Malware Analysis Report

2024-11-30 03:17

Sample ID 240419-bhny3sdb81
Target 3b75fbd96388d92a64dc14d9aeea8235.bin
SHA256 24c7d715a80500ca4286152f6f418ec753d5e7e95cd400a56c2df5d63ab1ffe2
Tags
epsilon evasion persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24c7d715a80500ca4286152f6f418ec753d5e7e95cd400a56c2df5d63ab1ffe2

Threat Level: Known bad

The file 3b75fbd96388d92a64dc14d9aeea8235.bin was found to be: Known bad.

Malicious Activity Summary

epsilon evasion persistence spyware stealer

Epsilon Stealer

Looks for VirtualBox Guest Additions in registry

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Enumerates VirtualBox registry keys

Looks for VMWare Tools registry key

Blocklisted process makes network request

Checks BIOS information in registry

Checks computer location settings

Reads user/profile data of web browsers

Identifies Wine through registry keys

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Checks for VirtualBox DLLs, possible anti-VM trick

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Detects videocard installed

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: CmdExeWriteProcessMemorySpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Enumerates system info in registry

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-19 01:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

110s

Max time network

141s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

Signatures

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDBC9.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCF7BCEFC0B1AC4915919F48DE3F456F52.TMP"

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCF7BCEFC0B1AC4915919F48DE3F456F52.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RESDBC9.tmp

MD5 5b63dcc90c559268ddad470e975e4969
SHA1 f318ddc31894f9f85ad445ed91ffdf80ecba62ca
SHA256 a340652abb23273fcdcacd41c5eb7f2aa79264af205d9798fba6b06ea9e206d9
SHA512 7a463d78d08d75a73b9f90a015ed0130838073c88bfda6fa2f34bfcd5dfbf1d314a6c7d580a68be4fbb3982ac705a34d43143d006700802079dbe508ed2411be

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 51b63358de88bfb0c5ead3b8e4113adb
SHA1 dc9de3df799643b38cadc33b036b103b1654f519
SHA256 8073545592d543ae740d82019c21bef53f0bee230195a27e4409f483c62ccc7c
SHA512 1608af0ae005b41962ad89e0536f5f438cd50735e724b79b20c81d3dee182e5e68bf3c9f2120d16b24d9065bda09e954325947cd7233065036978bf5522a72ba

memory/3712-9-0x00000000009D0000-0x00000000009DA000-memory.dmp

memory/3712-11-0x00007FFECBC50000-0x00007FFECC711000-memory.dmp

memory/3712-12-0x00007FFECBC50000-0x00007FFECC711000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3252 wrote to memory of 1140 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3252 wrote to memory of 1140 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3252 wrote to memory of 1140 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1140 -ip 1140

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

92s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4556 wrote to memory of 4276 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4556 wrote to memory of 4276 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4556 wrote to memory of 4276 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4276 -ip 4276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

145s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

87s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

Signatures

Epsilon Stealer

stealer epsilon

Enumerates VirtualBox registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\SOFTWARE\Wine C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Enumerates physical storage devices

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1816 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 1816 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 3696 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 3696 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 2208 wrote to memory of 2012 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2208 wrote to memory of 2012 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3696 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 3696 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 4888 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4888 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3696 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 3696 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 3696 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\System32\Conhost.exe
PID 3696 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\System32\Conhost.exe
PID 3696 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 3696 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2800 wrote to memory of 4148 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2800 wrote to memory of 4148 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4384 wrote to memory of 2916 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 4384 wrote to memory of 2916 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1788,5467568818391121808,13281107357142043338,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1956 --field-trial-handle=1788,5467568818391121808,13281107357142043338,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2156 --field-trial-handle=1788,5467568818391121808,13281107357142043338,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"

C:\Windows\system32\taskkill.exe

taskkill /IM msedge.exe /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2980 --field-trial-handle=1788,5467568818391121808,13281107357142043338,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x51c 0x520

