.0p9fc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lx6qvu.0p9fc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-xlpwdc.rifjr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-xlpwdc.rifjr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-gb92je.ngtq4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-gb92je.ngtq4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ysmnwe.fex5k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ysmnwe.fex5k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ponwhj.hrd1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ponwhj.hrd1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-d54v8e.bbsow.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-d54v8e.bbsow.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1q9544o.51hs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1q9544o.51hs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10v4m8o.qssy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10v4m8o.qssy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-rt6txe.g6kq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-rt6txe.g6kq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-16dgws1.qy3p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-16dgws1.qy3p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-xvrv2m.8kso.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-xvrv2m.8kso.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1lwvq79.7x9t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1lwvq79.7x9t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-k1o5ae.7sn68.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-k1o5ae.7sn68.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ykevv2.nalr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ykevv2.nalr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vocf3j.kyv8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1vocf3j.kyv8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qc6fd3.9ze4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1qc6fd3.9ze4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1xg3c2b.2ppe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1xg3c2b.2ppe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ozw1oj.fj6kl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1ozw1oj.fj6kl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lqztnk.zxenf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-lqztnk.zxenf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-djlgsr.smkgt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-djlgsr.smkgt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18piytc.4y46.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-18piytc.4y46.jpg"

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1808,2879747437798345549,15893513907764644888,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nxnu6o.e0t9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nxnu6o.e0t9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19cnvs9.52ja.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-19cnvs9.52ja.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-12gei2o.bhfv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-12gei2o.bhfv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1szvts8.c7db.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1szvts8.c7db.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1aumsgh.0r5s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1aumsgh.0r5s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mq6of7.e514.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mq6of7.e514.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-q86824.wvyx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-q86824.wvyx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bp48y7.1x01o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bp48y7.1x01o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-11fghk5.l5av.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-11fghk5.l5av.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-16phx0r.9bes.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-16phx0r.9bes.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1gfeyiw.ze57.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1gfeyiw.ze57.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-14fvlgq.ox1o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-14fvlgq.ox1o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ysr7vl.qi1uk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ysr7vl.qi1uk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-s9lu6r.kuatj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-s9lu6r.kuatj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bx4f39.zr4e8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bx4f39.zr4e8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-p0spwr.gqpht.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-p0spwr.gqpht.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-6qec42.8yj52.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-6qec42.8yj52.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1px7prv.jsnv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1px7prv.jsnv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hpm7ta.yx3hj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hpm7ta.yx3hj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1wvptqm.xuaz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1wvptqm.xuaz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1myoq1n.o8ogf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1myoq1n.o8ogf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1wkyuns.v50w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1wkyuns.v50w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1gkubem.mzfi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1gkubem.mzfi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-amns9l.80oys.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-amns9l.80oys.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7l8npd.u0z9p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-7l8npd.u0z9p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cgfktk.f7bk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cgfktk.f7bk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-b4z9ks.qdrhw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-b4z9ks.qdrhw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1smn4kd.tvx5i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1smn4kd.tvx5i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hygt8m.hnq8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1hygt8m.hnq8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-111m63j.71k4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-111m63j.71k4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-w2asfd.ylesg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-w2asfd.ylesg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-tjivy1.wvye.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-tjivy1.wvye.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10ta917.pcdmg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10ta917.pcdmg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bkx7rj.tc9tl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-bkx7rj.tc9tl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-e98ih.zexoer.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-e98ih.zexoer.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-yb7usn.y5yc9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-yb7usn.y5yc9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-x8q68r.31te.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-x8q68r.31te.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1grfjvp.mgqck.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1grfjvp.mgqck.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f69ekf.ofs4e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f69ekf.ofs4e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ykbgtl.2ywvh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-ykbgtl.2ywvh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-fhl2ws.vs1h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-fhl2ws.vs1h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-pxj965.f2i1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-pxj965.f2i1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mr23xv.77kf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1mr23xv.77kf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-t47xzh.gmpk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-t47xzh.gmpk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-gosff3.ubre9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-gosff3.ubre9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nupqtf.9tore.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-nupqtf.9tore.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-gwl6ln.hs7zu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-gwl6ln.hs7zu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10hsyqe.8f71.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-10hsyqe.8f71.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f30ys3.fkig4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f30ys3.fkig4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cc8yew.rpjw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1cc8yew.rpjw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1aywk83.cvic.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1aywk83.cvic.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f1du1v.j1eeo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-f1du1v.j1eeo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-iuo916.3325j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-iuo916.3325j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1skd5x7.vmo4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-3480-1skd5x7.vmo4.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 119.176.67.172.in-addr.arpa udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\075b13c4-8704-48b9-8761-ec6eff399b3f.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

C:\Users\Admin\AppData\Local\Temp\d693f64b-ab44-4995-a428-fcdba23c725e.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

memory/3196-10-0x00007FFF004E0000-0x00007FFF004E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\edcbe98e-143b-4444-bbfe-47c89234b128.tmp.node

MD5 08b28072c6d59fdf06a808182efed01f
SHA1 35253af00af3308a64cff1eda104fd7227abb2f4
SHA256 7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5
SHA512 f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCD46725BFBA7D469896194B974C656C.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES662C.tmp

MD5 0076b1c331ecdc8917a277afaff558cc
SHA1 1f3d9f2b4f4eaa0211082f718ba1bf81d0f8366f
SHA256 cd6c48e764eb81e9cb9c83ba4ec30207fa0a59b9d1a08df1cb4ccbe12d00ee96
SHA512 d676679fe931f98788bc1fe3ac1f6da80a157a99c3ed88252793b6ff07620da09b7cf88d20aee4b99fe4d5d07d4dcf63aed585fc1d7242d7ebb75eb46dfe0f69

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 c2c382b632f62fbc9e71b2b947b02e47
SHA1 4d2f9a73f4bfe2f698f3cdea53059697ec78e570
SHA256 17e2f5a8b55c8f58c8657096bc604208ee8fa513a219a9f09ea7416a01377f4e
SHA512 45f5e8a8a9b1c56024a6f27d1c699cf0df38de3a57f205949ab06b7007b2ed99ac7eac7ae17a03b088c02cfa96293c80c275e4508c831772d2e04c4eb3936ed9

memory/4680-135-0x0000000000650000-0x000000000065A000-memory.dmp

memory/4680-136-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

MD5 f3ac7a0e31b9af1b495241eff29915ad
SHA1 286fe23eba741cd3fca3f3e9a919021946655392
SHA256 f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a
SHA512 b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

memory/412-143-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-3480-19edj65.zvv7k.jpg

MD5 4b1caf3c91eea4e8a25e09de1cc89413
SHA1 e63c47ad743f3ee3d99bfa48ced44a1ae83fc658
SHA256 74b258264ef489f6d8d91822fb38d6e2d1331454b18f9feef574712ce9ee8e1f
SHA512 53384f823f9934fe5780dea824b5fe70d1f75ad64ceedda28e9675fdaa086493fbcea069ebd50a4f115d9dca6dc6e1e15b128b7ec52936383295fca9e43435f6

memory/4680-145-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4404-150-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4404-158-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2908-163-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3844-168-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2884-174-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2884-177-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3204-181-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3204-184-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2428-188-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2428-191-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4192-198-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3692-202-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3692-205-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1248-209-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2684-216-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2684-219-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3196-227-0x0000024D76130000-0x0000024D761CE000-memory.dmp

memory/1248-212-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1644-233-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4192-195-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2548-237-0x000002477D160000-0x000002477D1FE000-memory.dmp

memory/2908-238-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1616-243-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3844-247-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4480-248-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4388-254-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4388-255-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1512-259-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1512-262-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4452-266-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4452-269-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2404-277-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2476-281-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3852-286-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4368-291-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1644-297-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2196-302-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1616-304-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2884-309-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3232-316-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3232-313-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3520-320-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3520-323-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3864-329-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2328-335-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2328-336-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2404-338-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2408-342-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2476-345-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4112-346-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3292-352-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3852-348-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4368-353-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3164-357-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3196-358-0x0000024D76130000-0x0000024D761CE000-memory.dmp

memory/2196-361-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/4892-362-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2884-367-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/2208-368-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1416-373-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/1416-370-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/928-377-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/928-378-0x00007FFEE1030000-0x00007FFEE1AF1000-memory.dmp

memory/3196-549-0x0000024D76130000-0x0000024D761CE000-memory.dmp

memory/2548-555-0x000002477D160000-0x000002477D1FE000-memory.dmp

memory/3196-645-0x0000024D76130000-0x0000024D761CE000-memory.dmp

memory/2548-749-0x000002477D160000-0x000002477D1FE000-memory.dmp

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State

MD5 17d146ff0068dae0a4a7e9f3f1b34ebe
SHA1 a6fbfc8df73182dc5e067d03c6981c46be3342c5
SHA256 92fe082e9e37a36cb3445cc68fd7dd0471666a50c872d8e7d9d699a1b7ef2dba
SHA512 de0b34f1b39a09c51768ac88cc9c9cac3a64892d3c2c88a8a6c6a5a8bb8db68a6ee7bb4c6218123b7c06038c34272ad3e71a187a1b06041fc0f25a2bf5a7726a

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State~RFe587dc6.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/3532-1345-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1346-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1347-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1352-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1351-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1354-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1353-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1356-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1355-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3532-1357-0x000001BFFF9A0000-0x000001BFFF9A1000-memory.dmp

memory/3196-1550-0x0000024D76130000-0x0000024D761CE000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2488 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90cb546f8,0x7ff90cb54708,0x7ff90cb54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7091031514505138491,6863256792958669179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 48cff1baabb24706967de3b0d6869906
SHA1 b0cd54f587cd4c88e60556347930cb76991e6734
SHA256 f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775
SHA512 fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

\??\pipe\LOCAL\crashpad_2488_ODNDJVKTALPEWFAX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7b56675b54840d86d49bde5a1ff8af6a
SHA1 fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811
SHA256 86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929
SHA512 11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c868ca7bc827a5ec982333b710e6cd89
SHA1 ff39bc1513ba3c5d93ec08ddd58cbe493d73fe1f
SHA256 b266545f31cb5862212be9e3061e82774c2b5f7acf33389782a12cb51e80e324
SHA512 3bb43fa7814b18213e83368ef3dc4412fa566630cd053e07673f4884827f550f936b5d0c45993ebbc2035aa06ef7962063fcfba961148367790b7e7f8cd7e1b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b69434dc2da6edf4ec05d747f4311bd2
SHA1 0fa3d214c243c830928d96d570e92d08dda50aaa
SHA256 a146d1fc17fed88a5badf653d4576da6dca629e113d70f8db7c962f1413267ee
SHA512 ac2b0e1ee958c6eb9d68b881c88f6eeded73207cbdaaffbc77f815273e8d8569da3eb4c217ab6359df43635e688323d2710d0cebd144858de52d485e7bd40cc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5479615dd67acc44f6b5d0ab5f1e9a59
SHA1 1ef1811d5a179ac3a0b1597f087f18b78625542a
SHA256 b9d2d742885d7ad373d22c9de0d16d40a4cbbfbf9524a4dfaa2e6a15170d1bcd
SHA512 db766d08fb486d234e801845e55a1253446194702769c0948e9b64f522b5d607b6d01ac9452eae28c0ccb3870ff1e0292327af8fac7971cfab3f452270d1aa4c

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

143s

Max time network

160s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win7-20240221-en

Max time kernel

120s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:16

Platform

win7-20240221-en

Max time kernel

135s

Max time network

116s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1220,13378804673701133079,8024351453568573800,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1308 --field-trial-handle=1220,13378804673701133079,8024351453568573800,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1544 --field-trial-handle=1220,13378804673701133079,8024351453568573800,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 --field-trial-handle=1220,13378804673701133079,8024351453568573800,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2460 --field-trial-handle=1220,13378804673701133079,8024351453568573800,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-bgypuh.1ne8f.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-2mqp26.0sizb.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1lcpof2.8vej.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2484 --field-trial-handle=1220,13378804673701133079,8024351453568573800,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18v8fd9.z0s8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ku70aw.p5sh.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1d7wgqh.45j2.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ywl3b5.xcd88.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1cewm9y.nj59.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-sszbzd.r9i7i.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1avxfpf.opbo.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1l5ifie.mqjn.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-12hdrz4.e1d7.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ss2x4y.wijr.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES168D.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCA44AE94EB96F48DF8B7D287CE5942F5B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES166E.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5AB94DE910BB493BA4AAFEC804D8469.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pnb6g7.atv7h.jpg" "

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2616 --field-trial-handle=1220,13378804673701133079,8024351453568573800,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-82phl6.3xkok.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1lzta91.di9c.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D31.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCCEA6074679DA408EB3687A6615179FF7.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-b6mxmx.mymuq.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1DBE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEBE44E33688446D48C72E2B1177BE31B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1E2B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC341A5F236C5345018A3CB6454177B18F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES208B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF1085419C77E44DDB779324FDF74C64F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES208C.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC90D53A111254EA6B6FE7B50C9785D77.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES209B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC995E937115B6444ABCF1538D2D5475F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES209C.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC175961D61E6C49A18EE7D58CD05CA352.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tbo55u.sag4.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES20AA.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC6F7ECC81AA545548AB083A55B59145.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ab8u6n.2jfl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1d7wgqh.45j2.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-b6mxmx.mymuq.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pnb6g7.atv7h.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ss2x4y.wijr.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1lcpof2.8vej.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18v8fd9.z0s8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1p752qw.obpc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-82phl6.3xkok.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10xrpbz.p162.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES26C2.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBED9F2B29BAA40EF9924A9773339F91.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ab8u6n.2jfl.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tbo55u.sag4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xecuo4.veeyr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10xrpbz.p162.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-or8jex.jttp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1p752qw.obpc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ps3d30.3hfej.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1lg013q.puwf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xecuo4.veeyr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-7duo7n.zwnzx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-or8jex.jttp.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1lg013q.puwf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1npym86.bfkr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-7duo7n.zwnzx.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ps3d30.3hfej.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9vp4v1.gwap6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1npym86.bfkr.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9vp4v1.gwap6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-o8cyfc.wuzrm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-o8cyfc.wuzrm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-e4gfwt.d3avb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-e4gfwt.d3avb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-13866n6.2gy8f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-13866n6.2gy8f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1slf4x0.esjb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1thcavo.cusw.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ng1b4y.e5l.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-pzkouk.o8nse.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-nzjtk.dpc4bo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1slf4x0.esjb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1def4rg.jnh9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pigul8.qg9k.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-hw2sf4.j0vzj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1thcavo.cusw.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ng1b4y.e5l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tmqghb.0l3r.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-plomi6.x5vt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-pzkouk.o8nse.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1def4rg.jnh9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18gntwu.e0hlf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-nzjtk.dpc4bo.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-hw2sf4.j0vzj.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pigul8.qg9k.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tmqghb.0l3r.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18gntwu.e0hlf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-u0yash.lpbn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-plomi6.x5vt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-rjbx3z.f9nc9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-u0yash.lpbn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1hr5gv2.eac5.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rmo6ts.oa1i.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xx0kvy.o5pt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1hr5gv2.eac5.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-rjbx3z.f9nc9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18m8uio.92aek.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-phw16r.6qgv8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rmo6ts.oa1i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1nk5hlo.0taj.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ck3kud.lryg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xx0kvy.o5pt.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-phw16r.6qgv8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18m8uio.92aek.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1nk5hlo.0taj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-12i56g7.ullw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ck3kud.lryg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-77yj5s.islk7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-12i56g7.ullw.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-77yj5s.islk7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-b9amwh.mju9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-oxthw7.xh4w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-b9amwh.mju9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1qbsvfo.ngqc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-oxthw7.xh4w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1titigb.slta.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1fa9nxl.n381.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1qbsvfo.ngqc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1titigb.slta.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1kmy2ia.vhgyf.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1umbuh6.mnz.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1s4ic3b.7aubf.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-yzb1eb.5tj6a.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1c7lo4q.mhclg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1fa9nxl.n381.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-agoust.sj5m8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1edzy4c.upr3.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ayqohf.vcjaf.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-lppnza.7piva.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-sqhngi.4s7pc.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1v4qkdt.991w.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-3h5646.sjscr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ayqohf.vcjaf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-lppnza.7piva.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rl0i0h.qaot.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1savhul.4m15.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1t3opu9.ezc3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1v4qkdt.991w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1w9slbr.5erp.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1e3w1n5.gnmsi.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9wlzgj.byfis.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1kmy2ia.vhgyf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-chnmnp.92wlv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1s4ic3b.7aubf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1aem5hw.xo27.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1umbuh6.mnz.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rl0i0h.qaot.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-yzb1eb.5tj6a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-jbc880.oy84.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-uhj4m7.gxntk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15wwzun.wjq4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-chnmnp.92wlv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15lzpi7.714d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9wlzgj.byfis.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1c7lo4q.mhclg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-8828n3.pt5n.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1i8asuv.b0sc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1edzy4c.upr3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tk2eeh.o849.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-izx2vw.3vsvk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-c6pczv.606dl.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1tiyia0.gcmx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1aem5hw.xo27.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-mpje3x.7ldge.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1b0ucru.2j2y.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1efwzh7.tzyvf.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9ba2yj.9qag.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-agoust.sj5m8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-eyw5s4.bcma.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-uhj4m7.gxntk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-laqf1u.9e5aa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15wwzun.wjq4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1i8asuv.b0sc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-c6pczv.606dl.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-8828n3.pt5n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1prx3xq.t4xe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-sqhngi.4s7pc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-izx2vw.3vsvk.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15lzpi7.714d.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1efwzh7.tzyvf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1b0ucru.2j2y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1u78g1k.jt5o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1tiyia0.gcmx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1g6x9nd.br9zj.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-jnei3t.q25s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9ba2yj.9qag.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-oensi.gj862.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-laqf1u.9e5aa.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-eyw5s4.bcma.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-3h5646.sjscr.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1savhul.4m15.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-h2kc8j.aydno.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1w9slbr.5erp.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1t3opu9.ezc3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1n23obb.d3kh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-jnei3t.q25s.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1e3w1n5.gnmsi.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1u78g1k.jt5o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-wh8w1l.n216.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-cp2xw9.66pkr.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-4r3ct0.uld4b.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-61htub.a84i4.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1do1cvk.t62f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1n23obb.d3kh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1kesbfg.2ruo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tk2eeh.o849.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-4r3ct0.uld4b.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-jbc880.oy84.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-61htub.a84i4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-jbqxdo.thp0q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-mpje3x.7ldge.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-p2967e.gcgak.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1prx3xq.t4xe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ljmt2a.4u5yl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-p2967e.gcgak.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-oensi.gj862.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-5o6akj.jydvp.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-19m0vsv.xa2c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ljmt2a.4u5yl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-pgevo8.csly.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-h2kc8j.aydno.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1do1cvk.t62f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1vrn28o.r83j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-cp2xw9.66pkr.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1g6x9nd.br9zj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-z34sro.xht3d.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-6iv130.l2q9v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-wh8w1l.n216.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-19m0vsv.xa2c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-14x7ks6.33r4.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-esal44.f5bnj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1kesbfg.2ruo.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-6iv130.l2q9v.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-pgevo8.csly.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-jbqxdo.thp0q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-13vilw4.01yx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-z34sro.xht3d.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-5o6akj.jydvp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10rsw3h.ypeti.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ctxnij.4fji.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rusviy.7k9l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1vrn28o.r83j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18t0clv.sxp2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-14x7ks6.33r4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-esal44.f5bnj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xv9n5n.kgwbk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-13vilw4.01yx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1vkroeq.ste1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10rsw3h.ypeti.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ctxnij.4fji.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18t0clv.sxp2.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rusviy.7k9l.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xv9n5n.kgwbk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1xpgpnq.b088.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1vkroeq.ste1.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1xpgpnq.b088.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ldpiml.ydin.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ldpiml.ydin.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pef2du.hb0ri.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pef2du.hb0ri.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ic6u1t.mkuk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ic6u1t.mkuk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ipgssc.vylk9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ipgssc.vylk9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-p4tw39.d528a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-p4tw39.d528a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-20oshq.hqz58.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-20oshq.hqz58.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1gjw62q.eo1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1gjw62q.eo1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-12toqqs.lk63.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-12toqqs.lk63.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1mo4pfw.y76e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1mo4pfw.y76e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10mtk8q.75t3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10mtk8q.75t3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-f1cj43.jszkl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-f1cj43.jszkl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-f86ubu.nmmt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-f86ubu.nmmt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-bm2ekz.2l6ht.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-bm2ekz.2l6ht.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-fsmw5s.ocgqr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-fsmw5s.ocgqr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1cnq8ot.tsoz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1cnq8ot.tsoz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-gx0k7r.l6fxp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-gx0k7r.l6fxp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1uhuz95.45uxg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1uhuz95.45uxg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ic1oo3.j7mm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ic1oo3.j7mm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pmnsa0.9ickf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pmnsa0.9ickf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-l22zsg.unvj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-l22zsg.unvj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-dnn422.iezi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-dnn422.iezi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-16f5kud.hvz4j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-16f5kud.hvz4j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1tgqqh1.c9f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1tgqqh1.c9f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rsdxke.x8el.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rsdxke.x8el.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1dhgo6x.luf8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ibe71o.hmxh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ibe71o.hmxh.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1dhgo6x.luf8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-lr8sjh.e9ddm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-lr8sjh.e9ddm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-qmnzqg.5j64q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-qmnzqg.5j64q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1lbd4n3.0jhk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1lbd4n3.0jhk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ibaaav.thjv.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1b5iwy3.r9yul.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1b5iwy3.r9yul.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ibaaav.thjv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1dyy56o.ta4l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1dyy56o.ta4l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xmi6c7.lhoki.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xmi6c7.lhoki.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-cpip4h.b3lii.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-cpip4h.b3lii.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-eh1x36.ke09.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-eh1x36.ke09.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-b5itt0.nybla.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-b5itt0.nybla.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-z8mvuv.72yj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-z8mvuv.72yj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-64jt6r.b3rir.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-64jt6r.b3rir.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rpx0d6.egk6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rpx0d6.egk6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1jfrvqh.zr2b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1jfrvqh.zr2b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10rosk.ji6wtb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-10rosk.ji6wtb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ff08h4.whty.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ff08h4.whty.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-108b6ge.by12.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-108b6ge.by12.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1q6l7sb.70wo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1q6l7sb.70wo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ytstvg.lg0f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ytstvg.lg0f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-rk6ak9.3gxu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-rk6ak9.3gxu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1g8a43.bu5kj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1g8a43.bu5kj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-2oo7og.iyng9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-2oo7og.iyng9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1w0q3g4.dtei.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1w0q3g4.dtei.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1omi15a.wv8t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1omi15a.wv8t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ld2jes.s7z4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1ld2jes.s7z4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1u6d8tx.iv3d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1u6d8tx.iv3d.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-cj1j4r.7s9ah.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-cj1j4r.7s9ah.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1g81u68.4se5l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1g81u68.4se5l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1x3dcr5.5ul9f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1x3dcr5.5ul9f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1fc56gp.fgp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1fc56gp.fgp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-16erkc2.orf8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-16erkc2.orf8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1u7h38f.iezrj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1u7h38f.iezrj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xlp25b.qv7y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xlp25b.qv7y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1p62hw.71noe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1p62hw.71noe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-e07onv.znzc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-e07onv.znzc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-19u1s83.nyml.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-19u1s83.nyml.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ddv8en.xld26.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ddv8en.xld26.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15tvdv.h662t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15tvdv.h662t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rku0f7.bsaj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rku0f7.bsaj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-kvpdg5.o113.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-kvpdg5.o113.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-f44ugh.83zy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-f44ugh.83zy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-p6clzk.16nwr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-p6clzk.16nwr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rtuk9i.m01q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1rtuk9i.m01q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pdpi2s.4eli.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1pdpi2s.4eli.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-vuatn8.vuox.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-gckfu3.6738i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-vuatn8.vuox.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-gckfu3.6738i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-gzu57v.v4ivi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-gzu57v.v4ivi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-o5pp5u.h7mpq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-o5pp5u.h7mpq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1xt6lgk.l8dci.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1xt6lgk.l8dci.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-d8se87.dk69l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-d8se87.dk69l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-vbjvwq.i243.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-vbjvwq.i243.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-lwbxgk.f9cr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-lwbxgk.f9cr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1059lrt.lcl9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1059lrt.lcl9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-l2snpr.q9i7o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-l2snpr.q9i7o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ovw2sh.0i0or.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ovw2sh.0i0or.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-vyzxz7.zaaaf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-vyzxz7.zaaaf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xe35wm.n50t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-xe35wm.n50t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9d2dzq.pybxr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-9d2dzq.pybxr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1gk2ife.3okb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1gk2ife.3okb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1aovmne.55k6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1aovmne.55k6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tjhmgv.nswhd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-tjhmgv.nswhd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ox50l4.vga8p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-ox50l4.vga8p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1l05dz2.pk6p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1l05dz2.pk6p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1xgj8bi.xk7q.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-qh015d.mh2bg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1xgj8bi.xk7q.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-qh015d.mh2bg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15c52zo.juptj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-15c52zo.juptj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-d75e4p.0s0vd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-d75e4p.0s0vd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-e48u8k.37db.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-e48u8k.37db.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-rnzlku.jrds.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-rnzlku.jrds.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-c72pyu.9tvxa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-c72pyu.9tvxa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1kn71oz.4o8m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1kn71oz.4o8m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18nag8v.hpxs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-18nag8v.hpxs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-4v8lbv.j7wxt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-4v8lbv.j7wxt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-n9axmu.dv7tq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-n9axmu.dv7tq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-kpbcb6.jm29o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-kpbcb6.jm29o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-pip0g6.fmylb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-pip0g6.fmylb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1cvsfnn.kr9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1cvsfnn.kr9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-k33pl4.dmvhj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-k33pl4.dmvhj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1s9gu9s.nbqrh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1s9gu9s.nbqrh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1sgy9w0.acqf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1sgy9w0.acqf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-183utcz.fp9r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-183utcz.fp9r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-101fp4f.mdp2i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-101fp4f.mdp2i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-5jkftm.v1rh2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-5jkftm.v1rh2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-uv13p7.9y4ri.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-uv13p7.9y4ri.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-x6rpxz.pysxn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-x6rpxz.pysxn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-19crrso.mrivj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-19crrso.mrivj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-anc4py.2xea.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-anc4py.2xea.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-17zveig.1p89i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-17zveig.1p89i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-6btdnh.hlvfd.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1gtb97x.1ukj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-6btdnh.hlvfd.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-1gtb97x.1ukj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-2236-qqwv4i.vil.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-2236-qqwv4i.vil.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp

Files

\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\EpsilonFruit.exe

MD5 2af1ef85d6cd524c6c8f0c503739d489
SHA1 822e7e98f2405e9daec525d07d93d7fa7e9f4feb
SHA256 d57bdf9a6f2cffd485cfbd18f91cd010dfc7afc4de3354778ff25f388a5d4ed6
SHA512 3f36489c8b877bb94d1a547699aa5fd20702b6f81b30b6b42da5f593bb17aa7c9070327e49b6aa26546ad6a630b0ef5eb705490b7413507449ef313211411ed2

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\libEGL.dll

MD5 979b72ca6e98fc7fdcfcc50d77906fb5
SHA1 dc4b874f495ed73c90b39feb566a48a081371c4b
SHA256 73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9
SHA512 bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\icudtl.dat

MD5 3dca5e7c9841ef91996e28bd77fb8b13
SHA1 082ec8c736363b0add1cd65aa0a1239de1a03e76
SHA256 882a37e79e6b2881a05acde9fbaa535620539ace3949ad0c695fa4ddb2ade77c
SHA512 3d7d551221c5402c2a2be5f9304caff262c39b6cf0f3e1f5ed51d3718b3e2178a7250f1c47657a72eb40e6f2309fe1b57b91554440d6b3be9ab1a3ec3b039496

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\ffmpeg.dll

MD5 bcced7257ad562609b49530c769a07c7
SHA1 74ca4b7b6b89aa803e2bd148afecb180c2587639
SHA256 f2376791fa4e38a816a2ed15d2ced7cec2f9e381532858e7b4b137d535e8ae89
SHA512 54bc69568e15f86560e67ddc70f73a9f2a2445a8b02d28b55b217dd6fb59581ebd6012a55f72141d38b613f8edb347944e450e0764ea95ebbb8a239fc15f50e2

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\libGLESv2.dll

MD5 15333b35b64df8332c200e8bb510c92c
SHA1 fdc3573b71d1a060534b8dac4740c891ba97d10a
SHA256 63b837c99fdd1d4e7de28021dd411377b22a94ae35c25263b0ea1b4375bba7a5
SHA512 cb5838b0531a1c93d2347b385d4e8f7676ac2cbd9d99e3e9fa59081fe1c52c0cba8f7dce2acbd1d289e4660307c78ceab464c8c35b73bef6e717b71b7c4dfaa8

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\LICENSES.chromium.html

MD5 5b1587ae754f69743f1a1f3985c05492
SHA1 8dc3942a359f2c125f11beab87abc3eb2e84a57b
SHA256 8116d3c61b1782dc81f915085a3e4680c8b885b2834b969e2bc9360b227db780
SHA512 528d8d1951939dff97c3c02764364c60e497cf263f6f9eee86ef9662b4bfe8bccdaf674b58f1eee9e03cf2e9210141d6054d52c9f0fb585b228d1f2300840909

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\snapshot_blob.bin

MD5 19f1e25cc7c427dbfb519ce6dc2c7e64
SHA1 5578aa048412482650bb51b04ccbf038155f5c8b
SHA256 b6531c8ff3a288d00e4625cfc5019ccdac9cb8a53e723792616aace3b27f90c3
SHA512 ef07c82a8a3f36bc8492d0c0a964ee57c3bae3188c7c67eb555b9d117739b5a09e44183dbf9f2cf17ac386d7d777b62b534b2f55edec977c75ec3d6b5b535620

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\resources.pak

MD5 5af3109809c10286cd5115d204297175
SHA1 71dd89e5ae8ca7cd92b15d25b4b7ab829dc46ea0
SHA256 ec207cc566c9e65990422a6f93a01875ee9c06477b19577cccf9d7b390f11f8d
SHA512 da71ad0ac05eb645c8763f70a6f7035a85804da113afd28e5d83d106bb3c9c350dfaa4e6efd41b98ecd12ccd5d61fe449deea4adfb8935af34939af2a7cbb6e4

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\v8_context_snapshot.bin

MD5 c384ae622a7a6c7ec328678af12922c2
SHA1 25165dcaf78d3d29a16e4f979370e0b009ede240
SHA256 977a027c50bd79e93ec015fbebaccfaaa8885b88c76f7e5a2c33337d6d5173c3
SHA512 d0571f5e18dcf14a591a76243d52094bb843b0779630f31cbb66fd738c1c35d10bb7ef751eb01a953305ee19f2777f4d3ca6f9b132199b2af357c0b03185d9a7

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\vk_swiftshader.dll

MD5 6c834da1d76c6537a09d881cfe984191
SHA1 8652b1bdab35d9f75831b5a98ea7be404d969bc7
SHA256 7244b63004b6fa9cc77fb93d8fc1723f4898c8795169bf1dc4af650468720f9d
SHA512 eeb57c7c0ba7031c55db30ad67894af92906cefe24eab39770c66b499664a29b596841ea96c06941026f3f75f8b3f9b81ea3f532a65c6ec454887196e83d7808

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\vulkan-1.dll

MD5 ad4a5dcf631afd553b4fed8a269c7897
SHA1 f1bded0b28ee8aed4a52a6d19d871eba4828e0f2
SHA256 3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db
SHA512 8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\bg.pak

MD5 8448caa7a70f74dc0c6e453e7487bedb
SHA1 a7f67df94ee9532d26c6e6e827d61414f4516d0c
SHA256 19f49a247dfa1328799a1be9a556d940618ceefc04a5dfd813e5c023d086a41a
SHA512 337293839e64f514152c7558f2d1cbb301730675936ecfc11242d1346c9da535896dddaa8ad563a40303cdc8884f80af679c324b31325d40b7141a8738ab14bf

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ar.pak

MD5 d7eecfb7cc52b3dfb69d8047dc6aa12d
SHA1 fa5e4e98395c4bb14259c2e3c36fc84b55f0c3d5
SHA256 e38cd21fb917db4671ab331ee505948e109e2a0c6a2f3ad0e64d09863efb7df8
SHA512 2ebc6f7749e50bb3a9c27d2235be1478fc2d58a7b6f5c4cbbda09ad4f28ee3873881dda16ea668eeb63dd259a23ac68c73e4ab4295d51a22c36284d9c8667ed1