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-yrsyb3.pvpap.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ezl9zb.sbvjl.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6D31.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEC3F14B4555146C5A84616B9ED6354A9.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-yrsyb3.pvpap.jpg"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E5A.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBE9E9DDA2FCB415782D82D3123B67CB.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-fjdjhj.okzsu.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-fjdjhj.okzsu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-z1qbq9.o5h4j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-z1qbq9.o5h4j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1gjuupj.ffpv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1gjuupj.ffpv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1m9spb7.eakq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1m9spb7.eakq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n8wtq2.c7ni.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n8wtq2.c7ni.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-132wrob.5thl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-132wrob.5thl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n7k6xm.faf5d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n7k6xm.faf5d.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-126k2pa.rv8u.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-126k2pa.rv8u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-42zkbu.3u5ly.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-42zkbu.3u5ly.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-g37ibi.olgj4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-g37ibi.olgj4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1e4auiw.tjdpl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1e4auiw.tjdpl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-sttkuu.ftnma.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-sttkuu.ftnma.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-p3vtoz.g75l8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-p3vtoz.g75l8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qcwofv.agfh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qcwofv.agfh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qcbmwl.um3c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qcbmwl.um3c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qs3eth.naa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qs3eth.naa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-21ujnw.2i0we.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-21ujnw.2i0we.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4ofw18.yuqi3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4ofw18.yuqi3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-c7ah6h.isswi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-c7ah6h.isswi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1n5yuvx.7hvy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1n5yuvx.7hvy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-3ue7zb.845wo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-3ue7zb.845wo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-keskyr.tq7y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-keskyr.tq7y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vw9j6q.sxzli.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vw9j6q.sxzli.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1q5su63.engo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1q5su63.engo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1bxe44x.039v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1bxe44x.039v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qi22av.dqlte.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qi22av.dqlte.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1b5pjna.m3jgh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1b5pjna.m3jgh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-18gvrfx.dynnk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-18gvrfx.dynnk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1dfzxqq.9fz3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1dfzxqq.9fz3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-su35qf.a7o68.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-su35qf.a7o68.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-372qil.poazw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-372qil.poazw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-106lh3x.03ux.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-106lh3x.03ux.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-h42qnd.i2rg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-h42qnd.i2rg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1cbnnl0.ujkih.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1cbnnl0.ujkih.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qneyg5.mako.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1qneyg5.mako.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1oaejou.c7c2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1oaejou.c7c2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-opzy6c.7ppd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-opzy6c.7ppd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1hpqp38.k1uq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1hpqp38.k1uq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-10axmwl.p2b8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-10axmwl.p2b8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ltwba4.us3m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ltwba4.us3m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kw5czz.fa9rk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kw5czz.fa9rk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1axfr7.nkipx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1axfr7.nkipx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1mfyhq3.q0jy.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1mfyhq3.q0jy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-57wku.5ytqtg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-57wku.5ytqtg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vy1t8u.jpgbf.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vy1t8u.jpgbf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-jn9c9y.bxmdl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-jn9c9y.bxmdl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-jsg1yj.z306.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-jsg1yj.z306.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jrofwz.s3axg.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jrofwz.s3axg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ee5ue.asvu2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ee5ue.asvu2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1b3j45l.lchyj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1b3j45l.lchyj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-tguc9a.0esp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-tguc9a.0esp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n5jsbm.xsysh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n5jsbm.xsysh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1r537hy.o803.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1r537hy.o803.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ynuoil.m0ah.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ynuoil.m0ah.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ozo68f.cses.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ozo68f.cses.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vsmcgy.u9l.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vsmcgy.u9l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1t6h40a.czbk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1t6h40a.czbk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bev3ao.8gtmd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bev3ao.8gtmd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1js7m6u.j72ok.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1js7m6u.j72ok.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n7g19k.40hk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-n7g19k.40hk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-vi3y6v.atkj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-vi3y6v.atkj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-l7a3tp.i4bqc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-l7a3tp.i4bqc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-i7uard.l7rn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-i7uard.l7rn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1w85dyp.axw3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1w85dyp.axw3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11kfpev.bqrx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11kfpev.bqrx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1c9ashr.uflv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1c9ashr.uflv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1tzar9r.j6ubf.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1tzar9r.j6ubf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ym5bwe.9a6gh.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ym5bwe.9a6gh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mfh9c8.7kql.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mfh9c8.7kql.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-arvqj6.0kha.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-arvqj6.0kha.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ja26av.zgi0b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ja26av.zgi0b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1miv7tv.j9ea.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1miv7tv.j9ea.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qjoeq9.gvk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qjoeq9.gvk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1so65s9.nr3x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1so65s9.nr3x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bcrinx.nw6u6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bcrinx.nw6u6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-dj08gz.g3uke.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-dj08gz.g3uke.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-85h5or.lfclx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-85h5or.lfclx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-14mqu80.mngu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-14mqu80.mngu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-17m60it.901e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-17m60it.901e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7qtb8q.beez4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7qtb8q.beez4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12mwq3g.t0fp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12mwq3g.t0fp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1b7d3zq.xagw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1b7d3zq.xagw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-5teo30.tmbao.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-5teo30.tmbao.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-vhp3mo.bjpq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-vhp3mo.bjpq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1tyxcep.l84o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1tyxcep.l84o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1x8kbez.epts.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1x8kbez.epts.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1v6apjh.mtscf.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1v6apjh.mtscf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4csjk9.9fjiq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4csjk9.9fjiq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12cb9ww.25od.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12cb9ww.25od.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jx0ihl.7hfx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jx0ihl.7hfx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1eva0ve.z7uwh.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1eva0ve.z7uwh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-90y4sd.pjz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-90y4sd.pjz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bkmiyx.261kh.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bkmiyx.261kh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7n39o0.jy86o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7n39o0.jy86o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ryhgh6.hedz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ryhgh6.hedz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1sqoht5.q43s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1sqoht5.q43s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1771qg9.xyyv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1771qg9.xyyv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-18wpdbb.957wf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-18wpdbb.957wf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1mh0a1e.kn65.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1mh0a1e.kn65.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1wkjkzt.jjeql.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1wkjkzt.jjeql.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mgs0rv.szrw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mgs0rv.szrw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-vtct63.vm9c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-vtct63.vm9c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-t952tz.h4mq.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-t952tz.h4mq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ugm19l.lmn4k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ugm19l.lmn4k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1kw9l08.tc14.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1kw9l08.tc14.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ayvuh7.44sfw.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ayvuh7.44sfw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1os84f8.6h3lj.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1os84f8.6h3lj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2dctm1.556bh.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2dctm1.556bh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-47dsca.hf46a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-47dsca.hf46a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-btdwez.ggb1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-btdwez.ggb1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-rn1kst.ceima.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-rn1kst.ceima.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-52ciwn.kyo0q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-52ciwn.kyo0q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1dmy0zr.g935.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1dmy0zr.g935.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-aibm6j.ystja.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-aibm6j.ystja.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-v9qq4w.2m5v9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-v9qq4w.2m5v9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-tqk519.ib5m.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-tqk519.ib5m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1k5ish0.zwici.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1k5ish0.zwici.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1lakkin.ds9l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1lakkin.ds9l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-18mjd56.krqy.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-18mjd56.krqy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mpf3i7.z6obj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mpf3i7.z6obj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2huxh0.zodu8.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2huxh0.zodu8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-g8qfgo.9dof7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-g8qfgo.9dof7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wf0rym.9f7i8.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wf0rym.9f7i8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-zjfvdp.ksc3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-zjfvdp.ksc3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1m8gm6j.9gt9.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1m8gm6j.9gt9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-y99x06.0unv8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-y99x06.0unv8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-m3o2iz.hdpo8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-m3o2iz.hdpo8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-15e30hw.w98hf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-15e30hw.w98hf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11maoxn.4luk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11maoxn.4luk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-j4dup9.n83y.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-j4dup9.n83y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qtdumg.pbom8.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qtdumg.pbom8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-9rt7v3.xp94n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-9rt7v3.xp94n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1dh9eqs.m4j2.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1dh9eqs.m4j2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-10c3iug.8gwqi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-10c3iug.8gwqi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1x3i3kk.9ccf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1x3i3kk.9ccf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2xdgbn.zijgw.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2xdgbn.zijgw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1u4n9ks.qiaw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1u4n9ks.qiaw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1cqk7fb.znwg.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1cqk7fb.znwg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2f5b4j.l8e6y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2f5b4j.l8e6y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1pjzoc6.k1b1.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1pjzoc6.k1b1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1asrjek.l1pu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1asrjek.l1pu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1pmfr6f.ubzl.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1pmfr6f.ubzl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-16n68kf.0p49j.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-16n68kf.0p49j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-fd0ixu.x5peh.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-fd0ixu.x5peh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1pk5wbr.dm7t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1pk5wbr.dm7t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-x6o9bv.7hwlq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-x6o9bv.7hwlq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4nao3a.xtii3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4nao3a.xtii3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1es7z4x.9sko.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1es7z4x.9sko.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qif8q9.epm7r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qif8q9.epm7r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1j4buql.a27x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1j4buql.a27x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-19l28vv.uya5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-19l28vv.uya5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1e3h60d.vcyx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1e3h60d.vcyx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bhvnn8.bh80u.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-bhvnn8.bh80u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-u3d884.6nsbb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-u3d884.6nsbb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1kpskr7.w2vv.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1kpskr7.w2vv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-f95w6m.t26x9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-f95w6m.t26x9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4bbv1i.u52ev.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4bbv1i.u52ev.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-14zmz1s.cwe0f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-14zmz1s.cwe0f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1p1ax00.lezp.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1p1ax00.lezp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11l06fz.et9c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11l06fz.et9c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-fhpzvb.pr7p.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-fhpzvb.pr7p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1lk3vnk.mkrj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1lk3vnk.mkrj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kaokf8.0ucar.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kaokf8.0ucar.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-uxnnir.c0wf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-uxnnir.c0wf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1mrrsvg.39yg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1mrrsvg.39yg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1989f0g.dh82.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1989f0g.dh82.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2dvmk1.l0qmy.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-2dvmk1.l0qmy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-g4i61w.24hv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-g4i61w.24hv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7cya8h.0vr0t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7cya8h.0vr0t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jexaz3.cht4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jexaz3.cht4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kr60xc.z2mf8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kr60xc.z2mf8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-iphl0d.68ej8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-iphl0d.68ej8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1uq7yt0.qvy2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1uq7yt0.qvy2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vxeo40.j2ko.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vxeo40.j2ko.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1o8dxa4.gd6a.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1o8dxa4.gd6a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-botb80.siw5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-botb80.siw5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1sccsoa.mz5zi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1sccsoa.mz5zi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-yzkh9k.qbgnc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-yzkh9k.qbgnc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12tyfxh.2fe.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12tyfxh.2fe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-uei435.zya8p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-uei435.zya8p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-iw5ydh.vw7tl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-iw5ydh.vw7tl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-e7kvna.e3rwn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-e7kvna.e3rwn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-145wmog.r15h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-145wmog.r15h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-h7rbr0.yxa7f.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-h7rbr0.yxa7f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-knd9e2.96c9a.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-knd9e2.96c9a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1i6xj73.dime.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1i6xj73.dime.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1thrtu3.dra9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1thrtu3.dra9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-15dwrcl.wkhr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-15dwrcl.wkhr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-l61ap7.tt59g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-l61ap7.tt59g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1yqiseo.53cs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1yqiseo.53cs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-176p8b7.8wej.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-176p8b7.8wej.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1xo97p9.lzsk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1xo97p9.lzsk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1u2zhge.5qupk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1u2zhge.5qupk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-3gb7sj.i91m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-3gb7sj.i91m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4zx6g1.ovnu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4zx6g1.ovnu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-a9wz1z.yea2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-a9wz1z.yea2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-y9s97e.49ppi.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-y9s97e.49ppi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-103vmbe.d1gw.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-103vmbe.d1gw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-yem2oc.awrtc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-yem2oc.awrtc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-87asi0.e6rzf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-87asi0.e6rzf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7151f.a9igxe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7151f.a9igxe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-20jt4l.t3afnj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-20jt4l.t3afnj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12vmkns.tqn6.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12vmkns.tqn6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ls9z0s.pa9l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ls9z0s.pa9l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wv4n6y.ticyh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wv4n6y.ticyh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vilxnc.a0to.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1vilxnc.a0to.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1yft1pu.ycjg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1yft1pu.ycjg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-cdntj9.66iy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-cdntj9.66iy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-pvr8yh.25ha.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-pvr8yh.25ha.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mv3sjs.h8joo.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-mv3sjs.h8joo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1i0hjmk.3advg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1i0hjmk.3advg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1hbqcs.7ijvh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1hbqcs.7ijvh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-14b735a.ezs8.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-14b735a.ezs8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-d4t01j.l3ymv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-d4t01j.l3ymv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-j3gbna.m8vbg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-j3gbna.m8vbg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1phkmel.81fw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1phkmel.81fw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qvhywk.567c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qvhywk.567c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1fx0yz1.qday.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1fx0yz1.qday.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11tejs8.3vsm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-11tejs8.3vsm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-sakypa.dc7gc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-sakypa.dc7gc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-17g08ps.t0d4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-17g08ps.t0d4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-158r6aq.l5lgg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-158r6aq.l5lgg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ollxgl.qri2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ollxgl.qri2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-htgr32.wukv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-htgr32.wukv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1a2vbll.iukl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1a2vbll.iukl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qeehdf.459r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-qeehdf.459r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1iwo2uy.o0ku.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1iwo2uy.o0ku.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1agnbzw.e6on.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1agnbzw.e6on.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-s35jps.co8fp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-s35jps.co8fp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1s3qfyj.jquh.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1s3qfyj.jquh.jpg"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 --field-trial-handle=1788,5467568818391121808,13281107357142043338,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1hu6y69.gv3l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1hu6y69.gv3l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ybsjwe.g56sr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ybsjwe.g56sr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-p08c7c.d22ib.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-p08c7c.d22ib.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1n3boiz.qqwz.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1n3boiz.qqwz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-8cdrmq.wym3b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-8cdrmq.wym3b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1h78v6z.ojrw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1h78v6z.ojrw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-x33hda.4s87.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-x33hda.4s87.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1itox0b.5v8o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1itox0b.5v8o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-u6op8d.s2z1s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-u6op8d.s2z1s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ibt9ef.nd47.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ibt9ef.nd47.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7c35gq.errzq.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-7c35gq.errzq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ufdunj.6eatg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ufdunj.6eatg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1la05mf.x9ib.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1la05mf.x9ib.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jodsk4.cgiw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1jodsk4.cgiw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-hx8k25.pzy5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-hx8k25.pzy5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-hmnr74.gqd7p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-hmnr74.gqd7p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1kqoa5j.v473.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1kqoa5j.v473.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12qmxgx.tmt6l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-12qmxgx.tmt6l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-19m5z9k.1rw7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-19m5z9k.1rw7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1y327xj.v4zx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1y327xj.v4zx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-5lfbfe.pty2j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-5lfbfe.pty2j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ei1ha2.zi5mq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-ei1ha2.zi5mq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1p53dh5.e7nw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1p53dh5.e7nw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-uobcpa.6fcld.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-uobcpa.6fcld.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-u2lmm6.erev.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-u2lmm6.erev.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-8xo5dy.ps2z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-8xo5dy.ps2z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4xldx8.563n8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-4xldx8.563n8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-10hp8px.xj57.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-10hp8px.xj57.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1fvuogi.h09m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1fvuogi.h09m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1rcn7wb.br1e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1rcn7wb.br1e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-gzbqo8.8oglj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-gzbqo8.8oglj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1a61trz.1fjk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1a61trz.1fjk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-181del9.32wa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-181del9.32wa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ed42t8.ty1v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1ed42t8.ty1v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wgzm9.wgprjm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wgzm9.wgprjm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1oubroc.12o8j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1oubroc.12o8j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1g5em6g.wo0s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1g5em6g.wo0s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kx9umw.qe3ie.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-kx9umw.qe3ie.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wkwko.p32hn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-wkwko.p32hn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1h4u2gf.o0zj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-3696-1h4u2gf.o0zj.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 104.21.40.54:443 panelweb.equi-hosting.fr tcp
US 104.21.40.54:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 54.40.21.104.in-addr.arpa udp
US 8.8.8.8:53 119.176.67.172.in-addr.arpa udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.4.4:443 tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 20.231.121.79:80 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 199.232.210.172:80 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.4.4:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 13.85.23.206:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
N/A 2.17.107.144:80 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 8.8.8.8:53 udp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\EpsilonFruit.exe