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\am.pak

MD5 b319cd4192f5bd03bab4644ee51e4ebc
SHA1 49c52f43f542022a97d2ae18a56a266deb901496
SHA256 ab1d0f3bedb5806fa7268773b6193928cdb40e641d8563c14df1bf962434d5f2
SHA512 3fe8284422bb7de7f2e3e121b8657b7686586d597b4d453b2e38f119fd25bddd61c1218f22cc8e4bbf37f393411bb866c0d6c166207b5bbfeb45f5459e29e370

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\da.pak

MD5 66e780528890dc0f484a3d6938ac281a
SHA1 5f46f7915cf101b88d29213b457f37e24d5a083e
SHA256 e698945093c1f562d0e591c03d9670a9b01d0eaa56a2c80c1d12d91d88b7b407
SHA512 9cbc2b054bd3f9d39050a4a189fcf0127a43b9991ecdc9453679c53b38cf8a25138057648a756e01fc9b4825c009a8894ef68b94faca83cd35d268fb05556af1

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\cs.pak

MD5 2c9e55ed46954a8eaa27105f3f074ca2
SHA1 bb4a36964cd1e8f140c9937586b5215fbd7a9632
SHA256 86f1847450d5c341893fa097fa6d4e0964963c0c2466a985d014dab0b65f34e6
SHA512 cf7141a3db9d44c0940e88ded1f326b5ca4031d18f8a8236b313c6a6c41289e9dfd12c3367181edcbd5425deb584b082df004bd6db0ca55a1da151703af575bf

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ca.pak

MD5 90d8b16ace2fc684d0ddde0d71f64831
SHA1 ead7dbeffb3c102d3547c8c256135991b547ade9
SHA256 020350f4a902c79e0f1f5366e209b2c309ac51b6e72d9ccf51cdde2fab756e3e
SHA512 bfeec65e7c001d7a29c18e6bfc2b4c6688c828419d0e9823d524a7b35c24a3303c1cfb8f14a98d965d4ab41c5110842ec64cb7a2928309b0bd31291e85b168b7

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\bn.pak

MD5 124d35950327fec461c07dfb6dde72eb
SHA1 f3d7791dd6bdf88f65a62ec2e8170ee445b6a37a
SHA256 def934201f35a643c8b097be42fe86f2a08cef5523cb61e2d94cb33ae373f502
SHA512 05a993c9ba52083b8a7f0b3662eb8e4a873d23f309d334cb4e4088fa5e33d8503fdc6d19f247c4920cdd91a165995c514b2a061c26fc44f89e864516ffdde9b6

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\en-US.pak

MD5 b58cb46758c6bc8fe4385ec2ce4e50b7
SHA1 34026e96e02220cea46a31c2319f695ca2e0a914
SHA256 e34c459684971971765943e8b5b2d1751b329a9502f0fd6649679823f725b8c3
SHA512 702384f9d6d77da08fc8c49a5f65957c56e363e1ad37f9d0611092d248db1f79636a6cf336e55669e002194f589f584b5663b4d77e54fa95e18f84eb4864d7f5

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\en-GB.pak

MD5 05f7b55019ba0a9da84073cec0a954c3
SHA1 b46462fa8c614161ec42fa791e4ce3163c92ea8c
SHA256 a690e642a6b781efc3da2e8c83e554d6e8b9ae6ac34f6f0a4f327dd9ea7cb7f1
SHA512 30e93503db60b8c7a8dc902efa960583316cb83337eca102f0bdafc47d3b59ad5ea1eb99b5b9deb0ff66345d551485963e4c61ce555298880aafcd298057fd34

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\el.pak

MD5 b3724a4dcb17bd341da403acfdff0bf5
SHA1 05fc9eb29381f1befbafb937c564a87205779264
SHA256 0adb6e5173572ab4a3df5671cf053196f158294bc1e07275a7e6fb6d8da81b06
SHA512 3ccd57eb43840573bbd7e6d8b24028213acf58040b2795a975ca4750e4a9500d8af74bebac1b47f2d9b87204c68707d53b0d927c0aeac1fa1bfdb1c899e66f37

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\de.pak

MD5 8e560e240bb79e453167f70409226619
SHA1 bde183d2191d42797a300f0c4cd83e1db278c928
SHA256 61c4a4b5c309128ba86a5345db04798be0680905543c6986f7b3cc4b1ba72729
SHA512 5564555eb203fe86e9630dc223e4012c7e3501d68554b6b7138a3c6064d39b868e7e2e0e8b994169e918e9c6f67066440b89c7ab10f48731a84fab84c2e7ff82

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\gu.pak

MD5 10c1dc999bc7ab62e1f26b0497afa7bb
SHA1 68da1055b8acdf016b152a2f401322d3d76885b5
SHA256 b9690f3c550deb0827e409015abf3bcaab01c9acd33e96932e85ac84ff4c7831
SHA512 c10a956fdfab446b74f1dd2a169201f0b7ddc4ff1d7a635b9c81f07942ea0d34ea327e2e7f07e3a672ac85c8b8ce7a0e871d02946da4fb5e8e75713e56cbce61

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\fr.pak

MD5 a17cca5f1db7cedccda9c5a7784bebd0
SHA1 c5e0a0d24a14a535406886c00ad10d20638341b4
SHA256 e8da96855f7238a6ee3162b08d46e5ab84d98179dabf535060ef5fccdb36bc79
SHA512 0bb2217e44f1c8cd9e4cc2127454e1fd137c6fa101914bd230b9089d6317f599c9dfdddafe3d5cbc0fdc036e7b4f6e5cb528bddc572b5e26c8e0322f1a7d0b97

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\fil.pak

MD5 7c3df3c13393e1b24e4e96f2b9082a6a
SHA1 caae1c99b589e14184e9f2c89f698a2558f4ec3c
SHA256 27196aee4a6248bee44ea2b5a3de90ccc2cd53f8ce1beeb796aa4d7e25bd43ae
SHA512 2d85d37d9560cd6ff460e32c3c569851ae28d794b5319ce74c010cad527c4004e54c993d5440bd22d6e51d86c4c4683f8db03c38abca4839a10e2efe46ae35e4

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\fi.pak

MD5 a3b5292c5e2e981dc4ce9504f638a542
SHA1 6cf480f3d7cb5df71bdd4089a1821f2eb2dacecc
SHA256 f4f2438a3810ccda4740442cdd964e43883cdeb820715cbd7be03cfa6b1e55ed
SHA512 6ed819896e2aa72d73bd2af731f7f714119fbe7d1fce5909d1a9d9ecb99c6369505e6d33f1f9ebadcb0da608f9aec365bc6cb5f6e22373d577cced7e317772c4

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\fa.pak

MD5 46412682e8d0743714fc28a520aeb35d
SHA1 dc6bd723efd460a56d205bc199e3be4c98698ba4
SHA256 9861d5260b98b384603ef02e97dac0295fd255e550b57fd427bbef24b1cd7b17
SHA512 c77c5344c6a7af4035f865aa7e3a3aaab39b11c4a3bdd94aa99f15dbc6ec7cf4b6057ff48fd55e2ff41041728fecf80dcd488578dc1db249ab1b7598fa438f14

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\et.pak

MD5 3ca246cd997a68bb4a6daa8b3b81908d
SHA1 842bf5f6bdd29ccccb24ea412497acdb37a5f805
SHA256 25c1e1306160779466d8c039ea296db65d12dcf21d2ad794a36ab62b1a7901fe
SHA512 32135a0c29bf666833292b557634d4510c185f711d7ad8625e981811ea082dca0d1714f481c9c8ce8b3acefd18469093d48fc05bc0160ffb87d1e2b90f4cba1c

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\es.pak

MD5 09e0feb85585bb4a220a3ab3f21adb9b
SHA1 e564afb37d5f5305585ad1081a26b34ebee73ccf
SHA256 cf7ea140dceac78042e0d35da45a4fe732eb04e1d2b138bee4cc2dc5e7e9a0fa
SHA512 8317bd2b4f509edabac1a74ec32bcfd54b14598799537d90178ec349cd71fe967d5c677403c85e305a6f2e94722c20a83e65c0bdb29a6265c5355683856f4ade

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\es-419.pak

MD5 f9958dd6ce0ce1acea070bbf317b1160
SHA1 0dbc4020e505a053cdbe6a0a9506829498a8a25c
SHA256 ea868929f537d48e846f86020762c59c77a0ec67765c3af22e08fcc853f94c2e
SHA512 35a6e5fdff6b4e3a076eea70b7c551f1d303b4db4e63aabbbde54b4fefe40d750a03440bed7851f12750661ff8b87c5ce3382b0c71d0e171f729a7a82f968cf6

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\hi.pak

MD5 815dfb3eeb9a69919ecf2562b6d4ad34
SHA1 2d0fb4c2a19b7a991974783b51b13c7b3610b686
SHA256 a480e95a5cf338a90f7d077e4147f45696db9ad6e8cae1765ccc5ef05fb48505
SHA512 0e6c8374ed7f6f3b523c2dd5455b598ab0650da8ce3a8243a1a42c6327db9a694947a508a90edf95685c84120cc73964a16c7ec49835ea398dcc6186d08ef1b0

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\hr.pak

MD5 ebdf0ad52e9a0f8c8735614775ff5a94
SHA1 787feb9f703daa094814464b090aa5d36725e007
SHA256 b9c21e5187e8649157f5e49e014b8c285866ec839638344a31234b60a17e7d47
SHA512 e2853884687393fa2b0f8e4b27af5664c223fd5bb2862e5ef788f912771eb9d61e7ca1fc39f29ab679f49986b5a95b9da44727c69c99dfd3bb8ea2f4e974ada3

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\lv.pak

MD5 fe9ff0063f35ba05d27cba720e2e69d5
SHA1 16a87c24f027eda9865df7090ac8023c7ae5b57b
SHA256 43bf3b7181b607d8769da6c2cf671e2a429439aee253dd774ab5bf5aa5fedde0
SHA512 794b1b87ca400798574be56cf8da9adef78f1f9f91dd42fb23e6355caf0455f8d982f2b3d9bc252673704375eb4ccf32d58ed1cbbadf8780590e5777ef41c035

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\pt-BR.pak

MD5 7b7bf21b01ccfb27af8cd37d738f1106
SHA1 da1db09ee88c005610ed08dcde1b2cd73bcebd84
SHA256 1feb01da1f443fee8ff01c3b585d8f0ebe6a5e242483cf6f0f93088e76913e76
SHA512 ea0bf1357616fd33b41c7189eafd2948324bbfdedb043974dcd0f78693fe868a4d37ee2c0e979d9795cad63cbe70fba0794641beece737886cf92bc29622e464

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\sk.pak

MD5 3ee3730ba0f6894f2651e4e1be37a214
SHA1 3a3adb77fcb6d0514a221e6671d815a1cb7a2c35
SHA256 23c8d9722e0a2e22fbc8ae1bebb9cff456fe026c986a211565fa9398376e64af
SHA512 000928407693007645230ab593a6055e6005e6c2cb362057ce8a1915ad96030a03b134ee20e3197daac9920c69df188867d3c5a603a3e36c2eccb0bdcd549206

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ru.pak

MD5 d269143626296c69906523810139e9af
SHA1 43abe13a4837892644774bf06eb89cafec49ac95
SHA256 b1bd2d1cc678784ab73a691d4a3dc876be78eee0a30661ac2666a9b8ab864ecf
SHA512 76b0cc1841dba7d4b4175b0c10d6c36c7f3e8ea4ad0b4e4c091391e2754913cb6c02f0285b73372d604a395b23995998090a0c68b607b4106226b7ac67ceff23

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\sw.pak

MD5 89c5dce32ff87d5fb2b8e815f7e4cbab
SHA1 ca3138ea6103a5ba39e35c53e980b44c9889d386
SHA256 ca8d57f632880f7b736ef7f8c5f35ddc867e50919b1f7d835bae76f823ebed13
SHA512 9e3ded0e33f9441f31e95317ac6a7a140ee5c63bea8b1bf8c03952804fb6783e61e7971d5cbe1c698d3c4067233b78bf37099054fcfe38b091829f5435e6d435

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\uk.pak

MD5 ba2462d8b3b975bb265bcce6a3410cf6
SHA1 3caba82b3e14350a33711db68d98e6d211ac9fe5
SHA256 1dc63c538f6b96cf4e70284c078a6e18f58f599db2a2ec594da23b244944c9cc
SHA512 a46441e2c97032928dfc19b178cd3261887b7076917a4fe829083151c8298703c3921001cd62c630b35504444f069973605b487c954623ce16682491fccb7d50

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\zh-TW.pak

MD5 ad19e8ac7f2b5e5f67b9f5671299d19e
SHA1 4a6936a4971c2b9a414f40de3eb5dafe1b5b3e52
SHA256 e30d22153e0860246c8c37855a385471ad1e74e1eadf56476a1ea980f9204d86
SHA512 4f283deaad6ef0327baf7cdfef063293d27c1746431261553a6c7925832fe77c8017c6d11f36c5ec657ecd3b563099c9e35bd2cbe52c12ee734f4bef9bffe077

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\zh-CN.pak

MD5 c82a124cc6e87ad403a67007b9c1fdb0
SHA1 1d4f1c0a3cda7d4a75a0f4035bc6d2718102f09c
SHA256 f597245963ca7b42b2a7e5e80af5258972002fd4bcd3a21c875e4051df3eb1a9
SHA512 5e45df31658039144316299879b4f1de7eb157fb830d08e8d93d3ccc2e033b1f8e2f59d29e11785ac8346988d5ba2afc373c01bc4a58ba3cc4439d9aff1ada87

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\vi.pak

MD5 806b7d282e74565b95264ebbe6794d48
SHA1 3aabe2d802283fb9b3ef43932c1b7638ef6a1053
SHA256 7b4bf97b78a07422359b709ea17d1d6aa038e12ec420cd0fc7dce4b313fe4af7
SHA512 7380b7a2b239932d1167f194f81a1c867983fe318a1e48d246470de0c94837edd6c0a641e06f888e36ff5041fc2a69d19cf1a46bef816d07fd3ecda42b84e524

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\tr.pak

MD5 2bcae092530d06fba9b23492ac4a1d6a
SHA1 4114af7364210a4bcd10099911083de2abc25d40
SHA256 65105386d6b52445fdc7660648259b43a04849a05035d749858d9f64d4209836
SHA512 e87778246b98d87f2f29e2abb02290b829cdcb753fd9b184fec61b0523452e262527432b73a11eba86d547ffce2ce00b4180ae8367419e2174b825ed290345b3

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\th.pak

MD5 1a66feba0d44231b935d83a7f36a09a0
SHA1 3e674234b10350ebec218c904a9c90f3edd29711
SHA256 11fd04f3b33d09041d646d34e61fa15b96c12dbc62e229b64306356de6155cac
SHA512 b7617094a6d27670c0720dc5dade4a866ecdd68c45c1b9e6dfe1c3074dd1957bd7459210d111ef33727122666b24c2449cce9f3e903aae59dcbe438b38c8a021

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\te.pak

MD5 1eccb7be373fc3144ada2df9e493cc07
SHA1 eef3e05afdf910671a046cf90291c17731bdb378
SHA256 bd0a936ab62ab6ab172a192b7c082b824706f6b3d88580a6b6be32809354fc2a
SHA512 ea30d14fb7c2ad54263e12eb8469e6b058afb30448900b55d944aa87e266d735f2a04d2f29303087f2d13f379483d681285182e6ad2bb25bf36e311828e2a08f

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ta.pak

MD5 3dcd0523ccad674f2e93de57ad0082fe
SHA1 fd4a28ee288a1f33ee7260ae80df93aae9718039
SHA256 72ef4527f01018c90c583e48f37d20bfa684012bc00cb9ab5ffa3e222b9c7f3a
SHA512 2ec95b89051b019e98e6a1852e5e89e1c985a10998af1cb2603e5766698a2880355d8e6b959e60e9edb84354e99d0286708027c39a8add816c172ad1efe35b49

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\sv.pak

MD5 007d56b78104f7e245f7c84f07949f25
SHA1 8e3104a8c26f8418f44e19640d9babcd68a640c1
SHA256 e6c9329d7184190a0282f6440dcad5531f9656514a37b7dcb5a510ef17f3793c
SHA512 30c492d48aff33af8a0290cbe29864ff5c7d46dc50f5c4c6d5c96e6aa273926840b28b78958070e1534038e66c0142ab65153d32d28b56fb5dca28844370a946