MD5 3631c744d6938449fe66394bae1a353f
SHA1 57d9a58affa044eddaf74a90e1586f7ec94b16c6
SHA256 c37d011ae4194ad73ed28c6beb6a801b77215b65b7151ba2c7b90a946f63e4b2
SHA512 f7f1b8db5f8e63eb3e3bb483a7facbb271ce888e4d2222fedd9c44a6f1b3096b5b1a8abecbc40b33be53cd41152457005843d3007bc1ae8a6e105863b66d9698

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\ffmpeg.dll

MD5 12cb29b61007fd6cd166882635241038
SHA1 31bacefd2d7238fb5ac77f728bb39a27b400dbb0
SHA256 2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c
SHA512 cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\icudtl.dat

MD5 599c39d9adb88686c4585b15fb745c0e
SHA1 2215eb6299aa18e87db21f686b08695a5199f4e2
SHA256 c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859
SHA512 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\libGLESv2.dll

MD5 5300049a47fd88310ef94f9e37eeb247
SHA1 89672d16382a75781eeca002c850c17cfc46e851
SHA256 33863ea4047e4eaae8f24bfa3491bb809d4c3d44489ae2bbe5e3af9e5cc1fe50
SHA512 b38ef83cb40923654ae1efcdb8af63e1fb47f640a0cbeac350b97f24da1365da23d757cacef1f9e994ace0b076b4bc1408644347aec3c94995bb27d184a93c09

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\libEGL.dll

MD5 979b72ca6e98fc7fdcfcc50d77906fb5
SHA1 dc4b874f495ed73c90b39feb566a48a081371c4b
SHA256 73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9
SHA512 bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\snapshot_blob.bin

MD5 19f1e25cc7c427dbfb519ce6dc2c7e64
SHA1 5578aa048412482650bb51b04ccbf038155f5c8b
SHA256 b6531c8ff3a288d00e4625cfc5019ccdac9cb8a53e723792616aace3b27f90c3
SHA512 ef07c82a8a3f36bc8492d0c0a964ee57c3bae3188c7c67eb555b9d117739b5a09e44183dbf9f2cf17ac386d7d777b62b534b2f55edec977c75ec3d6b5b535620

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\resources.pak

MD5 2db0729cb0a452b13400e0ad97a46a8e
SHA1 2aaaa7e0e932e7b46958214cce81d60099cfc2a0
SHA256 af41c2d4484ee3b86b63bde75f150bf67f78a6257d91b397b6b15d47b041e177
SHA512 967bcac22315ecbe76c5a1cec4439523a92710791ea6112aedeb2d294419714e7aab5526f868898c6c2cb83886dc98c694dddd314766c2ae373f55f3529a65fb

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\LICENSES.chromium.html

MD5 df37c89638c65db9a4518b88e79350be
SHA1 6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256 dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\vk_swiftshader.dll

MD5 37bba2c66e2364a5b3e6666864f3b604
SHA1 f2ecffd48760482ba055aa50cd78c5ac02d09ba2
SHA256 23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46
SHA512 6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\vulkan-1.dll

MD5 ad4a5dcf631afd553b4fed8a269c7897
SHA1 f1bded0b28ee8aed4a52a6d19d871eba4828e0f2
SHA256 3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db
SHA512 8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\v8_context_snapshot.bin

MD5 c384ae622a7a6c7ec328678af12922c2
SHA1 25165dcaf78d3d29a16e4f979370e0b009ede240
SHA256 977a027c50bd79e93ec015fbebaccfaaa8885b88c76f7e5a2c33337d6d5173c3
SHA512 d0571f5e18dcf14a591a76243d52094bb843b0779630f31cbb66fd738c1c35d10bb7ef751eb01a953305ee19f2777f4d3ca6f9b132199b2af357c0b03185d9a7

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\bn.pak

MD5 124d35950327fec461c07dfb6dde72eb
SHA1 f3d7791dd6bdf88f65a62ec2e8170ee445b6a37a
SHA256 def934201f35a643c8b097be42fe86f2a08cef5523cb61e2d94cb33ae373f502
SHA512 05a993c9ba52083b8a7f0b3662eb8e4a873d23f309d334cb4e4088fa5e33d8503fdc6d19f247c4920cdd91a165995c514b2a061c26fc44f89e864516ffdde9b6

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\bg.pak

MD5 8448caa7a70f74dc0c6e453e7487bedb
SHA1 a7f67df94ee9532d26c6e6e827d61414f4516d0c
SHA256 19f49a247dfa1328799a1be9a556d940618ceefc04a5dfd813e5c023d086a41a
SHA512 337293839e64f514152c7558f2d1cbb301730675936ecfc11242d1346c9da535896dddaa8ad563a40303cdc8884f80af679c324b31325d40b7141a8738ab14bf

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ar.pak

MD5 d7eecfb7cc52b3dfb69d8047dc6aa12d
SHA1 fa5e4e98395c4bb14259c2e3c36fc84b55f0c3d5
SHA256 e38cd21fb917db4671ab331ee505948e109e2a0c6a2f3ad0e64d09863efb7df8
SHA512 2ebc6f7749e50bb3a9c27d2235be1478fc2d58a7b6f5c4cbbda09ad4f28ee3873881dda16ea668eeb63dd259a23ac68c73e4ab4295d51a22c36284d9c8667ed1