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\sr.pak

MD5 0cf9aea120b76672d2b5e30e928459c5
SHA1 0219aaa5d84847fe86762baa82b7b8b301239c9d
SHA256 b6aeb180462d8f312762a419b45c910929e2322d45bbf2b84b0871ccf7838945
SHA512 e79a0800571ab7b64602db4941b689231edb20d65a89272b7dcae53426b7811791df8f6ef174c83680a6adf931efc3d47f133b971254c139e8b04953b8a10979

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\sl.pak

MD5 c20064c5c0dae644ce4ccc0a2234c128
SHA1 a50411c1431ae1f4fac74a34f1716809a0623380
SHA256 576891a9a61b9cd50024e507e93d32476332977db8e29ef3d46427015d4d26e6
SHA512 04f979cfc813c6b1d3a5d9b3b306c415529a1fb72e415e2742ee25ccebf04bbe3abca91bd66aa3633a97a1383f3c4b915319b8d0b25c0ef6eb8c2e08312dc01e

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ro.pak

MD5 1ab0cbe10cb7c3d5beadc7b04a881885
SHA1 eca1fe3842b4a1b070a0f9ba1a27fd3e6284ba80
SHA256 9a80b326b712debc0d6e9639b45352fed1c4a49ec37490b49b8506c636fd2947
SHA512 581e42422db7ead773990036ce49a5d2589f3af610604582a4820dcee1c37d2923fbace738a42cb8b87407915e1693bbca6a2234a0716c7c8d875ca30915289b

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\pt-PT.pak

MD5 b7598cb8f05f465909ddb0045d60162e
SHA1 b794c944dd5287e550a3e46bc9a0584d3d753eb1
SHA256 c338f6de946cca52c457d236037cf1c9f13b6c73796b713f390524f321b401d6
SHA512 a53e9d6af760c4aebd418de134ba23ebc27076b02082e9eb1afb1bb7ec93a45ea22a4961c49023d7ca8b2d3aa99462ec35180797982a481ae823ac19b4b96f84

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\pl.pak

MD5 def25f809c246d15d8a2f41a78b504c9
SHA1 4462b50e5613b1519987584d974fa0efd1812ced
SHA256 165005f81f071a315d0c4183fb3bc899e464c4cbf2dc450ffa09ae6bb5d517d2
SHA512 e6f17d5426ba98348209a51632db0cfe19287baf3752948bd76acb77b7eca51aae905adf7c316b17cc44856231d034f044cc056b0e0f1ce3b4999dea29597cc9

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\nl.pak

MD5 6e404adeb945cb7952a8c4129e098759
SHA1 a870715beab03f3a53c74b5aac2f314b517184b3
SHA256 7531e450f725f7ac75ceaeceb09155786d367a4456f4e71e7523af9219748434
SHA512 30917740d923ca25fb9f3c32bca100d58388f5c6d3516a29f3a39d1ca8ab3e4058b271224c8b9554479d91718cca3dc1c9cb08b38b19ccc36a0d57ed0146ab70

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\nb.pak

MD5 23d5480b833f65f1f55cc3bbfbdf53c0
SHA1 639eff4556e4d6c879abf305176f23c014927042
SHA256 7ce821732e743c2da1f81527355226df11a21eec137940a034afeb34618c5daa
SHA512 b46b25a4dc294dab0f34e5ec733dfe7e1c73c6ce2817640a620e9a0c196292a7a4737f0f10806efba4d5831d5a2f0833925083983927b0d74cbc5c46e9c8b953

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ms.pak

MD5 63c4977a1e8f5ab37881705d084b47ca
SHA1 f716932d886b8a5441397dd6a8625cef88e85bcb
SHA256 8b18fef24ad28663e4dc5a5113a35111a78b848d70ea7fef4156ad75bdb4fea9
SHA512 3afd4f8db5a0880319b13009bcdc14892b8710b2ac91dea8641f1f632866ac564791f1d302e1208aeeb9977e613fefd6bc7c0a0fd5cb5d031a768362bc0d85ed

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\mr.pak

MD5 da44d4ade4c258629118dbf534f0c2cb
SHA1 d93756c9d2d2db7755b4b7d47042a451435cca7d
SHA256 fcf1d938863cbc4d4a1d62de0eacbfd17fee4a0f5a9fcc09627bc22a98e268c4
SHA512 827c291ccfea31799e2fd48ee35aa179006a7bb3420c0346b5f1291abb4560f84b952a2bae820ef129ad77719edb16873328e7f0d030f9e2970e0c620fe59328

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ml.pak

MD5 a66617706e80fd5ff8ab6ba8dadafef8
SHA1 3718d0afa1bff72ad7164e41cb46981811583422
SHA256 51b2c600046abfa5774b85665d4c882daa3c90bad5559185f9335ff61f04fede
SHA512 4de6fabef9db34791d0d165b5064e68ffa19630482219e4c72e6dc0f9e9e56b1941297862bb2e267cc02c3d3327193a233f642b11cf74e1892270721a2d7dc74

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\lt.pak

MD5 720c1b3c95e8613f2cd9e40f3d160ed6
SHA1 1ea62b51f1a2c80b92e3348de260032427a9c79f
SHA256 51027bfd566fa26cd561f9bbfd2b4a6d2e41e0ddd786b7338cecc43423b3e6d5
SHA512 32ad5243df09d642e058550d2ec58a8a8de00cc442da551c195958a95af7c82c4d2b63b27d474a065b0ced5680d3e005b2a36301d02fca09413e165089f47822

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ko.pak

MD5 e2a95b73f9081efce223a180b7791c16
SHA1 addd6ac05707597b917ff9f7c3f7524be26df7ca
SHA256 afac9566a4e1fdb2be75faee46bf9182f81b85373d60cb583f1051b12d9719e9
SHA512 70eb91347c21f0e648e9fcf82ffbef5e3eeb6c0268f85fddc7ad4eaea2e22eadeab653476196240a75361505f40b0bdf8602b0f414faaa77354f0fe76ba4e09c

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\kn.pak

MD5 5a599f47d2e2ff1aaf4c8ccf8bafd10c
SHA1 32aa52f2e90348725eb619187272e9c5a7396bd9
SHA256 e55425a4ab6425f60a9389e5c19dcd5bf437816ae09a21cd53750819040143d2
SHA512 7ecb69b70d5782e22ef9047fbfa29c0778e894c5cd987d33d65e68616ba2a42a133abe16f2af70aee4fdcb34c7e8e3d3bc3c556c754a010132610628516ad456

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\ja.pak

MD5 640bb80728453be0104566caeeb8eb82
SHA1 362b46036c58421f4b0f9b2f714b21e244aeee44
SHA256 1bfb337c19c9d04bc53df2d2eca6b73c11df33b6fd07a6a3fce5427ef0f38cd4
SHA512 1bd764ec56166ac59fd2acb1ac81140bab2ba7f326c0bbdc9cd30ff6246fcdd98e49310b0528fb0d8a9256ac06ca3e145a3906a1815dbe395d989443650f81b0

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\it.pak

MD5 5b03bfc915b62aceb06b9c670fb77e33
SHA1 9c88ef98dea5a7d7be8571354ad3c033033a40b8
SHA256 1f9a38c852c05577aba397c388b35037eec6b9d90593800b5b57bac437b42684
SHA512 b22c4db0b56c136e9263a15bb2a31a9213ac20321b189cb0572bd1f0b0b9989a7e698d94750d9c5d01557f4b247abf9a8cff1940bab03fdb737a8276d96ed1d0

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\id.pak

MD5 39378b548f712608903ee8aa25db212d
SHA1 7f5a3466a4c8609c6bab7ed3dbc9fed52cfe1e62
SHA256 426a302448ec17e313724b38bda9ad4d5c031da48a1ed3690b547b51a06229a2
SHA512 7d2d823445316f5a63df286af2f1e28b90b8e3a04aabc835020b17f690d95f7ba2d0261876495345876cf826fc57dd0a9577e79af7e609adb8c71b8b4ff03550

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\hu.pak

MD5 4b5fea4bd49738337ab10bb3f1e6bda4
SHA1 0f27220019e099b658a9c563995dc2b022fb1d68
SHA256 e526c9c9a8c4d27c432d3cc30766fbdec6c536b696a7ccb7e9376f0e55147b90
SHA512 4e271f8ca0028ff5b8a86e8610174739d2d2b7a267381562bbac3543d03f6895b3361c2f6fcfbcaea6f5aad1690e878ae0de5c905de12b213c2c5c396caafa66

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\locales\he.pak

MD5 5db44f8dc63c819b0ae2a5458e36447f
SHA1 6b440ad4bdef6acd31ca8be5d085db26a49a209b
SHA256 bee5f133cc85f8ca280f9f41df6790aa65161fe8dac8dea7e26fc609240e84a1
SHA512 cd0d104597c5c926480443b5d1a16526ec0e48c3d6dca6233ec7cfa63f01f2f5674d9ac9a86a45b789a94fcb3b63aeaf92351bac2f4920a25dd8d4fcd1edce19

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\resources\app.asar

MD5 071313dfadd8c156954743d9fe207e88
SHA1 35427e510e7036a90a0075847cd5b4a05e59a7ec
SHA256 a578b5ed44c7cc518bd8924efa4310cb61321ab85ecd407cf5944ba5f1ad5899
SHA512 da15748bcbdf2ef3d3c7b717dcf4d60e77291e0b9c00a57bc95e0f598321dc9124cb6b864114b64a2260e09580ae8642399a7ccc45dfdb44bf5903f1cfcb0954

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 d226502c9bf2ae0a7f029bd7930be88e
SHA1 6be773fb30c7693b338f7c911b253e4f430c2f9b
SHA256 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
SHA512 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\swiftshader\libEGL.dll

MD5 2ffc36c5555a36a4f26c1aa7a8108b4a
SHA1 2ec38b17a0e9d5b0a4c397921aa4430607d32edc
SHA256 f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5
SHA512 0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 41d3387761bbb79d4820e8d242561027
SHA1 27dfda8ce933af12578fb64f3171f40f56bace55
SHA256 ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5
SHA512 cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944

C:\Users\Admin\AppData\Local\Temp\nsdA4C8.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 9ea6f84efcbe0ac14f0f1cdfe8bf4ef5
SHA1 8cf9524534a6f74249ebd4c44dde4c12c559fc21
SHA256 67523ca177c8cd7e0f29629f1845b6cc2b9bf9be41305687fe745ba18a393f18
SHA512 224f054c85cf84caeb8f6075a34953808e510959a4ae6344c4a13360017a75e49f37f5efd28c2ed56b0127b2d153a692f8ce4cdc71681db8e4fc5ba2ab8d7d77

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\ffmpeg.dll

MD5 63134edc0f4004168c2df11140011372
SHA1 15cbc3451e89d66223c33504d3c739f1ebd6b268
SHA256 cf5d66c9c465160a76d2c9dd9c23a53a205ed56258e7aaf8fda91c997ec19d9f
SHA512 9a52587642d5ce2856409c38142008b1392e7e0057b09f3e28ecf8116a8ae3e50baa36af4d5b23a127f7b2ec41d25669425de60beaf4511d9e93911a8432b0e7

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\ffmpeg.dll

MD5 12cb29b61007fd6cd166882635241038
SHA1 31bacefd2d7238fb5ac77f728bb39a27b400dbb0
SHA256 2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c
SHA512 cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 957af3b302a425b7600b61817caf8c89
SHA1 0c68544f6bcd943cf505b0cb4639e330a273f37b
SHA256 b7ffba6cb04ff2ab068065b03d04b6a8c66078811d4f6623de6b482a7731454b
SHA512 eea8fa3e5d3cdb1eced64cfe8e0a06344f010bd9c4ce0b7748aac6735631448976a77f7d60782d8229fe151904fa7897791db250fa7ddeae0490b4c856e95466

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\icudtl.dat

MD5 09428f268f1681f1883d997cf24a1679
SHA1 7f1441468765182f57567c396156f39242dabb90
SHA256 be2b63fa596c0db9f221038f6d71319862e5cdb2d73391e38589fe927c895b15
SHA512 a657537170eb68029e0cf2306bdf049bf35668fd3f84df1953923d2e6aeeb7567faf706f7e1e5ef51dff21e23468f8c2bef821b32ae28e6a6529790965a1b2f1

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar

MD5 31d25d8431a85f96e3a88896ee53f6ef
SHA1 80497f043a1c0544dbbada762c73649b164846ce
SHA256 a06c94d03aefb951f65e7eb9daee96031863e27931416207543421e27a50921f
SHA512 e15c25d00ce1ce64e6dbcff8144ab0a3052521ee5f38a125fe33020e6403d98f510dd57a0052ffd2ed6c0648347caf3af7abbc8a7453db6ab19074548c8df115

\Users\Admin\AppData\Local\Temp\fd0ad6fd-0ba7-4e24-9cc3-b468f9ae9949.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

\Users\Admin\AppData\Local\Temp\72c1769e-e605-432e-8cd5-03a647175c82.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources.pak

MD5 5b050dbfbe9e88c69651aa125f5dc6b9
SHA1 6bdf422181a9f0c73617d1c8de50645c28ce57bf
SHA256 d3842de928092da248ad39c6a5f7e8c83abfbbddce85bbf06d36359cb080a450
SHA512 a9dc9aed9506c2b50061eb295548f7ee851f7beda0e2ec984d0334ef6125388834b2b209a498bb9b08b82b5ef2b340d5301b6d10dc9cf19692eae6039af85a6f

memory/2136-574-0x0000000000060000-0x0000000000061000-memory.dmp

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 f8085366f055aa87f3aefa025abc642a
SHA1 cb3dd092fc6bf5ea122b4c3c13090261ceee66f3
SHA256 f015df0fece90586c912adc4dadc5eac646bc3108ca03676d199567d38278a2a
SHA512 8e4f89d6a8693e19243f8caa09c02a07057baafd5b8e21a5bb3388ad114b622eb1c20442f64f457c502aacc1a398a22938c6ee3b18918d026dce0e9b365bc01b

memory/2236-626-0x0000000002650000-0x0000000002651000-memory.dmp

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\d3dcompiler_47.dll

MD5 a31a2be29c65f772d0ce9ff380109e70
SHA1 0d3b0f0d933340df45e81e445b1ccc14d1e01f69
SHA256 dcc27b0974c2a26946c1f2312d67e45eff9d1a485ee7a14679461e1d122edd52
SHA512 7cd7d44c8e7154e077ebbf4d90ed34caa552b553aac3c395d56c3ecaaf1ea0d6f0dd0160c4a0b39750bc67bf8795741b61666bcf74766404c20a921404433cdf

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\CURRENT~RFf76efcb.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 27dadd7956584c4d85eafd497d944329
SHA1 0fd371559302416746b375def851fe5f6417ff76
SHA256 c3968dbceb3937db7fad13e88d94716c8668ef45a433009c7fcc5256b447b5ed
SHA512 42a7cee3c744760b568b5a4c6da4b03bae2e8574d8d218d8dd691274c6b88352214c30ba6d553591a7df47f26ff49dee4d3acef58aa09f03723f78ee9e5540ae

memory/2136-625-0x00000000776B0000-0x00000000776B1000-memory.dmp

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\libGLESv2.dll

MD5 19c1b79209dc08807cd109c85e0d2540
SHA1 71da8419411bf0201f127f84481bfe0f771b8899
SHA256 e18c3b558a9ec52c476df3bae3bf04eb5ca7247f456c9737afef48754166b1ca
SHA512 204977f6061ffa623bd227ba20e653ec56e2c74914974e422ecff73ae35e8a79a8034ffac782bface6837f408588f7af073ff98b8f29f38395b27a8aaefe12c6

\Users\Admin\AppData\Local\Temp\d09cca18-9fac-4702-901b-4da2de35c6fe.tmp.node

MD5 a6bb36985c113ae46b5463d8b7c879b6
SHA1 f3a6240ba36759744c90d4dae6a0dee4c0732274
SHA256 946705aa9c3e38d9430f0f6fb6c37f2307a2e2a18043511cad106a9d4c199e17
SHA512 6d6dcbe792f6b38e0583d8f7820bedcc3e82cafd9f4d55d3fc94578544834479faea535d3a2346a251d6d34e06d9abe669fa24c7c6785ca42163a4b58fd2f226

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 e3875abb04f19c480cad3b5abc8b2a81
SHA1 445f5dc885617d02b0884c18a8afdeb9c7b6978f
SHA256 0e5913df6fdd28b0494a022c143ac6c1c24d8b353e411c5f7bc829a4cd20de75
SHA512 699c648b7f9f58f0d258d284adf4707d96e72c9537c60dc9765fa020b063f309781037fa76efd81186ad4506acaa7e9c3810b0c0e99fa29b676d56d8fa620c83