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\am.pak

MD5 b319cd4192f5bd03bab4644ee51e4ebc
SHA1 49c52f43f542022a97d2ae18a56a266deb901496
SHA256 ab1d0f3bedb5806fa7268773b6193928cdb40e641d8563c14df1bf962434d5f2
SHA512 3fe8284422bb7de7f2e3e121b8657b7686586d597b4d453b2e38f119fd25bddd61c1218f22cc8e4bbf37f393411bb866c0d6c166207b5bbfeb45f5459e29e370

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\el.pak

MD5 b3724a4dcb17bd341da403acfdff0bf5
SHA1 05fc9eb29381f1befbafb937c564a87205779264
SHA256 0adb6e5173572ab4a3df5671cf053196f158294bc1e07275a7e6fb6d8da81b06
SHA512 3ccd57eb43840573bbd7e6d8b24028213acf58040b2795a975ca4750e4a9500d8af74bebac1b47f2d9b87204c68707d53b0d927c0aeac1fa1bfdb1c899e66f37

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\de.pak

MD5 8e560e240bb79e453167f70409226619
SHA1 bde183d2191d42797a300f0c4cd83e1db278c928
SHA256 61c4a4b5c309128ba86a5345db04798be0680905543c6986f7b3cc4b1ba72729
SHA512 5564555eb203fe86e9630dc223e4012c7e3501d68554b6b7138a3c6064d39b868e7e2e0e8b994169e918e9c6f67066440b89c7ab10f48731a84fab84c2e7ff82

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\da.pak

MD5 66e780528890dc0f484a3d6938ac281a
SHA1 5f46f7915cf101b88d29213b457f37e24d5a083e
SHA256 e698945093c1f562d0e591c03d9670a9b01d0eaa56a2c80c1d12d91d88b7b407
SHA512 9cbc2b054bd3f9d39050a4a189fcf0127a43b9991ecdc9453679c53b38cf8a25138057648a756e01fc9b4825c009a8894ef68b94faca83cd35d268fb05556af1

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\cs.pak

MD5 2c9e55ed46954a8eaa27105f3f074ca2
SHA1 bb4a36964cd1e8f140c9937586b5215fbd7a9632
SHA256 86f1847450d5c341893fa097fa6d4e0964963c0c2466a985d014dab0b65f34e6
SHA512 cf7141a3db9d44c0940e88ded1f326b5ca4031d18f8a8236b313c6a6c41289e9dfd12c3367181edcbd5425deb584b082df004bd6db0ca55a1da151703af575bf

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ca.pak

MD5 90d8b16ace2fc684d0ddde0d71f64831
SHA1 ead7dbeffb3c102d3547c8c256135991b547ade9
SHA256 020350f4a902c79e0f1f5366e209b2c309ac51b6e72d9ccf51cdde2fab756e3e
SHA512 bfeec65e7c001d7a29c18e6bfc2b4c6688c828419d0e9823d524a7b35c24a3303c1cfb8f14a98d965d4ab41c5110842ec64cb7a2928309b0bd31291e85b168b7

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\en-GB.pak

MD5 05f7b55019ba0a9da84073cec0a954c3
SHA1 b46462fa8c614161ec42fa791e4ce3163c92ea8c
SHA256 a690e642a6b781efc3da2e8c83e554d6e8b9ae6ac34f6f0a4f327dd9ea7cb7f1
SHA512 30e93503db60b8c7a8dc902efa960583316cb83337eca102f0bdafc47d3b59ad5ea1eb99b5b9deb0ff66345d551485963e4c61ce555298880aafcd298057fd34

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\fa.pak

MD5 46412682e8d0743714fc28a520aeb35d
SHA1 dc6bd723efd460a56d205bc199e3be4c98698ba4
SHA256 9861d5260b98b384603ef02e97dac0295fd255e550b57fd427bbef24b1cd7b17
SHA512 c77c5344c6a7af4035f865aa7e3a3aaab39b11c4a3bdd94aa99f15dbc6ec7cf4b6057ff48fd55e2ff41041728fecf80dcd488578dc1db249ab1b7598fa438f14

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\et.pak

MD5 3ca246cd997a68bb4a6daa8b3b81908d
SHA1 842bf5f6bdd29ccccb24ea412497acdb37a5f805
SHA256 25c1e1306160779466d8c039ea296db65d12dcf21d2ad794a36ab62b1a7901fe
SHA512 32135a0c29bf666833292b557634d4510c185f711d7ad8625e981811ea082dca0d1714f481c9c8ce8b3acefd18469093d48fc05bc0160ffb87d1e2b90f4cba1c

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\es.pak

MD5 09e0feb85585bb4a220a3ab3f21adb9b
SHA1 e564afb37d5f5305585ad1081a26b34ebee73ccf
SHA256 cf7ea140dceac78042e0d35da45a4fe732eb04e1d2b138bee4cc2dc5e7e9a0fa
SHA512 8317bd2b4f509edabac1a74ec32bcfd54b14598799537d90178ec349cd71fe967d5c677403c85e305a6f2e94722c20a83e65c0bdb29a6265c5355683856f4ade

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\es-419.pak

MD5 f9958dd6ce0ce1acea070bbf317b1160
SHA1 0dbc4020e505a053cdbe6a0a9506829498a8a25c
SHA256 ea868929f537d48e846f86020762c59c77a0ec67765c3af22e08fcc853f94c2e
SHA512 35a6e5fdff6b4e3a076eea70b7c551f1d303b4db4e63aabbbde54b4fefe40d750a03440bed7851f12750661ff8b87c5ce3382b0c71d0e171f729a7a82f968cf6

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\en-US.pak

MD5 b58cb46758c6bc8fe4385ec2ce4e50b7
SHA1 34026e96e02220cea46a31c2319f695ca2e0a914
SHA256 e34c459684971971765943e8b5b2d1751b329a9502f0fd6649679823f725b8c3
SHA512 702384f9d6d77da08fc8c49a5f65957c56e363e1ad37f9d0611092d248db1f79636a6cf336e55669e002194f589f584b5663b4d77e54fa95e18f84eb4864d7f5

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\fr.pak

MD5 a17cca5f1db7cedccda9c5a7784bebd0
SHA1 c5e0a0d24a14a535406886c00ad10d20638341b4
SHA256 e8da96855f7238a6ee3162b08d46e5ab84d98179dabf535060ef5fccdb36bc79
SHA512 0bb2217e44f1c8cd9e4cc2127454e1fd137c6fa101914bd230b9089d6317f599c9dfdddafe3d5cbc0fdc036e7b4f6e5cb528bddc572b5e26c8e0322f1a7d0b97

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\fil.pak

MD5 7c3df3c13393e1b24e4e96f2b9082a6a
SHA1 caae1c99b589e14184e9f2c89f698a2558f4ec3c
SHA256 27196aee4a6248bee44ea2b5a3de90ccc2cd53f8ce1beeb796aa4d7e25bd43ae
SHA512 2d85d37d9560cd6ff460e32c3c569851ae28d794b5319ce74c010cad527c4004e54c993d5440bd22d6e51d86c4c4683f8db03c38abca4839a10e2efe46ae35e4

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\fi.pak

MD5 a3b5292c5e2e981dc4ce9504f638a542
SHA1 6cf480f3d7cb5df71bdd4089a1821f2eb2dacecc
SHA256 f4f2438a3810ccda4740442cdd964e43883cdeb820715cbd7be03cfa6b1e55ed
SHA512 6ed819896e2aa72d73bd2af731f7f714119fbe7d1fce5909d1a9d9ecb99c6369505e6d33f1f9ebadcb0da608f9aec365bc6cb5f6e22373d577cced7e317772c4

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\it.pak

MD5 5b03bfc915b62aceb06b9c670fb77e33
SHA1 9c88ef98dea5a7d7be8571354ad3c033033a40b8
SHA256 1f9a38c852c05577aba397c388b35037eec6b9d90593800b5b57bac437b42684
SHA512 b22c4db0b56c136e9263a15bb2a31a9213ac20321b189cb0572bd1f0b0b9989a7e698d94750d9c5d01557f4b247abf9a8cff1940bab03fdb737a8276d96ed1d0

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\id.pak

MD5 39378b548f712608903ee8aa25db212d
SHA1 7f5a3466a4c8609c6bab7ed3dbc9fed52cfe1e62
SHA256 426a302448ec17e313724b38bda9ad4d5c031da48a1ed3690b547b51a06229a2
SHA512 7d2d823445316f5a63df286af2f1e28b90b8e3a04aabc835020b17f690d95f7ba2d0261876495345876cf826fc57dd0a9577e79af7e609adb8c71b8b4ff03550

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\hu.pak

MD5 4b5fea4bd49738337ab10bb3f1e6bda4
SHA1 0f27220019e099b658a9c563995dc2b022fb1d68
SHA256 e526c9c9a8c4d27c432d3cc30766fbdec6c536b696a7ccb7e9376f0e55147b90
SHA512 4e271f8ca0028ff5b8a86e8610174739d2d2b7a267381562bbac3543d03f6895b3361c2f6fcfbcaea6f5aad1690e878ae0de5c905de12b213c2c5c396caafa66

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\hr.pak

MD5 ebdf0ad52e9a0f8c8735614775ff5a94
SHA1 787feb9f703daa094814464b090aa5d36725e007
SHA256 b9c21e5187e8649157f5e49e014b8c285866ec839638344a31234b60a17e7d47
SHA512 e2853884687393fa2b0f8e4b27af5664c223fd5bb2862e5ef788f912771eb9d61e7ca1fc39f29ab679f49986b5a95b9da44727c69c99dfd3bb8ea2f4e974ada3

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\hi.pak

MD5 815dfb3eeb9a69919ecf2562b6d4ad34
SHA1 2d0fb4c2a19b7a991974783b51b13c7b3610b686
SHA256 a480e95a5cf338a90f7d077e4147f45696db9ad6e8cae1765ccc5ef05fb48505
SHA512 0e6c8374ed7f6f3b523c2dd5455b598ab0650da8ce3a8243a1a42c6327db9a694947a508a90edf95685c84120cc73964a16c7ec49835ea398dcc6186d08ef1b0

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\he.pak

MD5 5db44f8dc63c819b0ae2a5458e36447f
SHA1 6b440ad4bdef6acd31ca8be5d085db26a49a209b
SHA256 bee5f133cc85f8ca280f9f41df6790aa65161fe8dac8dea7e26fc609240e84a1
SHA512 cd0d104597c5c926480443b5d1a16526ec0e48c3d6dca6233ec7cfa63f01f2f5674d9ac9a86a45b789a94fcb3b63aeaf92351bac2f4920a25dd8d4fcd1edce19

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\gu.pak

MD5 10c1dc999bc7ab62e1f26b0497afa7bb
SHA1 68da1055b8acdf016b152a2f401322d3d76885b5
SHA256 b9690f3c550deb0827e409015abf3bcaab01c9acd33e96932e85ac84ff4c7831
SHA512 c10a956fdfab446b74f1dd2a169201f0b7ddc4ff1d7a635b9c81f07942ea0d34ea327e2e7f07e3a672ac85c8b8ce7a0e871d02946da4fb5e8e75713e56cbce61

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ja.pak

MD5 640bb80728453be0104566caeeb8eb82
SHA1 362b46036c58421f4b0f9b2f714b21e244aeee44
SHA256 1bfb337c19c9d04bc53df2d2eca6b73c11df33b6fd07a6a3fce5427ef0f38cd4
SHA512 1bd764ec56166ac59fd2acb1ac81140bab2ba7f326c0bbdc9cd30ff6246fcdd98e49310b0528fb0d8a9256ac06ca3e145a3906a1815dbe395d989443650f81b0

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\kn.pak

MD5 5a599f47d2e2ff1aaf4c8ccf8bafd10c
SHA1 32aa52f2e90348725eb619187272e9c5a7396bd9
SHA256 e55425a4ab6425f60a9389e5c19dcd5bf437816ae09a21cd53750819040143d2
SHA512 7ecb69b70d5782e22ef9047fbfa29c0778e894c5cd987d33d65e68616ba2a42a133abe16f2af70aee4fdcb34c7e8e3d3bc3c556c754a010132610628516ad456

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ko.pak

MD5 e2a95b73f9081efce223a180b7791c16
SHA1 addd6ac05707597b917ff9f7c3f7524be26df7ca
SHA256 afac9566a4e1fdb2be75faee46bf9182f81b85373d60cb583f1051b12d9719e9
SHA512 70eb91347c21f0e648e9fcf82ffbef5e3eeb6c0268f85fddc7ad4eaea2e22eadeab653476196240a75361505f40b0bdf8602b0f414faaa77354f0fe76ba4e09c

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ms.pak

MD5 63c4977a1e8f5ab37881705d084b47ca
SHA1 f716932d886b8a5441397dd6a8625cef88e85bcb
SHA256 8b18fef24ad28663e4dc5a5113a35111a78b848d70ea7fef4156ad75bdb4fea9
SHA512 3afd4f8db5a0880319b13009bcdc14892b8710b2ac91dea8641f1f632866ac564791f1d302e1208aeeb9977e613fefd6bc7c0a0fd5cb5d031a768362bc0d85ed

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\locales\mr.pak

MD5 da44d4ade4c258629118dbf534f0c2cb
SHA1 d93756c9d2d2db7755b4b7d47042a451435cca7d
SHA256 fcf1d938863cbc4d4a1d62de0eacbfd17fee4a0f5a9fcc09627bc22a98e268c4
SHA512 827c291ccfea31799e2fd48ee35aa179006a7bb3420c0346b5f1291abb4560f84b952a2bae820ef129ad77719edb16873328e7f0d030f9e2970e0c620fe59328

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ml.pak

MD5 a66617706e80fd5ff8ab6ba8dadafef8
SHA1 3718d0afa1bff72ad7164e41cb46981811583422
SHA256 51b2c600046abfa5774b85665d4c882daa3c90bad5559185f9335ff61f04fede
SHA512 4de6fabef9db34791d0d165b5064e68ffa19630482219e4c72e6dc0f9e9e56b1941297862bb2e267cc02c3d3327193a233f642b11cf74e1892270721a2d7dc74

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\lv.pak

MD5 fe9ff0063f35ba05d27cba720e2e69d5
SHA1 16a87c24f027eda9865df7090ac8023c7ae5b57b
SHA256 43bf3b7181b607d8769da6c2cf671e2a429439aee253dd774ab5bf5aa5fedde0
SHA512 794b1b87ca400798574be56cf8da9adef78f1f9f91dd42fb23e6355caf0455f8d982f2b3d9bc252673704375eb4ccf32d58ed1cbbadf8780590e5777ef41c035

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\lt.pak

MD5 720c1b3c95e8613f2cd9e40f3d160ed6
SHA1 1ea62b51f1a2c80b92e3348de260032427a9c79f
SHA256 51027bfd566fa26cd561f9bbfd2b4a6d2e41e0ddd786b7338cecc43423b3e6d5
SHA512 32ad5243df09d642e058550d2ec58a8a8de00cc442da551c195958a95af7c82c4d2b63b27d474a065b0ced5680d3e005b2a36301d02fca09413e165089f47822

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\nb.pak

MD5 23d5480b833f65f1f55cc3bbfbdf53c0
SHA1 639eff4556e4d6c879abf305176f23c014927042
SHA256 7ce821732e743c2da1f81527355226df11a21eec137940a034afeb34618c5daa
SHA512 b46b25a4dc294dab0f34e5ec733dfe7e1c73c6ce2817640a620e9a0c196292a7a4737f0f10806efba4d5831d5a2f0833925083983927b0d74cbc5c46e9c8b953

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\sl.pak

MD5 c20064c5c0dae644ce4ccc0a2234c128
SHA1 a50411c1431ae1f4fac74a34f1716809a0623380
SHA256 576891a9a61b9cd50024e507e93d32476332977db8e29ef3d46427015d4d26e6
SHA512 04f979cfc813c6b1d3a5d9b3b306c415529a1fb72e415e2742ee25ccebf04bbe3abca91bd66aa3633a97a1383f3c4b915319b8d0b25c0ef6eb8c2e08312dc01e

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\sk.pak

MD5 3ee3730ba0f6894f2651e4e1be37a214
SHA1 3a3adb77fcb6d0514a221e6671d815a1cb7a2c35
SHA256 23c8d9722e0a2e22fbc8ae1bebb9cff456fe026c986a211565fa9398376e64af
SHA512 000928407693007645230ab593a6055e6005e6c2cb362057ce8a1915ad96030a03b134ee20e3197daac9920c69df188867d3c5a603a3e36c2eccb0bdcd549206

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ru.pak

MD5 d269143626296c69906523810139e9af
SHA1 43abe13a4837892644774bf06eb89cafec49ac95
SHA256 b1bd2d1cc678784ab73a691d4a3dc876be78eee0a30661ac2666a9b8ab864ecf
SHA512 76b0cc1841dba7d4b4175b0c10d6c36c7f3e8ea4ad0b4e4c091391e2754913cb6c02f0285b73372d604a395b23995998090a0c68b607b4106226b7ac67ceff23