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\d3dcompiler_47.dll

MD5 2a0c5dcb4f78774f2ffe7051e05d1dca
SHA1 edee1782eeeb0261b0ed81241bbc524fc80c22aa
SHA256 5e2500d8546f259a2ccab45bfd5254513d7095bc3af9513207f096c912563dcd
SHA512 c6ed392c3571793180a345e7fb806fd0b3ab1b23e88a6e2fd5c4f0dae1ef9b4c946a0bb8b7fe5a1a2da53df16fdefc2184b53dab9a6417c1e7285d59d00c3e99

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 d38a9c523b13f7f67693bd61c2be08e0
SHA1 6ed4bc455d4829e496aa354c74a5fbdd8381f4fc
SHA256 7c303d683957a87c6e6247635fc2cdeb7a0ef24211bd3f24b2181433e400cc97
SHA512 023f17dc72b7a5d9fc0d90b1ee2db2c99ffd06000e446bf6455715a9618684f58c1d00972925edf9766d79afa346b4b3e6d2c309036ae765662ebe6203b14a7e

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\libGLESv2.dll

MD5 2779c91cdae4d0e2c67f677c9d546192
SHA1 d2eb34f1baa620e13c474da186f3034378977976
SHA256 5f5326b70fd003b15c75ed2c45191e4a4f2dcb49c77e16b2a1438bddc1ca9c34
SHA512 dea60c5b8b9cdd28ae823ca6451136ded08c987c2334ffb5d4c631f949ee78d33bb416b376b5f71dcdfb9a13e72d84d15a37045dd371bec4f7cf8da639d4403c

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 d2ac2ddacbf03a625d0585823e19bafd
SHA1 40e177298c329d9d030f963d490a6ac8c1d77ca1
SHA256 6a0da588575c39726e4d1accb8183b28c4e9b24ea34bfe73f2b269afe01fdc4f
SHA512 ddfd29c9c80acfd4805d9fae23e5c1aa5fd62134f04bff5124e366e5a35225f12560bf7a41862b1eb94686a516f8384a44fae99a7f8d6ddb724d207edccdc60d

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\vk_swiftshader.dll

MD5 0acf347c658651461760422cd9a0b305
SHA1 1e1099ff54ea8ebeb508294ad84243241e2b93fc
SHA256 0cdff5eaf248363d94f78e92d45f79bc735b9e9ab60d399683ae04cdab758fca
SHA512 d3265708ecf63b770d8f8d8b9066c8c6b7be52daa3b501c5ff742b61a99ebb0db711220a7a57974d5e42674ea5db907de184c1a6b126268027b9eb8d4c67bbd3

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\vk_swiftshader.dll

MD5 37bba2c66e2364a5b3e6666864f3b604
SHA1 f2ecffd48760482ba055aa50cd78c5ac02d09ba2
SHA256 23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46
SHA512 6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\vk_swiftshader.dll

MD5 28f2e8190a94ef70e808e2cefedf415e
SHA1 a0a51e7142b462fc042c3a91584210942defbc61
SHA256 c007d1ad9f7de3bd30f6bc8f29bc955b0578d5c568fcb0f0f7e8a83f9eba61b9
SHA512 4b1b5350dce8d9a88bccec1bab210c24b3db843dafd698db9a09ed01f2b4635772eefa6ab7cb26146a98b07a3608e11015f734dd95527d1dcf25c0a787ce878c

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\vk_swiftshader.dll

MD5 486ec66f9c5f2e909bed85c065f72655
SHA1 4e13e819e97a845d81ecc4f2957840738a3016af
SHA256 71bb100235ec59e06b9d8badb7f75b24ac8175cc38bac5208f01663eeda3cbbe
SHA512 786c827238eb4caac0efae66a162d52d28725b46b5ec62f1259e31c53f58c4273602c5f2c5b384cb4ac530d053e19ed71590b375f163688e421aa1267d2646a9

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\libGLESv2.dll

MD5 15990cc66fa51ffd737f6f870dea3610
SHA1 0a15bc18218512219a9a79c0f6b24ae4019471a7
SHA256 8724a519cf2d6f182602e6fbf6c4fea3d9c66ba4198cc2b30400a0df0e9ca7c9
SHA512 1758bab90d61edaf2ac62a246079da368e4ca3b2244c43d7ed02e74f6d06866db65d84d939ddae5d19a0a2b99041d6d4bfbaae56e50a94ac39ed040999ccc935

C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCCEA6074679DA408EB3687A6615179FF7.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

memory/2464-933-0x0000000000ED0000-0x0000000000EDA000-memory.dmp

memory/2464-948-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2812-949-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2492-950-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1932-951-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/884-952-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2540-953-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1096-954-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2384-955-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2504-956-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1880-957-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2904-958-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2124-959-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2216-960-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1624-961-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2252-962-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2572-963-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2420-964-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2340-965-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1656-966-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2160-967-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3028-968-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2844-969-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2704-970-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1540-971-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3124-972-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3132-973-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3180-974-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3224-975-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3248-976-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3272-978-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3280-979-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3376-980-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3316-981-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3476-986-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1932-990-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2384-991-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3500-989-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2124-1000-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/884-1001-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-2236-tbo55u.sag4.jpg

MD5 dabdaa372e0a6350ea25255d7c45c4cf
SHA1 d859d31924be44623a88285caaa2af0cca8d7e58
SHA256 78d497f3e70e558b6d3e697577159dea83e61564b199738ca3ce1260b269f1d2
SHA512 f4f0fedbe3dc8d5a2b5dba21c48cbd883094d88ecf6a68a0982fe8a45c8dc1d52bfbd85289b3fc790267b5cb08749d405d1ad977d84b0c2a2f6c459a78fd35e3

memory/1096-1007-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2504-1012-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3720-1013-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3780-1015-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3832-1016-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3916-1017-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3908-1018-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/4016-1019-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3740-1020-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3768-1021-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/3596-1022-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/4044-1037-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1880-1041-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2160-1059-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2904-1061-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1656-1060-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2492-1062-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2420-1065-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2812-1067-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2572-1070-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/1624-1068-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2252-1042-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

memory/2340-1040-0x000007FEF2DC0000-0x000007FEF37AC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-2236-chnmnp.92wlv.jpg

MD5 ae2c1e568b2ab0366e600e5da1c9a067
SHA1 90ff731489f9f72bb44a9caa5777391fc8895e8c
SHA256 b79b78965a0f1daa7cc85863547677cefcee9ac4f8bde6423100c3f80a7d692b
SHA512 4a3f29d825d5b8321932456bb550db0d27e9494f70379ed27101fbf661ae8a04dc01ffcc8079a1fc09108e71291216dc80cd3eed82dfb0b329e166eb9e5dfdd0

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win10v2004-20240412-en

Max time kernel

144s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4864 wrote to memory of 740 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4864 wrote to memory of 740 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4864 wrote to memory of 740 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 740 -ip 740

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 620

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:15

Platform

win10v2004-20240412-en

Max time kernel

170s

Max time network

242s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win7-20240221-en

Max time kernel

118s

Max time network

122s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 2980 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2940 wrote to memory of 2980 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2940 wrote to memory of 2980 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2940 wrote to memory of 2980 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2980 wrote to memory of 3048 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2980 wrote to memory of 3048 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2980 wrote to memory of 3048 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2980 wrote to memory of 3048 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2940 wrote to memory of 2748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
PID 2940 wrote to memory of 2748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
PID 2940 wrote to memory of 2748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1F24.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC1A1FFD0C702C48ADBF8329ECC1935014.TMP"

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe

Network

N/A

Files

\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC1A1FFD0C702C48ADBF8329ECC1935014.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES1F24.tmp

MD5 2fd61f0ed9e8b05abf3d6d95f868add9
SHA1 64185f15e327c6a5a782a619462fd32e23bcdfb2
SHA256 020292f3d766f35a1265dc6f0be16eff98ae87354eec595220f3d26036c0a97d
SHA512 ddb818b1622118622d56172ba961e243c3cd0e08193f21115cb6988f849e9b2f35e7611a13d981075c1205c91266884de29e4b7b1b7624eecccc05a51de578f7

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 024d0664203fcd3e8013352ed03b4020
SHA1 5bc83c1df1f6d5214cbe2ad0bf5bfcef89b2c7ab
SHA256 a3e302a8fa37df81d4c647124e51f43f1924c15758f5105ec31aa3c4a5aaf2b8
SHA512 bee9870e17803478530e62d952043611e3e4059f2774e9b8f169249fc835fb38a3c9eeb115f7242b091c04e3c7ee0d8475589dc70a7906d4b7654d9c5a0e77d5

memory/2748-8-0x0000000000E40000-0x0000000000E4A000-memory.dmp

memory/2748-9-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

memory/2748-10-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:18

Platform

win7-20240221-en

Max time kernel

120s

Max time network

135s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 2076 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2236 wrote to memory of 2076 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2236 wrote to memory of 2076 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2236 -s 84

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win7-20240221-en

Max time kernel

147s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

Signatures

Epsilon Stealer

stealer epsilon

Enumerates VirtualBox registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\SOFTWARE\Wine C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2516 wrote to memory of 2572 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2516 wrote to memory of 2572 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2516 wrote to memory of 2572 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1676 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2044 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2044 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1036 --field-trial-handle=1196,14624797897680127963,2135768061654857636,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1340 --field-trial-handle=1196,14624797897680127963,2135768061654857636,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1556 --field-trial-handle=1196,14624797897680127963,2135768061654857636,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1196,14624797897680127963,2135768061654857636,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-uecjdx.4k268.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2388 --field-trial-handle=1196,14624797897680127963,2135768061654857636,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ewbamh.tizx.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4DC2.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC8F557D76D3D94D6DBBDE5493D45BD65.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-2uod5x.xw6nl.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4DF1.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCB4802849674B4A68A9D7CB6BEE18D45.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-uecjdx.4k268.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ewbamh.tizx.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-2uod5x.xw6nl.jpg"

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1608 --field-trial-handle=1196,14624797897680127963,2135768061654857636,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-scemr8.mynyr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-scemr8.mynyr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1wrp73s.g9jtj.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-zggbtp.euo5k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1wrp73s.g9jtj.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-zggbtp.euo5k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-cq34gc.mbz4t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-cq34gc.mbz4t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1kls9q5.5p7r.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-8tqxod.4xsjw.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-8hdpj.5tk5ip.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-l4ayef.34ut.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-t9dnpo.dmk2.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-dtqwiy.hbni.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1a7hu65.bsrk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-e12xjg.lvqio.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bto0oh.jew4.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-19mctiu.b2ct.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-f762ri.vr9kr.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6b2kuh.6jw78.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1pufo5a.78ze.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ugzzgw.m8m1.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-197757s.5ixy.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14dg9mi.wvdak.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-zrplrc.4d9q.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-r1xbs2.tddk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1kls9q5.5p7r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-2t1tcn.xo6v3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-l4ayef.34ut.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-194xnkj.dios.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1a7hu65.bsrk.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-e12xjg.lvqio.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-b6uy9u.s50s.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-l9pq4t.mznm.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-rb7sb2.551yi.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1tf9smr.xwss.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bto0oh.jew4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-f762ri.vr9kr.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-8hdpj.5tk5ip.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1a9byqv.mxlh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6b2kuh.6jw78.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-r1xbs2.tddk.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-l9pq4t.mznm.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-19mctiu.b2ct.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-b6uy9u.s50s.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1pufo5a.78ze.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14dg9mi.wvdak.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-zrplrc.4d9q.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ugzzgw.m8m1.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-t9dnpo.dmk2.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-8tqxod.4xsjw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-uvlhdx.ggu4.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1prk4rz.tzv.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-88scbd.s8rn.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-zfjrzu.8xgao.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1fgdsjb.x70b.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-sh5hkx.rfj7i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-uvlhdx.ggu4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1prk4rz.tzv.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1a9byqv.mxlh.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1fgdsjb.x70b.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-rb7sb2.551yi.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-dtqwiy.hbni.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1tf9smr.xwss.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-194xnkj.dios.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-197757s.5ixy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-c1izmy.f46bg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-h3n6ch.sh0ti.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-88scbd.s8rn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1yctpsn.nxej.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-2t1tcn.xo6v3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-sfbdcd.iire.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1tn5crz.xkhx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-zfjrzu.8xgao.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1w90qgv.7zjbi.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-d282gd.z64x5.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-19b3i0k.9rne.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-sh5hkx.rfj7i.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-h3n6ch.sh0ti.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-c1izmy.f46bg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1w90qgv.7zjbi.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1yctpsn.nxej.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-15lto38.calkk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-d282gd.z64x5.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-sfbdcd.iire.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-156dwee.qt2s.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-bnome0.4mz3a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-19b3i0k.9rne.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1tn5crz.xkhx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1cfh3qa.ti3j.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vmptdb.dk68.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6nf0d2.j1amj.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ufkbo4.svrf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-bnome0.4mz3a.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-156dwee.qt2s.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vmptdb.dk68.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-15lto38.calkk.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1cfh3qa.ti3j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-dj6vme.8zdea.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ruafeb.hvdt9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-4a881k.rbjra.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-148idbp.abbs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6nf0d2.j1amj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14slb8b.wy7t.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-10mkdu5.1bxc.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14ab571.ff4g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ufkbo4.svrf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-4a881k.rbjra.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-dj6vme.8zdea.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-148idbp.abbs.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ruafeb.hvdt9.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14slb8b.wy7t.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-10mkdu5.1bxc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14ab571.ff4g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-tqxukd.26bja.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-9nlktu.kvcya.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ymnpt7.eyr4b.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ioaref.4bqy.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-rf64zb.6n1xg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1r5nfrd.jq68.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1iot0nd.mu2i.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1uowu9.bbqie.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1xcliet.jpoa.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14ftgpq.rxww.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1x77g9v.bgt9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1uprdpu.ca4e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-tqxukd.26bja.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-14ftgpq.rxww.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1r5nfrd.jq68.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-9nlktu.kvcya.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-11y2hhg.o9nu.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-r0urec.o3d8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ymnpt7.eyr4b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bn0t51.641f.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-cf6ag.tkpzj8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-9g4o42.0and6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-11y2hhg.o9nu.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-r0urec.o3d8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1expgyy.9589.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bp7mv1.wu74.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1j2d039.3eq2.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vq8a44.1xuh.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1e6e8zy.gqdm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1xcliet.jpoa.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1x77g9v.bgt9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-13ev7vi.iu7o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1uowu9.bbqie.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1iot0nd.mu2i.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-rf64zb.6n1xg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1uprdpu.ca4e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-11ytjs5.3x83.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1expgyy.9589.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vq8a44.1xuh.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ioaref.4bqy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-o3cxpd.4by8r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bn0t51.641f.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1e6e8zy.gqdm.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bp7mv1.wu74.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-9g4o42.0and6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1tmny3q.390o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-cf6ag.tkpzj8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1j2d039.3eq2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1xn3vr6.a2hu.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1li4kab.ksv7g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-13ev7vi.iu7o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-2xf1xb.ljw2y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-11ytjs5.3x83.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-mlqfca.jlcv.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1hgmek7.oh68.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-5a2h3a.qems.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-iflctg.joazd.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-v4fd4z.iv47.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1wpjkyq.pe0j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-o3cxpd.4by8r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-pvg6uq.ifa9k.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1as7imd.zg6xg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-9k2cvk.cyqdg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1jt85u0.kd1o.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-uozklo.l9j8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-v4fd4z.iv47.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1tmny3q.390o.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1xn3vr6.a2hu.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-iflctg.joazd.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-mlqfca.jlcv.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-2xf1xb.ljw2y.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1li4kab.ksv7g.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1hgmek7.oh68.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-pvg6uq.ifa9k.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1wpjkyq.pe0j.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1as7imd.zg6xg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-bhdwke.pmge.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bxd9sn.jt11g.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-odsnmt.g4tum.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1eq5l7g.2pchi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-uozklo.l9j8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1jt85u0.kd1o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1rzx4wg.5o53.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1te769k.pm04.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-5a2h3a.qems.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1m9ulz3.3mm5.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-qhdcr2.ptmwh.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-lnoolj.yg37.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-11fw1m8.4bjm.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-coqk0b.k1m2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-odsnmt.g4tum.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1bxd9sn.jt11g.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1eq5l7g.2pchi.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-bhdwke.pmge.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1rzx4wg.5o53.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-jsd97d.6th3.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-17fh4vh.v2u3g.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vg3t5e.is2ff.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ynbk0z.3oy2.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-40pfd4.xmv96.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-r50oir.cuu9c.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1gpnlid.kpns.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-aqlcdy.1vaad.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1jzeaau.3nof.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-5ke9yv.xs8d.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-id5agw.yqxlc.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-grv0et.lcr1b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-9k2cvk.cyqdg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1um1onx.okff.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1te769k.pm04.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1b91i31.ckf8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vfrck3.nrb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-18cv4pa.7jc8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1rlo178.tfv1.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-wepbfh.bkglk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-7thue4.pjzks.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ddqs37.7i2z.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-qizvtx.leqw8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-18kpoke.jif2.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-12j8kj0.qbek.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ky7dfz.1yqu.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1el3kys.vsq1.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1s3hpa1.52ld.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1abq24.w0s52.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vg3t5e.is2ff.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-lnoolj.yg37.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-11fw1m8.4bjm.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-qhdcr2.ptmwh.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-coqk0b.k1m2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1jsnxau.fdh5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ynbk0z.3oy2.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-jsd97d.6th3.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1jzeaau.3nof.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1rlo178.tfv1.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1um1onx.okff.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-u9jj9e.az8rc.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1glwth0.8lt6.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-ypygkc.bw6q.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-lczgm.7l31kq.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-js6pgx.llj9c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1m9ulz3.3mm5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1flde62.8cukk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-grv0et.lcr1b.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-r50oir.cuu9c.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-7thue4.pjzks.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1kz8pk8.sk9j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-aqlcdy.1vaad.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-18cv4pa.7jc8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-40pfd4.xmv96.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-17fh4vh.v2u3g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1mv5l4y.46so.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ky7dfz.1yqu.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ddqs37.7i2z.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-18kpoke.jif2.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1vfrck3.nrb.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1gpnlid.kpns.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1b91i31.ckf8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-12j8kj0.qbek.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1glwth0.8lt6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-xdt4ub.cussi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1flde62.8cukk.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1mv5l4y.46so.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-u9jj9e.az8rc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1gjp3c3.5v3ol.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-k1czrv.1eimn.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-pha15q.0c4w.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-160uhoq.6qv9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-5ke9yv.xs8d.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-qizvtx.leqw8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-2yjqml.2z632.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1s3hpa1.52ld.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-id5agw.yqxlc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1abq24.w0s52.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1jsnxau.fdh5.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1kz8pk8.sk9j.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-lczgm.7l31kq.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1el3kys.vsq1.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-wepbfh.bkglk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-js8e5y.5ixms.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-tf2p1s.rhnu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-js6pgx.llj9c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-vbv4cc.9ssi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-pha15q.0c4w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-17vjqpx.pbjl.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-orra80.4b3ji.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-17vjqpx.pbjl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-afy2xu.z9fd6.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6cawut.hnt0l.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-x51keh.2c2ch.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1o2f9tg.oqd1h.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ma3yez.08yri.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-rwlt5q.rlor.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-s73zxj.hnj8.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ex3fey.zfi0g.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-hn6mpq.l02e.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-nqrwzg.0g98k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-orra80.4b3ji.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-mw7hwy.1sgb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-q2i6d2.sl2em.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1dumd16.qam.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1p6bbs5.a8pv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-x51keh.2c2ch.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6cawut.hnt0l.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-s73zxj.hnj8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-rwlt5q.rlor.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1afr89e.3uyd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-f7vz3k.u4gqt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-tlzfuq.s8pa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ex3fey.zfi0g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6frm5v.bw6bh.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-svjnkk.rfn6.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-15n4fam.xqjj.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-qpquxe.7he9s.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1ozknk.crvyn.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1xlzxd1.054b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-1676-1wgqh78.khkw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-lg47em.jtoef.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-6pqlxu.cyyak.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-jvl9mp.pj8e.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-1676-11xjfl3.mx0fk.jpg" "