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\th.pak

MD5 1a66feba0d44231b935d83a7f36a09a0
SHA1 3e674234b10350ebec218c904a9c90f3edd29711
SHA256 11fd04f3b33d09041d646d34e61fa15b96c12dbc62e229b64306356de6155cac
SHA512 b7617094a6d27670c0720dc5dade4a866ecdd68c45c1b9e6dfe1c3074dd1957bd7459210d111ef33727122666b24c2449cce9f3e903aae59dcbe438b38c8a021

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\te.pak

MD5 1eccb7be373fc3144ada2df9e493cc07
SHA1 eef3e05afdf910671a046cf90291c17731bdb378
SHA256 bd0a936ab62ab6ab172a192b7c082b824706f6b3d88580a6b6be32809354fc2a
SHA512 ea30d14fb7c2ad54263e12eb8469e6b058afb30448900b55d944aa87e266d735f2a04d2f29303087f2d13f379483d681285182e6ad2bb25bf36e311828e2a08f

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ta.pak

MD5 3dcd0523ccad674f2e93de57ad0082fe
SHA1 fd4a28ee288a1f33ee7260ae80df93aae9718039
SHA256 72ef4527f01018c90c583e48f37d20bfa684012bc00cb9ab5ffa3e222b9c7f3a
SHA512 2ec95b89051b019e98e6a1852e5e89e1c985a10998af1cb2603e5766698a2880355d8e6b959e60e9edb84354e99d0286708027c39a8add816c172ad1efe35b49

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\sw.pak

MD5 89c5dce32ff87d5fb2b8e815f7e4cbab
SHA1 ca3138ea6103a5ba39e35c53e980b44c9889d386
SHA256 ca8d57f632880f7b736ef7f8c5f35ddc867e50919b1f7d835bae76f823ebed13
SHA512 9e3ded0e33f9441f31e95317ac6a7a140ee5c63bea8b1bf8c03952804fb6783e61e7971d5cbe1c698d3c4067233b78bf37099054fcfe38b091829f5435e6d435

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\sv.pak

MD5 007d56b78104f7e245f7c84f07949f25
SHA1 8e3104a8c26f8418f44e19640d9babcd68a640c1
SHA256 e6c9329d7184190a0282f6440dcad5531f9656514a37b7dcb5a510ef17f3793c
SHA512 30c492d48aff33af8a0290cbe29864ff5c7d46dc50f5c4c6d5c96e6aa273926840b28b78958070e1534038e66c0142ab65153d32d28b56fb5dca28844370a946

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\sr.pak

MD5 0cf9aea120b76672d2b5e30e928459c5
SHA1 0219aaa5d84847fe86762baa82b7b8b301239c9d
SHA256 b6aeb180462d8f312762a419b45c910929e2322d45bbf2b84b0871ccf7838945
SHA512 e79a0800571ab7b64602db4941b689231edb20d65a89272b7dcae53426b7811791df8f6ef174c83680a6adf931efc3d47f133b971254c139e8b04953b8a10979

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\ro.pak

MD5 1ab0cbe10cb7c3d5beadc7b04a881885
SHA1 eca1fe3842b4a1b070a0f9ba1a27fd3e6284ba80
SHA256 9a80b326b712debc0d6e9639b45352fed1c4a49ec37490b49b8506c636fd2947
SHA512 581e42422db7ead773990036ce49a5d2589f3af610604582a4820dcee1c37d2923fbace738a42cb8b87407915e1693bbca6a2234a0716c7c8d875ca30915289b

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\pt-PT.pak

MD5 b7598cb8f05f465909ddb0045d60162e
SHA1 b794c944dd5287e550a3e46bc9a0584d3d753eb1
SHA256 c338f6de946cca52c457d236037cf1c9f13b6c73796b713f390524f321b401d6
SHA512 a53e9d6af760c4aebd418de134ba23ebc27076b02082e9eb1afb1bb7ec93a45ea22a4961c49023d7ca8b2d3aa99462ec35180797982a481ae823ac19b4b96f84

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\pt-BR.pak

MD5 7b7bf21b01ccfb27af8cd37d738f1106
SHA1 da1db09ee88c005610ed08dcde1b2cd73bcebd84
SHA256 1feb01da1f443fee8ff01c3b585d8f0ebe6a5e242483cf6f0f93088e76913e76
SHA512 ea0bf1357616fd33b41c7189eafd2948324bbfdedb043974dcd0f78693fe868a4d37ee2c0e979d9795cad63cbe70fba0794641beece737886cf92bc29622e464

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\pl.pak

MD5 def25f809c246d15d8a2f41a78b504c9
SHA1 4462b50e5613b1519987584d974fa0efd1812ced
SHA256 165005f81f071a315d0c4183fb3bc899e464c4cbf2dc450ffa09ae6bb5d517d2
SHA512 e6f17d5426ba98348209a51632db0cfe19287baf3752948bd76acb77b7eca51aae905adf7c316b17cc44856231d034f044cc056b0e0f1ce3b4999dea29597cc9

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\nl.pak

MD5 6e404adeb945cb7952a8c4129e098759
SHA1 a870715beab03f3a53c74b5aac2f314b517184b3
SHA256 7531e450f725f7ac75ceaeceb09155786d367a4456f4e71e7523af9219748434
SHA512 30917740d923ca25fb9f3c32bca100d58388f5c6d3516a29f3a39d1ca8ab3e4058b271224c8b9554479d91718cca3dc1c9cb08b38b19ccc36a0d57ed0146ab70

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\vi.pak

MD5 806b7d282e74565b95264ebbe6794d48
SHA1 3aabe2d802283fb9b3ef43932c1b7638ef6a1053
SHA256 7b4bf97b78a07422359b709ea17d1d6aa038e12ec420cd0fc7dce4b313fe4af7
SHA512 7380b7a2b239932d1167f194f81a1c867983fe318a1e48d246470de0c94837edd6c0a641e06f888e36ff5041fc2a69d19cf1a46bef816d07fd3ecda42b84e524

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\uk.pak

MD5 ba2462d8b3b975bb265bcce6a3410cf6
SHA1 3caba82b3e14350a33711db68d98e6d211ac9fe5
SHA256 1dc63c538f6b96cf4e70284c078a6e18f58f599db2a2ec594da23b244944c9cc
SHA512 a46441e2c97032928dfc19b178cd3261887b7076917a4fe829083151c8298703c3921001cd62c630b35504444f069973605b487c954623ce16682491fccb7d50

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\tr.pak

MD5 2bcae092530d06fba9b23492ac4a1d6a
SHA1 4114af7364210a4bcd10099911083de2abc25d40
SHA256 65105386d6b52445fdc7660648259b43a04849a05035d749858d9f64d4209836
SHA512 e87778246b98d87f2f29e2abb02290b829cdcb753fd9b184fec61b0523452e262527432b73a11eba86d547ffce2ce00b4180ae8367419e2174b825ed290345b3

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\zh-TW.pak

MD5 ad19e8ac7f2b5e5f67b9f5671299d19e
SHA1 4a6936a4971c2b9a414f40de3eb5dafe1b5b3e52
SHA256 e30d22153e0860246c8c37855a385471ad1e74e1eadf56476a1ea980f9204d86
SHA512 4f283deaad6ef0327baf7cdfef063293d27c1746431261553a6c7925832fe77c8017c6d11f36c5ec657ecd3b563099c9e35bd2cbe52c12ee734f4bef9bffe077

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\locales\zh-CN.pak

MD5 c82a124cc6e87ad403a67007b9c1fdb0
SHA1 1d4f1c0a3cda7d4a75a0f4035bc6d2718102f09c
SHA256 f597245963ca7b42b2a7e5e80af5258972002fd4bcd3a21c875e4051df3eb1a9
SHA512 5e45df31658039144316299879b4f1de7eb157fb830d08e8d93d3ccc2e033b1f8e2f59d29e11785ac8346988d5ba2afc373c01bc4a58ba3cc4439d9aff1ada87

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\resources\app.asar

MD5 7c12cdbb67299b493b73806eac957772
SHA1 ca424d8cee74e800738145ec1d2ead625b1b83bc
SHA256 b4c6a89d4f649ff7d6a99e9733fd015873b53c091184c9ddae39d4227c79293d
SHA512 0423f205f14116e21212a129b2d96ddaad8ff48e873dbf674a41a22c3c0f99dcb645f6b0c8eebc102470bbf4fd3bbdc32621697a312c53837fe2abfa8e58c34b

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 d226502c9bf2ae0a7f029bd7930be88e
SHA1 6be773fb30c7693b338f7c911b253e4f430c2f9b
SHA256 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
SHA512 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 41d3387761bbb79d4820e8d242561027
SHA1 27dfda8ce933af12578fb64f3171f40f56bace55
SHA256 ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5
SHA512 cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\swiftshader\libEGL.dll

MD5 2ffc36c5555a36a4f26c1aa7a8108b4a
SHA1 2ec38b17a0e9d5b0a4c397921aa4430607d32edc
SHA256 f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5
SHA512 0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nsv3BB2.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 11410130bdfe7387de7870e66da98a0f
SHA1 dc1281896061d0e4d20b39a2b32bbf3f6016a159
SHA256 aca9e4a8fa34851e14d4db2a7b5a3fbe03e3f8c6310d556dd2bbec0830532310
SHA512 da6ab370f634a87b7d97212c3bc37707604f2a4a7be3f7c93041f4df3601158920c13d48cd22e4e1ef76fceeb821aa225ee75b8859ce6a6b3dea0f0cc97d12b1

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar

MD5 b8730f1dd204a652a9234dbf0454ac92
SHA1 bc8972075cd63395ab18c89e3cfb037492fa5246
SHA256 c8cca67504890193adf50a3899c0d446565cece9ad37ca2eb43c88561d09a1cf
SHA512 20ea04680139f373f68363e6963f35df0fc7a98bec47041f773c9d088f8aef6f37925575204162dcf2c5183d10f8a02a6ceea7377e7cbec2686e35456b163689

C:\Users\Admin\AppData\Local\Temp\6c4632a8-cd13-4690-879b-9158cf070549.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

C:\Users\Admin\AppData\Local\Temp\f53190cb-c175-4677-8f98-d1201d38f998.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 af770148a2dcbbe050a72baa716d133a
SHA1 3b5a9aecb903b654fac411b010e8d62a058cbc58
SHA256 6c4e8dcf0492e9c4210a43b71e83362fc9d5847fd9d171aff769ff65d7af4148
SHA512 23bb1f6ac0d10fbc7d08c63d21785827e28f0ab03145af2a228bbe804a884f968fda65eabb2a604c89c6fed73836d4c0c95f84051d4b4e37b9e0fe8bac999066

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 a2fa439c32be6513c49890a14fcaa5ed
SHA1 9682e370ab22b7dd9eb6d32fe61f56ec93b8e99c
SHA256 312fcdcc496097a4159f385b3b1fce30e91273228eb5f71464a46581a6a056d5
SHA512 4f080d6cc0274241994fdd0368b900550331386fdb20f5761b6a2612ffcf73bf29e094c8731e754df10375d29c0aff870ba7397f738a75547aa15cdb7d454dfb

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 1f44185290f7e382f46f5fbdba8c8d50
SHA1 f46a1b19f4effe12e1878426350ebd19525abf6f
SHA256 991ad9832f0207d683216d8b663bb8d2c845f852032be432d562f3faa317370e
SHA512 3f68ef919ad8b19acd722735f73e8a5e6b87a8a0df265b5afe66ee233d6a93ad806331b264bd8c1280ee75957dae6346e581cae864953e1f9cf1b6990f52e66e

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 e60f4518d9a7412d081196a0e775c6dd
SHA1 164db7d54749800ee33868e1535955f2feb5ea8d
SHA256 f6759b65ac77db5ed33413b6da8431d851477bfcca4d481597cec92ad2973a18
SHA512 c0eba1fe71f2eb7214762b47c94ab7676871d1f492df78b778e235228b721e33a2f379f9ef42800285ed5ad157dfb58de8d44b0ea38f731b684f3ece971254a4

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/4428-578-0x00007FF9BFBB0000-0x00007FF9BFBB1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\17cc1bbf-f32e-40c0-85ea-64f8b1a47987.tmp.node

MD5 08b28072c6d59fdf06a808182efed01f
SHA1 35253af00af3308a64cff1eda104fd7227abb2f4
SHA256 7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5
SHA512 f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 116b136292e42f22b39da4cde24284c6
SHA1 13b48f3e676cf3d9f94e8bc4442eb7ae15b19ff3
SHA256 c878abe7783c18a141bc92c652c64594f4b9f8875b8cbf81fbedb2e7542f9d82
SHA512 2b5f5b03d869f8d818da5d39dba5e9eebf273b84d521bb1e1bdc588b2a9addd49c0b584a8cc183b0c7afdf0844e481a4a526e20a28c308668f02f4716ac895aa

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEC3F14B4555146C5A84616B9ED6354A9.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES6D31.tmp

MD5 c665fff41ae2efdeaa5b4b90456d0785
SHA1 11b59652a23c36c7be1d0e496120c63d0035bd3c
SHA256 66e0ea9616469e5cf1244f51dc4f3d171edb3974634a352c294505aa1cfe96f6
SHA512 002a7dc5b7ae9573a8835ad3b7131a0aaa06643abc0ba0226acea8960f147e712c836865d8155027cbfccf28064a766da6c130a6dda56539829dab71642aa223

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 1fbf062b996b476e174fe7ae42b9efef
SHA1 7be06b2b4e51351d9acc23f103824dde2655bb4e
SHA256 35572e7c2f591a6d1829aa09ed21ac8f804136d3322cd96ba692f9bce3dac433
SHA512 da2358e49f738c6dd9d4cd7e7d42d48cc73d771124961e428058aba3d384fb28da97935a1c520fc59269f2bb70ab893f6467bc72d147199bb5ffdbe9b4fb4322

memory/4508-714-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4508-713-0x0000000000510000-0x000000000051A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RES6E5A.tmp

MD5 efaa632397d0dd877b3b77579200fddc
SHA1 8be1107bddd20322329ab2e330cc14d73d7afa94
SHA256 20da06bec50880139cbea52fa8165cf84f94aef4dfead77dcc7b1333bc6a73dc
SHA512 529e4253da0ed3cfc4f727b74da33270d378a1269cfc63b8113c3ce43298f5e171e24f35ced9effa9f3a73ccd866d784a9151e5684e70d63c0a2c7008932088d

memory/4508-724-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

MD5 f3ac7a0e31b9af1b495241eff29915ad
SHA1 286fe23eba741cd3fca3f3e9a919021946655392
SHA256 f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a
SHA512 b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

C:\Users\Admin\AppData\Local\Temp\2024319-3696-yrsyb3.pvpap.jpg

MD5 519d0194c92c08b257b3fd36db08ea21
SHA1 3291ffd5cff4f43a063ca16c2a3f186884fb0a93
SHA256 0f0196e6dfd10ee585071028f0a2f17031540e912ef7934fb67f3bc783063aee
SHA512 609fffc89dce4b06a135e85004a881b2ee64c85ccf799a586f7d2e856841bdccfda84b5560c1044516ebff6376bdccbbc1937c652ba41c181db6cbb2654dcea1

memory/2312-729-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2312-732-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/5096-738-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2040-742-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2040-745-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3144-754-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3144-757-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4992-763-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4760-767-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4760-770-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2312-774-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4472-783-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4472-780-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3864-787-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3864-790-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/1452-797-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4636-803-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/1452-794-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/5096-804-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4300-808-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2236-817-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2236-814-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4300-805-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2308-821-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2308-824-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4484-829-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4992-826-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3472-832-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4600-840-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2312-836-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/380-844-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/380-841-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/1528-846-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/1528-849-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/1344-851-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/1344-854-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4636-856-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2072-860-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2304-863-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4520-867-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4588-871-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4484-877-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3060-875-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3472-880-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4500-881-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4600-883-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2040-887-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/952-888-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/952-891-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3776-893-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/5092-901-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3880-906-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2072-905-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2304-912-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4152-910-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/4520-915-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3068-916-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2236-919-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/2236-921-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3028-923-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

memory/3028-926-0x00007FF99DED0000-0x00007FF99E991000-memory.dmp

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State

MD5 bb3d803d228ed43425affcaaf8fb5da2
SHA1 1eab52169a4a93ffa2454eff7a7e3000554165bc
SHA256 27e2014675841f1d9a3df6f8dc8ca42bdacd4d8c34f09989fb4c6b4a6965898f
SHA512 3fe0c1a9c0279674d994d0e12a45f180a50359dbd91bf778010cd0b340d68ce6ec8e4acba9020f95f74394591fc0ce64e4938a3a95640800e00e785afe2e9b0d

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State~RFe5886bf.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/984-1877-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1879-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1882-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1891-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1890-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1894-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1893-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1892-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1889-0x0000016960070000-0x0000016960071000-memory.dmp

memory/984-1888-0x0000016960070000-0x0000016960071000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240215-en