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp

Files

\Users\Admin\AppData\Local\Temp\0f73614c-5c2f-4087-8ea2-d46b7fbae888.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

\Users\Admin\AppData\Local\Temp\8aff3ebd-90de-4e5c-88b0-868865a69ff4.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

memory/2624-9-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2624-42-0x0000000077380000-0x0000000077381000-memory.dmp

memory/1676-58-0x0000000002490000-0x0000000002491000-memory.dmp

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\CURRENT~RFf763faf.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

\Users\Admin\AppData\Local\Temp\e5c18ff0-0335-4030-aef5-10d2a79aafeb.tmp.node

MD5 08b28072c6d59fdf06a808182efed01f
SHA1 35253af00af3308a64cff1eda104fd7227abb2f4
SHA256 7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5
SHA512 f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCB4802849674B4A68A9D7CB6BEE18D45.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES4DF1.tmp

MD5 99a4ce1ce2195ab997b7545f7d3a6a6d
SHA1 b9f3180e5f11b263090bf573278cb04fede027c9
SHA256 8672cb607ec4d263a8f10774342d35828c73fe8c341021db5cea409813650bc2
SHA512 abadb1c85a024b9238f0ae9b38645d64333a41208e9fc2656f6785d3815861aeb851324295525e5c07edc64267db95dcc05d7f4513f33265c044816d7b5ff9c2

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 91a1d8b7dc55e8f6737b68e989bd2997
SHA1 fff7cab2a6044664645b1e73fdfaed6297612779
SHA256 a77611e9873a5298621162b67e47c7de43ff1ec7c7932804ab32d63245a4ed5d
SHA512 b776211bbeafe235cd42c89c8530d61bae815ab5fcfeeb9c2b0a52d678630fc4087cbd92f16f1187270a89080c98b619871d34ccf49a61b8d6d893f1b29bfb23

C:\Users\Admin\AppData\Local\Temp\RES4DC2.tmp

MD5 69f7b97c8419365a51a902ec5c123898
SHA1 cdef45e3b4dade6771577c378e5fe9852f23d7f6
SHA256 575f34cf500080a7e8ce43e02ee2271002258c749a29c8928634b66bf5898f7e
SHA512 3c9e1b87759930815070a06cb016e0f62fa385724030306fc39f4563622e476b39b9ab65ac256553af42aeacf79dab5820353bd736acf07b6754249f28f161df

memory/2064-277-0x0000000001340000-0x000000000134A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-1676-zggbtp.euo5k.jpg

MD5 42b63bc9dee2ec1d7cb141e4ce478580
SHA1 c099f20681adc14349c9a7c6dbf4f03191465ce4
SHA256 5ee1247ed338ef5f66f4202428c7faaa122faca27df73de5d2bca0b10cbeeb68
SHA512 6367dfbe2184a9829af351e32072b094f47812861b592e7332f4c9b4e6d4e1fc79e9089de632e58a14422d7cf2dcd2dbd3072932951c609d242cd39981c4ce87

memory/452-300-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1848-301-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2464-309-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2668-316-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1104-304-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2064-299-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2656-320-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1124-326-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-1676-uecjdx.4k268.jpg

MD5 0f69be148301320281d4a1a04a97bd7f
SHA1 c4dd0300864d5f449f14c94c3617a517e26c2e64
SHA256 f8006363d461a96e73e4a64b529a2c34d1f22eecbb31c5bac0d3b7ea6ac528e0
SHA512 8d1029ce6e1cfa923f67bbbd81ff26812eecd690d99151c0357de1e5b80e536ed496602e11b72b0addae4c3923d9d9d5595bf43f6c7933eb57e35e349ce22a2a

memory/1608-358-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2044-360-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1496-380-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2064-377-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1704-381-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2044-384-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2796-383-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2520-386-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2252-385-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1388-388-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2004-389-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1192-379-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2520-376-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1764-420-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1768-443-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1360-417-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-1676-6b2kuh.6jw78.jpg

MD5 12df4ae3da0eb7fa5e5bbed485502fd3
SHA1 b11580bb06de2a954ffe3a303c204d82d722f7b6
SHA256 c0d517f801156ca39f9b01df7a10fe20c93950d2619cc9e7bbc8f44848410a8c
SHA512 a7b16721937c3f6d13fcdafec0f8a065fb58f1dc0da19393fa8e8bb8318dffb338dfddaf40fbc19350d2b4aacb071ebbe9c503bafc5eb728da4b9d64936932b0

memory/1388-412-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1608-409-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2588-390-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2796-395-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-1676-f762ri.vr9kr.jpg

MD5 a84346a85a4c27a9577b66d0b2287e10
SHA1 3eeb60c96cdfe17bc069321b559221cbd7e28993
SHA256 25cd472203dd4271b2bc4e9c49de23d071cd21a6a283f59df4d755678e9d21a0
SHA512 c51028f5e9c31e540666c625a4654c891fbad68844eea9c5cb1596b205d5483ae53ce5471d62c36834c3e96d21674d2bcbd35679905f6218403bb82860d6ce5e

memory/2204-452-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/3080-457-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2744-446-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-1676-r1xbs2.tddk.jpg

MD5 33ea8af9e85aea75870c041026793001
SHA1 66f5c9f809c4b8b0fbc44f0f050757644c87d1e0
SHA256 1f76c208919ded531b99f879aaa0f309fa48fdd3b03e5cd41923eba3d2de1494
SHA512 890c8fd8268c008599b14480e9f243a5a2c5cae731343f2199f383308d8bd41f545d2c74af027906a057370e33d3659bf60042dd24edc3719868162912facd04

memory/1600-458-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1264-438-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2900-461-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/488-462-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2244-465-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1704-466-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/3164-467-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2244-490-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2900-516-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/3080-529-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1768-501-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/3164-514-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2588-513-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/3484-505-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2204-500-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/488-497-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1596-495-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2024-496-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2024-464-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1596-463-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2252-406-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2004-433-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1764-387-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-1676-l4ayef.34ut.jpg

MD5 7436b5379e10190fda60fadd5a6dd794
SHA1 10186daa0fae0c2e6973bca78b4dceba5469fb70
SHA256 2915b3bdfb44f97bd6108385d475aa8f7c3fd9a5e6f115d9ab6aa9449a1012bb
SHA512 46a31b1bad3e87348c5cad2e11fab2f71e7bbe1f9fdfea735d66f76b8b4f8b73f8f27848248be037941b6eb3e32bc789bf817edcef58e054de9446ab86bfb8e6

C:\Users\Admin\AppData\Local\Temp\2024318-1676-1a7hu65.bsrk.jpg

MD5 a54ba56f394a2e872c85f37dbe20e478
SHA1 c1a898fa8d68a6c0637b869b08f84c9e3a270680
SHA256 0bc13c24a77ba60a4101fe1574d81ddbd20fe1986dd9da2adff1eeb937c5c9e8
SHA512 2f17c571a54b687214dc4d6a900e470e0887da012998e647da481eb3a493d0fa86df3b980b1ed2f55b6125e5c14246d59188598838e60e43a154b1b271f5d07c

C:\Users\Admin\AppData\Local\Temp\2024318-1676-1kls9q5.5p7r.jpg

MD5 d8953d97e6d77f024a578b4dd3d4ac75
SHA1 127d5222ff1f469476cab5f2e5e3d8baebc8690a
SHA256 d593c5440e30f12b2e0c006f573ffb7df7c57ab519c9d564e2348a40ab1373ac
SHA512 5e1362013133166e638530dd08c22a3d1d25b75b8b50b7edc986a80334797de6afe2c0f3879d00fe5aac112d8d8b7c7335f85f414a2d6d487fbab0a7da3aa3d6

memory/1360-343-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1264-340-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-1676-cq34gc.mbz4t.jpg

MD5 d487072dee784c46b933ff1e0d6f6df1
SHA1 550b36056ec7b205b73a36f94a9c67734223c7b6
SHA256 15989ea16cceaf28dc572d6886394c93fe8ba0e1634befca195bd02b038d098c
SHA512 5cd731c0209a277695f5b21edc45efee3580fca2ecf3f8d4e420db1a0b95c2dced67eed25f8a7a215d13a1c931ac1c128314bc49e67b2901a6653736d3a51d32

memory/1124-330-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2656-329-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2668-328-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/2464-297-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1252-296-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

memory/1320-298-0x000007FEF2D40000-0x000007FEF372C000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:13

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
NL 23.62.61.192:443 www.bing.com tcp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 192.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

132s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 20.189.173.11:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

103s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

Signatures

Enumerates VirtualBox registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4092317236-2027488869-1227795436-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4092317236-2027488869-1227795436-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4092317236-2027488869-1227795436-1000\SOFTWARE\Wine C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Enumerates physical storage devices

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4608 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4608 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 472 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 4060 wrote to memory of 472 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 4060 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 472 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 472 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1800,12894975294999835331,17550728567833894288,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2044 --field-trial-handle=1800,12894975294999835331,17550728567833894288,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2328 --field-trial-handle=1800,12894975294999835331,17550728567833894288,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\system32\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1692 --field-trial-handle=1800,12894975294999835331,17550728567833894288,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x534 0x530

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-cdwn7.jru5ba.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1vbmszp.p483.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-nsquz1.pps7n.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-jk03wj.84j7m.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBF45.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCCA81BB3C734A4F3C98DCFDA20CFFEAE.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-nsquz1.pps7n.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1vbmszp.p483.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1gcdhvz.zoug.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1jpythw.oggs.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-177mgv4.k93yk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1nejgzn.g3k7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1yi534x.0jmxi.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1f1xy6y.8celi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-bv8379.kc29a.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-fuerax.njit9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-jyondz.qe7nd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1ny5d4o.jfew.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-11ck288.tcro.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-un9elm.4q16.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-11aeweu.ykzd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-11aeweu.ykzd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-u5r9qi.ahm4s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-u5r9qi.ahm4s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-gh4l9g.fi2m5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1qjwqjy.9lir.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-hzms6u.jwan.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-tug6vu.uyy4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1uldnhd.poya.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024318-4060-oev0d5.v5ell.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-oev0d5.v5ell.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024318-4060-1e1fei0.au3u.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
NL 23.62.61.146:443 www.bing.com tcp
US 8.8.8.8:53 146.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 104.21.40.54:443 panelweb.equi-hosting.fr tcp
US 104.21.40.54:443 panelweb.equi-hosting.fr tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.4.4:443 dns.google tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 54.40.21.104.in-addr.arpa udp
US 8.8.8.8:53 119.176.67.172.in-addr.arpa udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\EpsilonFruit.exe

MD5 85f4bf8349f324f0ca541059a8e5a5e0
SHA1 685097888c606190c99c1321f970192158cd5121
SHA256 46aaa87d0bff37acb4950a172739283666e191e5570189f13a98f89d545c1d2a
SHA512 95e7d670b83f5256384f1cc14f1c70250ed1be1fc0eb3bd91386ebdab8177a8c782533f6d60a00fa0cf6eba8995005d9162bfe1395983625d1ec9eafd852be0a

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\ffmpeg.dll

MD5 12cb29b61007fd6cd166882635241038
SHA1 31bacefd2d7238fb5ac77f728bb39a27b400dbb0
SHA256 2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c
SHA512 cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\libGLESv2.dll

MD5 5300049a47fd88310ef94f9e37eeb247
SHA1 89672d16382a75781eeca002c850c17cfc46e851
SHA256 33863ea4047e4eaae8f24bfa3491bb809d4c3d44489ae2bbe5e3af9e5cc1fe50
SHA512 b38ef83cb40923654ae1efcdb8af63e1fb47f640a0cbeac350b97f24da1365da23d757cacef1f9e994ace0b076b4bc1408644347aec3c94995bb27d184a93c09

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\libEGL.dll

MD5 979b72ca6e98fc7fdcfcc50d77906fb5
SHA1 dc4b874f495ed73c90b39feb566a48a081371c4b
SHA256 73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9
SHA512 bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\icudtl.dat

MD5 599c39d9adb88686c4585b15fb745c0e
SHA1 2215eb6299aa18e87db21f686b08695a5199f4e2
SHA256 c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859
SHA512 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\v8_context_snapshot.bin

MD5 c384ae622a7a6c7ec328678af12922c2
SHA1 25165dcaf78d3d29a16e4f979370e0b009ede240
SHA256 977a027c50bd79e93ec015fbebaccfaaa8885b88c76f7e5a2c33337d6d5173c3
SHA512 d0571f5e18dcf14a591a76243d52094bb843b0779630f31cbb66fd738c1c35d10bb7ef751eb01a953305ee19f2777f4d3ca6f9b132199b2af357c0b03185d9a7

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\snapshot_blob.bin

MD5 19f1e25cc7c427dbfb519ce6dc2c7e64
SHA1 5578aa048412482650bb51b04ccbf038155f5c8b
SHA256 b6531c8ff3a288d00e4625cfc5019ccdac9cb8a53e723792616aace3b27f90c3
SHA512 ef07c82a8a3f36bc8492d0c0a964ee57c3bae3188c7c67eb555b9d117739b5a09e44183dbf9f2cf17ac386d7d777b62b534b2f55edec977c75ec3d6b5b535620

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\resources.pak

MD5 2db0729cb0a452b13400e0ad97a46a8e
SHA1 2aaaa7e0e932e7b46958214cce81d60099cfc2a0
SHA256 af41c2d4484ee3b86b63bde75f150bf67f78a6257d91b397b6b15d47b041e177
SHA512 967bcac22315ecbe76c5a1cec4439523a92710791ea6112aedeb2d294419714e7aab5526f868898c6c2cb83886dc98c694dddd314766c2ae373f55f3529a65fb

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\vulkan-1.dll

MD5 ad4a5dcf631afd553b4fed8a269c7897
SHA1 f1bded0b28ee8aed4a52a6d19d871eba4828e0f2
SHA256 3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db
SHA512 8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\vk_swiftshader.dll

MD5 37bba2c66e2364a5b3e6666864f3b604
SHA1 f2ecffd48760482ba055aa50cd78c5ac02d09ba2
SHA256 23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46
SHA512 6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\LICENSES.chromium.html

MD5 df37c89638c65db9a4518b88e79350be
SHA1 6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256 dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\bn.pak

MD5 124d35950327fec461c07dfb6dde72eb
SHA1 f3d7791dd6bdf88f65a62ec2e8170ee445b6a37a
SHA256 def934201f35a643c8b097be42fe86f2a08cef5523cb61e2d94cb33ae373f502
SHA512 05a993c9ba52083b8a7f0b3662eb8e4a873d23f309d334cb4e4088fa5e33d8503fdc6d19f247c4920cdd91a165995c514b2a061c26fc44f89e864516ffdde9b6

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\et.pak

MD5 3ca246cd997a68bb4a6daa8b3b81908d
SHA1 842bf5f6bdd29ccccb24ea412497acdb37a5f805
SHA256 25c1e1306160779466d8c039ea296db65d12dcf21d2ad794a36ab62b1a7901fe
SHA512 32135a0c29bf666833292b557634d4510c185f711d7ad8625e981811ea082dca0d1714f481c9c8ce8b3acefd18469093d48fc05bc0160ffb87d1e2b90f4cba1c

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\lv.pak

MD5 fe9ff0063f35ba05d27cba720e2e69d5
SHA1 16a87c24f027eda9865df7090ac8023c7ae5b57b
SHA256 43bf3b7181b607d8769da6c2cf671e2a429439aee253dd774ab5bf5aa5fedde0
SHA512 794b1b87ca400798574be56cf8da9adef78f1f9f91dd42fb23e6355caf0455f8d982f2b3d9bc252673704375eb4ccf32d58ed1cbbadf8780590e5777ef41c035

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\te.pak

MD5 1eccb7be373fc3144ada2df9e493cc07
SHA1 eef3e05afdf910671a046cf90291c17731bdb378
SHA256 bd0a936ab62ab6ab172a192b7c082b824706f6b3d88580a6b6be32809354fc2a
SHA512 ea30d14fb7c2ad54263e12eb8469e6b058afb30448900b55d944aa87e266d735f2a04d2f29303087f2d13f379483d681285182e6ad2bb25bf36e311828e2a08f

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\zh-TW.pak

MD5 ad19e8ac7f2b5e5f67b9f5671299d19e
SHA1 4a6936a4971c2b9a414f40de3eb5dafe1b5b3e52
SHA256 e30d22153e0860246c8c37855a385471ad1e74e1eadf56476a1ea980f9204d86
SHA512 4f283deaad6ef0327baf7cdfef063293d27c1746431261553a6c7925832fe77c8017c6d11f36c5ec657ecd3b563099c9e35bd2cbe52c12ee734f4bef9bffe077

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\zh-CN.pak

MD5 c82a124cc6e87ad403a67007b9c1fdb0
SHA1 1d4f1c0a3cda7d4a75a0f4035bc6d2718102f09c
SHA256 f597245963ca7b42b2a7e5e80af5258972002fd4bcd3a21c875e4051df3eb1a9
SHA512 5e45df31658039144316299879b4f1de7eb157fb830d08e8d93d3ccc2e033b1f8e2f59d29e11785ac8346988d5ba2afc373c01bc4a58ba3cc4439d9aff1ada87

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 41d3387761bbb79d4820e8d242561027
SHA1 27dfda8ce933af12578fb64f3171f40f56bace55
SHA256 ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5
SHA512 cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\swiftshader\libEGL.dll

MD5 2ffc36c5555a36a4f26c1aa7a8108b4a
SHA1 2ec38b17a0e9d5b0a4c397921aa4430607d32edc
SHA256 f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5
SHA512 0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 d226502c9bf2ae0a7f029bd7930be88e
SHA1 6be773fb30c7693b338f7c911b253e4f430c2f9b
SHA256 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
SHA512 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\resources\app.asar

MD5 a7137dca7de6f4b158665747e1d23230
SHA1 5a084cd5dc3bd18c3752deb10a09af2a18ba0db7
SHA256 3491625cd82fe90030a63b697905000e8eefe9bdeb9597680882498a2a46611d
SHA512 c80c86375169aa6e46decf2ebe6b13ed3b976d8aac17618868ca6dd906014a7a33774791198905354a53e0f6625a9776c2c9c68f42af08c7f3181d8717f25b11

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\vi.pak

MD5 806b7d282e74565b95264ebbe6794d48
SHA1 3aabe2d802283fb9b3ef43932c1b7638ef6a1053
SHA256 7b4bf97b78a07422359b709ea17d1d6aa038e12ec420cd0fc7dce4b313fe4af7
SHA512 7380b7a2b239932d1167f194f81a1c867983fe318a1e48d246470de0c94837edd6c0a641e06f888e36ff5041fc2a69d19cf1a46bef816d07fd3ecda42b84e524

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\uk.pak

MD5 ba2462d8b3b975bb265bcce6a3410cf6
SHA1 3caba82b3e14350a33711db68d98e6d211ac9fe5
SHA256 1dc63c538f6b96cf4e70284c078a6e18f58f599db2a2ec594da23b244944c9cc
SHA512 a46441e2c97032928dfc19b178cd3261887b7076917a4fe829083151c8298703c3921001cd62c630b35504444f069973605b487c954623ce16682491fccb7d50

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\tr.pak

MD5 2bcae092530d06fba9b23492ac4a1d6a
SHA1 4114af7364210a4bcd10099911083de2abc25d40
SHA256 65105386d6b52445fdc7660648259b43a04849a05035d749858d9f64d4209836
SHA512 e87778246b98d87f2f29e2abb02290b829cdcb753fd9b184fec61b0523452e262527432b73a11eba86d547ffce2ce00b4180ae8367419e2174b825ed290345b3

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\th.pak

MD5 1a66feba0d44231b935d83a7f36a09a0
SHA1 3e674234b10350ebec218c904a9c90f3edd29711
SHA256 11fd04f3b33d09041d646d34e61fa15b96c12dbc62e229b64306356de6155cac
SHA512 b7617094a6d27670c0720dc5dade4a866ecdd68c45c1b9e6dfe1c3074dd1957bd7459210d111ef33727122666b24c2449cce9f3e903aae59dcbe438b38c8a021

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ta.pak

MD5 3dcd0523ccad674f2e93de57ad0082fe
SHA1 fd4a28ee288a1f33ee7260ae80df93aae9718039
SHA256 72ef4527f01018c90c583e48f37d20bfa684012bc00cb9ab5ffa3e222b9c7f3a
SHA512 2ec95b89051b019e98e6a1852e5e89e1c985a10998af1cb2603e5766698a2880355d8e6b959e60e9edb84354e99d0286708027c39a8add816c172ad1efe35b49

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\sw.pak

MD5 89c5dce32ff87d5fb2b8e815f7e4cbab
SHA1 ca3138ea6103a5ba39e35c53e980b44c9889d386
SHA256 ca8d57f632880f7b736ef7f8c5f35ddc867e50919b1f7d835bae76f823ebed13
SHA512 9e3ded0e33f9441f31e95317ac6a7a140ee5c63bea8b1bf8c03952804fb6783e61e7971d5cbe1c698d3c4067233b78bf37099054fcfe38b091829f5435e6d435

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\sv.pak

MD5 007d56b78104f7e245f7c84f07949f25
SHA1 8e3104a8c26f8418f44e19640d9babcd68a640c1
SHA256 e6c9329d7184190a0282f6440dcad5531f9656514a37b7dcb5a510ef17f3793c
SHA512 30c492d48aff33af8a0290cbe29864ff5c7d46dc50f5c4c6d5c96e6aa273926840b28b78958070e1534038e66c0142ab65153d32d28b56fb5dca28844370a946

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\sr.pak

MD5 0cf9aea120b76672d2b5e30e928459c5
SHA1 0219aaa5d84847fe86762baa82b7b8b301239c9d
SHA256 b6aeb180462d8f312762a419b45c910929e2322d45bbf2b84b0871ccf7838945
SHA512 e79a0800571ab7b64602db4941b689231edb20d65a89272b7dcae53426b7811791df8f6ef174c83680a6adf931efc3d47f133b971254c139e8b04953b8a10979

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\sl.pak

MD5 c20064c5c0dae644ce4ccc0a2234c128
SHA1 a50411c1431ae1f4fac74a34f1716809a0623380
SHA256 576891a9a61b9cd50024e507e93d32476332977db8e29ef3d46427015d4d26e6
SHA512 04f979cfc813c6b1d3a5d9b3b306c415529a1fb72e415e2742ee25ccebf04bbe3abca91bd66aa3633a97a1383f3c4b915319b8d0b25c0ef6eb8c2e08312dc01e

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\sk.pak

MD5 3ee3730ba0f6894f2651e4e1be37a214
SHA1 3a3adb77fcb6d0514a221e6671d815a1cb7a2c35
SHA256 23c8d9722e0a2e22fbc8ae1bebb9cff456fe026c986a211565fa9398376e64af
SHA512 000928407693007645230ab593a6055e6005e6c2cb362057ce8a1915ad96030a03b134ee20e3197daac9920c69df188867d3c5a603a3e36c2eccb0bdcd549206

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ru.pak

MD5 d269143626296c69906523810139e9af
SHA1 43abe13a4837892644774bf06eb89cafec49ac95
SHA256 b1bd2d1cc678784ab73a691d4a3dc876be78eee0a30661ac2666a9b8ab864ecf
SHA512 76b0cc1841dba7d4b4175b0c10d6c36c7f3e8ea4ad0b4e4c091391e2754913cb6c02f0285b73372d604a395b23995998090a0c68b607b4106226b7ac67ceff23

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ro.pak

MD5 1ab0cbe10cb7c3d5beadc7b04a881885
SHA1 eca1fe3842b4a1b070a0f9ba1a27fd3e6284ba80
SHA256 9a80b326b712debc0d6e9639b45352fed1c4a49ec37490b49b8506c636fd2947
SHA512 581e42422db7ead773990036ce49a5d2589f3af610604582a4820dcee1c37d2923fbace738a42cb8b87407915e1693bbca6a2234a0716c7c8d875ca30915289b

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\pt-PT.pak

MD5 b7598cb8f05f465909ddb0045d60162e
SHA1 b794c944dd5287e550a3e46bc9a0584d3d753eb1
SHA256 c338f6de946cca52c457d236037cf1c9f13b6c73796b713f390524f321b401d6
SHA512 a53e9d6af760c4aebd418de134ba23ebc27076b02082e9eb1afb1bb7ec93a45ea22a4961c49023d7ca8b2d3aa99462ec35180797982a481ae823ac19b4b96f84

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\pt-BR.pak

MD5 7b7bf21b01ccfb27af8cd37d738f1106
SHA1 da1db09ee88c005610ed08dcde1b2cd73bcebd84
SHA256 1feb01da1f443fee8ff01c3b585d8f0ebe6a5e242483cf6f0f93088e76913e76
SHA512 ea0bf1357616fd33b41c7189eafd2948324bbfdedb043974dcd0f78693fe868a4d37ee2c0e979d9795cad63cbe70fba0794641beece737886cf92bc29622e464

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\pl.pak

MD5 def25f809c246d15d8a2f41a78b504c9
SHA1 4462b50e5613b1519987584d974fa0efd1812ced
SHA256 165005f81f071a315d0c4183fb3bc899e464c4cbf2dc450ffa09ae6bb5d517d2
SHA512 e6f17d5426ba98348209a51632db0cfe19287baf3752948bd76acb77b7eca51aae905adf7c316b17cc44856231d034f044cc056b0e0f1ce3b4999dea29597cc9

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\nl.pak

MD5 6e404adeb945cb7952a8c4129e098759
SHA1 a870715beab03f3a53c74b5aac2f314b517184b3
SHA256 7531e450f725f7ac75ceaeceb09155786d367a4456f4e71e7523af9219748434
SHA512 30917740d923ca25fb9f3c32bca100d58388f5c6d3516a29f3a39d1ca8ab3e4058b271224c8b9554479d91718cca3dc1c9cb08b38b19ccc36a0d57ed0146ab70

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\nb.pak

MD5 23d5480b833f65f1f55cc3bbfbdf53c0
SHA1 639eff4556e4d6c879abf305176f23c014927042
SHA256 7ce821732e743c2da1f81527355226df11a21eec137940a034afeb34618c5daa
SHA512 b46b25a4dc294dab0f34e5ec733dfe7e1c73c6ce2817640a620e9a0c196292a7a4737f0f10806efba4d5831d5a2f0833925083983927b0d74cbc5c46e9c8b953

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ms.pak

MD5 63c4977a1e8f5ab37881705d084b47ca
SHA1 f716932d886b8a5441397dd6a8625cef88e85bcb
SHA256 8b18fef24ad28663e4dc5a5113a35111a78b848d70ea7fef4156ad75bdb4fea9
SHA512 3afd4f8db5a0880319b13009bcdc14892b8710b2ac91dea8641f1f632866ac564791f1d302e1208aeeb9977e613fefd6bc7c0a0fd5cb5d031a768362bc0d85ed

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\mr.pak

MD5 da44d4ade4c258629118dbf534f0c2cb
SHA1 d93756c9d2d2db7755b4b7d47042a451435cca7d
SHA256 fcf1d938863cbc4d4a1d62de0eacbfd17fee4a0f5a9fcc09627bc22a98e268c4
SHA512 827c291ccfea31799e2fd48ee35aa179006a7bb3420c0346b5f1291abb4560f84b952a2bae820ef129ad77719edb16873328e7f0d030f9e2970e0c620fe59328

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ml.pak

MD5 a66617706e80fd5ff8ab6ba8dadafef8
SHA1 3718d0afa1bff72ad7164e41cb46981811583422
SHA256 51b2c600046abfa5774b85665d4c882daa3c90bad5559185f9335ff61f04fede
SHA512 4de6fabef9db34791d0d165b5064e68ffa19630482219e4c72e6dc0f9e9e56b1941297862bb2e267cc02c3d3327193a233f642b11cf74e1892270721a2d7dc74

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\lt.pak

MD5 720c1b3c95e8613f2cd9e40f3d160ed6
SHA1 1ea62b51f1a2c80b92e3348de260032427a9c79f
SHA256 51027bfd566fa26cd561f9bbfd2b4a6d2e41e0ddd786b7338cecc43423b3e6d5
SHA512 32ad5243df09d642e058550d2ec58a8a8de00cc442da551c195958a95af7c82c4d2b63b27d474a065b0ced5680d3e005b2a36301d02fca09413e165089f47822

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ko.pak

MD5 e2a95b73f9081efce223a180b7791c16
SHA1 addd6ac05707597b917ff9f7c3f7524be26df7ca
SHA256 afac9566a4e1fdb2be75faee46bf9182f81b85373d60cb583f1051b12d9719e9
SHA512 70eb91347c21f0e648e9fcf82ffbef5e3eeb6c0268f85fddc7ad4eaea2e22eadeab653476196240a75361505f40b0bdf8602b0f414faaa77354f0fe76ba4e09c

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\kn.pak

MD5 5a599f47d2e2ff1aaf4c8ccf8bafd10c
SHA1 32aa52f2e90348725eb619187272e9c5a7396bd9
SHA256 e55425a4ab6425f60a9389e5c19dcd5bf437816ae09a21cd53750819040143d2
SHA512 7ecb69b70d5782e22ef9047fbfa29c0778e894c5cd987d33d65e68616ba2a42a133abe16f2af70aee4fdcb34c7e8e3d3bc3c556c754a010132610628516ad456

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ja.pak

MD5 640bb80728453be0104566caeeb8eb82
SHA1 362b46036c58421f4b0f9b2f714b21e244aeee44
SHA256 1bfb337c19c9d04bc53df2d2eca6b73c11df33b6fd07a6a3fce5427ef0f38cd4
SHA512 1bd764ec56166ac59fd2acb1ac81140bab2ba7f326c0bbdc9cd30ff6246fcdd98e49310b0528fb0d8a9256ac06ca3e145a3906a1815dbe395d989443650f81b0

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\it.pak

MD5 5b03bfc915b62aceb06b9c670fb77e33
SHA1 9c88ef98dea5a7d7be8571354ad3c033033a40b8
SHA256 1f9a38c852c05577aba397c388b35037eec6b9d90593800b5b57bac437b42684
SHA512 b22c4db0b56c136e9263a15bb2a31a9213ac20321b189cb0572bd1f0b0b9989a7e698d94750d9c5d01557f4b247abf9a8cff1940bab03fdb737a8276d96ed1d0

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\id.pak

MD5 39378b548f712608903ee8aa25db212d
SHA1 7f5a3466a4c8609c6bab7ed3dbc9fed52cfe1e62
SHA256 426a302448ec17e313724b38bda9ad4d5c031da48a1ed3690b547b51a06229a2
SHA512 7d2d823445316f5a63df286af2f1e28b90b8e3a04aabc835020b17f690d95f7ba2d0261876495345876cf826fc57dd0a9577e79af7e609adb8c71b8b4ff03550

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\hu.pak

MD5 4b5fea4bd49738337ab10bb3f1e6bda4
SHA1 0f27220019e099b658a9c563995dc2b022fb1d68
SHA256 e526c9c9a8c4d27c432d3cc30766fbdec6c536b696a7ccb7e9376f0e55147b90
SHA512 4e271f8ca0028ff5b8a86e8610174739d2d2b7a267381562bbac3543d03f6895b3361c2f6fcfbcaea6f5aad1690e878ae0de5c905de12b213c2c5c396caafa66

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\hr.pak

MD5 ebdf0ad52e9a0f8c8735614775ff5a94
SHA1 787feb9f703daa094814464b090aa5d36725e007
SHA256 b9c21e5187e8649157f5e49e014b8c285866ec839638344a31234b60a17e7d47
SHA512 e2853884687393fa2b0f8e4b27af5664c223fd5bb2862e5ef788f912771eb9d61e7ca1fc39f29ab679f49986b5a95b9da44727c69c99dfd3bb8ea2f4e974ada3

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\fr.pak

MD5 a17cca5f1db7cedccda9c5a7784bebd0
SHA1 c5e0a0d24a14a535406886c00ad10d20638341b4
SHA256 e8da96855f7238a6ee3162b08d46e5ab84d98179dabf535060ef5fccdb36bc79
SHA512 0bb2217e44f1c8cd9e4cc2127454e1fd137c6fa101914bd230b9089d6317f599c9dfdddafe3d5cbc0fdc036e7b4f6e5cb528bddc572b5e26c8e0322f1a7d0b97

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\fil.pak

MD5 7c3df3c13393e1b24e4e96f2b9082a6a
SHA1 caae1c99b589e14184e9f2c89f698a2558f4ec3c
SHA256 27196aee4a6248bee44ea2b5a3de90ccc2cd53f8ce1beeb796aa4d7e25bd43ae
SHA512 2d85d37d9560cd6ff460e32c3c569851ae28d794b5319ce74c010cad527c4004e54c993d5440bd22d6e51d86c4c4683f8db03c38abca4839a10e2efe46ae35e4

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\fi.pak

MD5 a3b5292c5e2e981dc4ce9504f638a542
SHA1 6cf480f3d7cb5df71bdd4089a1821f2eb2dacecc
SHA256 f4f2438a3810ccda4740442cdd964e43883cdeb820715cbd7be03cfa6b1e55ed
SHA512 6ed819896e2aa72d73bd2af731f7f714119fbe7d1fce5909d1a9d9ecb99c6369505e6d33f1f9ebadcb0da608f9aec365bc6cb5f6e22373d577cced7e317772c4

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\fa.pak

MD5 46412682e8d0743714fc28a520aeb35d
SHA1 dc6bd723efd460a56d205bc199e3be4c98698ba4
SHA256 9861d5260b98b384603ef02e97dac0295fd255e550b57fd427bbef24b1cd7b17
SHA512 c77c5344c6a7af4035f865aa7e3a3aaab39b11c4a3bdd94aa99f15dbc6ec7cf4b6057ff48fd55e2ff41041728fecf80dcd488578dc1db249ab1b7598fa438f14

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\es.pak

MD5 09e0feb85585bb4a220a3ab3f21adb9b
SHA1 e564afb37d5f5305585ad1081a26b34ebee73ccf
SHA256 cf7ea140dceac78042e0d35da45a4fe732eb04e1d2b138bee4cc2dc5e7e9a0fa
SHA512 8317bd2b4f509edabac1a74ec32bcfd54b14598799537d90178ec349cd71fe967d5c677403c85e305a6f2e94722c20a83e65c0bdb29a6265c5355683856f4ade

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\es-419.pak

MD5 f9958dd6ce0ce1acea070bbf317b1160
SHA1 0dbc4020e505a053cdbe6a0a9506829498a8a25c
SHA256 ea868929f537d48e846f86020762c59c77a0ec67765c3af22e08fcc853f94c2e
SHA512 35a6e5fdff6b4e3a076eea70b7c551f1d303b4db4e63aabbbde54b4fefe40d750a03440bed7851f12750661ff8b87c5ce3382b0c71d0e171f729a7a82f968cf6

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\en-US.pak

MD5 b58cb46758c6bc8fe4385ec2ce4e50b7
SHA1 34026e96e02220cea46a31c2319f695ca2e0a914
SHA256 e34c459684971971765943e8b5b2d1751b329a9502f0fd6649679823f725b8c3
SHA512 702384f9d6d77da08fc8c49a5f65957c56e363e1ad37f9d0611092d248db1f79636a6cf336e55669e002194f589f584b5663b4d77e54fa95e18f84eb4864d7f5

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\en-GB.pak

MD5 05f7b55019ba0a9da84073cec0a954c3
SHA1 b46462fa8c614161ec42fa791e4ce3163c92ea8c
SHA256 a690e642a6b781efc3da2e8c83e554d6e8b9ae6ac34f6f0a4f327dd9ea7cb7f1
SHA512 30e93503db60b8c7a8dc902efa960583316cb83337eca102f0bdafc47d3b59ad5ea1eb99b5b9deb0ff66345d551485963e4c61ce555298880aafcd298057fd34

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\hi.pak

MD5 815dfb3eeb9a69919ecf2562b6d4ad34
SHA1 2d0fb4c2a19b7a991974783b51b13c7b3610b686
SHA256 a480e95a5cf338a90f7d077e4147f45696db9ad6e8cae1765ccc5ef05fb48505
SHA512 0e6c8374ed7f6f3b523c2dd5455b598ab0650da8ce3a8243a1a42c6327db9a694947a508a90edf95685c84120cc73964a16c7ec49835ea398dcc6186d08ef1b0

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\el.pak

MD5 b3724a4dcb17bd341da403acfdff0bf5
SHA1 05fc9eb29381f1befbafb937c564a87205779264
SHA256 0adb6e5173572ab4a3df5671cf053196f158294bc1e07275a7e6fb6d8da81b06
SHA512 3ccd57eb43840573bbd7e6d8b24028213acf58040b2795a975ca4750e4a9500d8af74bebac1b47f2d9b87204c68707d53b0d927c0aeac1fa1bfdb1c899e66f37

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\de.pak

MD5 8e560e240bb79e453167f70409226619
SHA1 bde183d2191d42797a300f0c4cd83e1db278c928
SHA256 61c4a4b5c309128ba86a5345db04798be0680905543c6986f7b3cc4b1ba72729
SHA512 5564555eb203fe86e9630dc223e4012c7e3501d68554b6b7138a3c6064d39b868e7e2e0e8b994169e918e9c6f67066440b89c7ab10f48731a84fab84c2e7ff82

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\he.pak

MD5 5db44f8dc63c819b0ae2a5458e36447f
SHA1 6b440ad4bdef6acd31ca8be5d085db26a49a209b
SHA256 bee5f133cc85f8ca280f9f41df6790aa65161fe8dac8dea7e26fc609240e84a1
SHA512 cd0d104597c5c926480443b5d1a16526ec0e48c3d6dca6233ec7cfa63f01f2f5674d9ac9a86a45b789a94fcb3b63aeaf92351bac2f4920a25dd8d4fcd1edce19

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\gu.pak

MD5 10c1dc999bc7ab62e1f26b0497afa7bb
SHA1 68da1055b8acdf016b152a2f401322d3d76885b5
SHA256 b9690f3c550deb0827e409015abf3bcaab01c9acd33e96932e85ac84ff4c7831
SHA512 c10a956fdfab446b74f1dd2a169201f0b7ddc4ff1d7a635b9c81f07942ea0d34ea327e2e7f07e3a672ac85c8b8ce7a0e871d02946da4fb5e8e75713e56cbce61

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\da.pak

MD5 66e780528890dc0f484a3d6938ac281a
SHA1 5f46f7915cf101b88d29213b457f37e24d5a083e
SHA256 e698945093c1f562d0e591c03d9670a9b01d0eaa56a2c80c1d12d91d88b7b407
SHA512 9cbc2b054bd3f9d39050a4a189fcf0127a43b9991ecdc9453679c53b38cf8a25138057648a756e01fc9b4825c009a8894ef68b94faca83cd35d268fb05556af1

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\cs.pak

MD5 2c9e55ed46954a8eaa27105f3f074ca2
SHA1 bb4a36964cd1e8f140c9937586b5215fbd7a9632
SHA256 86f1847450d5c341893fa097fa6d4e0964963c0c2466a985d014dab0b65f34e6
SHA512 cf7141a3db9d44c0940e88ded1f326b5ca4031d18f8a8236b313c6a6c41289e9dfd12c3367181edcbd5425deb584b082df004bd6db0ca55a1da151703af575bf

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ca.pak

MD5 90d8b16ace2fc684d0ddde0d71f64831
SHA1 ead7dbeffb3c102d3547c8c256135991b547ade9
SHA256 020350f4a902c79e0f1f5366e209b2c309ac51b6e72d9ccf51cdde2fab756e3e
SHA512 bfeec65e7c001d7a29c18e6bfc2b4c6688c828419d0e9823d524a7b35c24a3303c1cfb8f14a98d965d4ab41c5110842ec64cb7a2928309b0bd31291e85b168b7

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\bg.pak

MD5 8448caa7a70f74dc0c6e453e7487bedb
SHA1 a7f67df94ee9532d26c6e6e827d61414f4516d0c
SHA256 19f49a247dfa1328799a1be9a556d940618ceefc04a5dfd813e5c023d086a41a
SHA512 337293839e64f514152c7558f2d1cbb301730675936ecfc11242d1346c9da535896dddaa8ad563a40303cdc8884f80af679c324b31325d40b7141a8738ab14bf

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\ar.pak

MD5 d7eecfb7cc52b3dfb69d8047dc6aa12d
SHA1 fa5e4e98395c4bb14259c2e3c36fc84b55f0c3d5
SHA256 e38cd21fb917db4671ab331ee505948e109e2a0c6a2f3ad0e64d09863efb7df8
SHA512 2ebc6f7749e50bb3a9c27d2235be1478fc2d58a7b6f5c4cbbda09ad4f28ee3873881dda16ea668eeb63dd259a23ac68c73e4ab4295d51a22c36284d9c8667ed1

C:\Users\Admin\AppData\Local\Temp\nsb7CD2.tmp\7z-out\locales\am.pak

MD5 b319cd4192f5bd03bab4644ee51e4ebc
SHA1 49c52f43f542022a97d2ae18a56a266deb901496
SHA256 ab1d0f3bedb5806fa7268773b6193928cdb40e641d8563c14df1bf962434d5f2
SHA512 3fe8284422bb7de7f2e3e121b8657b7686586d597b4d453b2e38f119fd25bddd61c1218f22cc8e4bbf37f393411bb866c0d6c166207b5bbfeb45f5459e29e370

C:\Users\Admin\AppData\Local\Temp\f28cf986-1656-4fbb-a592-09e7050830c6.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

C:\Users\Admin\AppData\Local\Temp\5acf11db-dd88-4205-8f6d-a791613e559a.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

memory/4008-573-0x00007FFA27220000-0x00007FFA27221000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\a5779af3-5f34-424b-b062-5a743f93cbad.tmp.node

MD5 08b28072c6d59fdf06a808182efed01f
SHA1 35253af00af3308a64cff1eda104fd7227abb2f4
SHA256 7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5
SHA512 f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

memory/4008-675-0x000001DFFF4F0000-0x000001DFFF599000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 88366245c06bffbe26d0f463e7233fff
SHA1 266c2f1c46450f83d1860d60ecd40c38702b3d5c
SHA256 11aa3ae3aa32726b2d6466ce7ed2e593c13e0a025794e96a9cdce2e66bbef22b
SHA512 bdd63b322f3b666557a82d115e452fc7a9be0fe539d90d6c8b9dd5c1523df8df6c8c8b5875c9d284634ddff81ae80e2f3ede239357a93c691a0d74e1069c4bf5

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\RESBF45.tmp

MD5 bfec79df8953a8eea74acfdcbcc0cae1
SHA1 c15f2ebc6be2ebc1c1b7d86bf3997dc2621320e8
SHA256 1b1b07cd0cc26287c52e0e5132f5b6703e713a3bc91af11c89410cdfeddd2977
SHA512 dcc6ea2bfac256f57c02c6b6eacdce0308a5e1f1a8349c68c2b2b7a203bf26369ba52c118805a61258ab312f7c242e2d42e3ea51b55963164538c091bda6ea37

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 77b2ce2ca88b9689f1ac3489e40dd10f
SHA1 bd46b55cfba4c140d5a2fe280fe47538e37048c7
SHA256 19846d443a68688d4bf79304ca023d9d56af93dc4f94368f7923211a7d7e0728
SHA512 aa33675f75be8404a615ab51cea99bb22c684aa31eec1d7865f0f8f3eba03c0853c9aac12d5ce0d2ac3b4be3d65eccd4e607272ae7f480343fdb570b9434871e

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

MD5 f3ac7a0e31b9af1b495241eff29915ad
SHA1 286fe23eba741cd3fca3f3e9a919021946655392
SHA256 f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a
SHA512 b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

memory/4380-748-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/1740-754-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/3932-758-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/4272-764-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024318-4060-cdwn7.jru5ba.jpg

MD5 a6127e410b4ec14c00354fc6c61a1fd9
SHA1 ed6d76d9b437b2d7b6ff5fce0808dbf99b4385b9
SHA256 279cc428ea25f5f6afc2f083f53feda8d0ac3754e83e96ecada44c6a48530ca6
SHA512 afdfb0ae5a5fbcfa3d822456f1fb87860cb03abb335ca5408b4c2b4682e29b33491dca5d7424e667520d92a65711037b9ff2a9701f673dd253061fd586a43445

memory/2144-778-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/2076-804-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/3532-808-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/1716-836-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/1840-821-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/4712-825-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/2168-824-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/1092-847-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/4596-861-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/1556-884-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/472-883-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/3028-889-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

memory/2400-919-0x00007FFA077A0000-0x00007FFA08261000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

0s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

140s

Max time network

163s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win10v2004-20240412-en

Max time kernel

110s

Max time network

167s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:15

Platform

win10v2004-20240226-en

Max time kernel

156s

Max time network

167s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4288 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.16.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-18 07:08

Reported

2024-04-18 07:14

Platform

win7-20240221-en

Max time kernel

121s

Max time network

130s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 3008 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2372 wrote to memory of 3008 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2372 wrote to memory of 3008 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2372 -s 88

Network

N/A

Files

N/A