Max time kernel

131s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

Signatures

Epsilon Stealer

stealer epsilon

Enumerates VirtualBox registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\SOFTWARE\Wine C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2388 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2628 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 2388 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 2388 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 2388 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 2388 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 2388 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 2388 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 2192 wrote to memory of 2912 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2192 wrote to memory of 2912 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1012 --field-trial-handle=1192,7888707671752171380,10718827970564779730,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1280 --field-trial-handle=1192,7888707671752171380,10718827970564779730,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1604 --field-trial-handle=1192,7888707671752171380,10718827970564779730,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1264 --field-trial-handle=1192,7888707671752171380,10718827970564779730,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1740 --field-trial-handle=1192,7888707671752171380,10718827970564779730,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-4ki9wh.yiimm.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES33FC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5FAEE389F07A4175972C2D2FD5022DD.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-4ki9wh.yiimm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-u0c6xk.4k55j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-u0c6xk.4k55j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ib8lts.rdub.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ib8lts.rdub.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19lrdw8.jkqh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19lrdw8.jkqh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-32wli2.xvuaa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-32wli2.xvuaa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1g5zxnr.jlvgl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1g5zxnr.jlvgl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1eu8yrl.9p4m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1eu8yrl.9p4m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cb1wsr.9mtc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cb1wsr.9mtc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vdmswh.f7158.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vdmswh.f7158.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vx4rx5.1qmer.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vx4rx5.1qmer.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-660end.alj84.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-660end.alj84.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-v5oqp7.y3ynr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-v5oqp7.y3ynr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-pmuj5h.50hdf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-pmuj5h.50hdf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-162zuk8.11dr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-162zuk8.11dr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-h1ui26.gzkvk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-h1ui26.gzkvk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1dtj19v.n1lx.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "3217431281842466351-1876559077846694990171058027-1275948263-346850684154023341"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1dtj19v.n1lx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-171hn3g.so29.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-171hn3g.so29.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12j1lc5.lwxd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12j1lc5.lwxd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-oxtac1.9ln58.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-oxtac1.9ln58.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1o5qql4.uhb3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1o5qql4.uhb3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wutrlf.78ij.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wutrlf.78ij.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-beld78.rueh9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-beld78.rueh9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-11d8fqo.8fxw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-11d8fqo.8fxw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hzzrh7.br3j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hzzrh7.br3j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-157rhcy.g74vl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-157rhcy.g74vl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-qzsar3.q2b7k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-qzsar3.q2b7k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mnksp5.scl4m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mnksp5.scl4m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pv9n19.66jb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pv9n19.66jb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-by9nih.ma3l9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-by9nih.ma3l9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-9byqi1.l5cc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-9byqi1.l5cc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cig90m.czsy.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-6316174801102545752-336771227-21358727611851718684-21062452861774618629-1834950133"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cig90m.czsy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12r0n7a.lhmp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12r0n7a.lhmp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-w8exer.nfm4c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-w8exer.nfm4c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dpg9lq.rmq2t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dpg9lq.rmq2t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1s5e4w5.y7em.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1s5e4w5.y7em.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-144eqt.mz9d8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-144eqt.mz9d8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qdrgnc.rzc5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qdrgnc.rzc5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1olfv5q.ejsig.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1olfv5q.ejsig.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dt4npz.whbh8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2143159728-1615936168-581478394231930701-2128164129-16266339891391362499415092063"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dt4npz.whbh8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pvnii2.9wl0f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pvnii2.9wl0f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-526goq.zdn9q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-526goq.zdn9q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-acfdu9.w0xsh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-4112501419816256475373102901101408543-11331545332422443-3662988501697826093"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-acfdu9.w0xsh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1n8posm.xg6d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1n8posm.xg6d.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wvj8cy.vkmf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wvj8cy.vkmf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-z74k9z.s2z9s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-z74k9z.s2z9s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1fiyxz3.npndf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1fiyxz3.npndf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-18v2tvy.qr1k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-18v2tvy.qr1k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ix2rw9.c4q3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ix2rw9.c4q3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bhvyxm.vs0hu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bhvyxm.vs0hu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1a1kdci.dxwig.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1a1kdci.dxwig.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rik2jk.epc2k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rik2jk.epc2k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-16yx3nd.1wn2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-16yx3nd.1wn2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1o124hw.d67nl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1o124hw.d67nl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-50e082.3614a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-50e082.3614a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-g2quaw.araci.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-g2quaw.araci.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1mgudwz.k3tu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1mgudwz.k3tu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cp5lsa.l66n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cp5lsa.l66n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vmoye2.jdo27.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vmoye2.jdo27.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-hro4sd.xanai.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-hro4sd.xanai.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ms6i14.tlaus.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ms6i14.tlaus.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-yrbisf.niy6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-yrbisf.niy6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mh9p8d.q5u2b.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-628015188555442199-1303659068-1391387419-12421079264381248591212728070364003228"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mh9p8d.q5u2b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-hu063d.1bhpf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-hu063d.1bhpf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7kv3md.4mahh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-495436439-7519312523240223206808800813993114151209209865-1979893918-912179323"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7kv3md.4mahh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-137q94d.ijez.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-137q94d.ijez.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1u3m581.hkwo.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1406729182359586212-414583096-8522089691851402085-198307389417036744061609627780"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1u3m581.hkwo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1e0byy7.neyq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1e0byy7.neyq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-cirdv3.awx5k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-cirdv3.awx5k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-epmgrd.7ak7t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-epmgrd.7ak7t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-3nh63v.3l2nv.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-922365314574664356-926794867334206891-9344578841997267605-1116402492-2039265119"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-3nh63v.3l2nv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bc3hnm.xj7v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bc3hnm.xj7v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-t1ic2j.p9ol.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-t1ic2j.p9ol.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-180nrni.o0xvi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-180nrni.o0xvi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-70qaxr.ivbg6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-70qaxr.ivbg6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-j9dchy.0mgtn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-j9dchy.0mgtn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qki6ik.atax.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qki6ik.atax.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1j85kg8.ra54f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1j85kg8.ra54f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-pxmjug.z3c89.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-167613225910596510062065936415-1096915984919999524-1693493193-332279634-359957564"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-pxmjug.z3c89.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bwdmjm.8upvh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bwdmjm.8upvh.jpg"

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ns0ldx.b8g5l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ns0ldx.b8g5l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-iv5oje.czx4s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-iv5oje.czx4s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gmxn4o.y8w2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gmxn4o.y8w2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1arp8z2.j5gxf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1arp8z2.j5gxf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1h3yg5x.ndq1l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1h3yg5x.ndq1l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-adksiu.03hni.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-adksiu.03hni.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-srbf24.bnxun.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-srbf24.bnxun.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1h1t4os.w38q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1h1t4os.w38q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-eugezf.63qe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-eugezf.63qe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-146buph.xttg.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1720046321101381551-8878595171213512605580941401-1490676112-8325957261010534810"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-146buph.xttg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1vlw8mm.r0uz.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-676102780-99237189333145528-89056621612522980581975037443-19731033802040671395"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1vlw8mm.r0uz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jkg0gc.t7b9j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jkg0gc.t7b9j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-17exutv.nnm5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-17exutv.nnm5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19v5qm8.efue.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19v5qm8.efue.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gf41sc.p7hu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gf41sc.p7hu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gqgeh3.j5or.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1535389105-7629852385865313941375138332259509091-4341993251353278589-2081374682"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gqgeh3.j5or.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-j9lua1.18ofp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-j9lua1.18ofp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-130tqsw.ppb8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-130tqsw.ppb8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mm4d2p.ny2lq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mm4d2p.ny2lq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mkp1cp.y317.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mkp1cp.y317.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qfw24k.omjx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qfw24k.omjx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cdjhh9.48mh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cdjhh9.48mh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1e9wmb9.ru75.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1982694164-1960916304-316517947225389471356995981-119946251-1637189830853497469"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1e9wmb9.ru75.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-9giq2b.zpvof.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-9giq2b.zpvof.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wcomh4.hqwap.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wcomh4.hqwap.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7tshhy.fwpp5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7tshhy.fwpp5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-tm9urp.4py7.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-16166079301376624299-1152628140270690006-18189306021936906841424336995993967387"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-tm9urp.4py7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-aim9bb.v5mx5.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1227362638-1040720474-469792437-505791075-718634890-827433308-4367862691405256776"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-aim9bb.v5mx5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-cbyh8n.c3aao.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-cbyh8n.c3aao.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-k7oubn.lgwml.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1635175906-18392950401501940815-1028263091-38294768-983120521-15372582172098623644"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-k7oubn.lgwml.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-17epcky.p74u.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-17epcky.p74u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ox6lnj.glw5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ox6lnj.glw5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-tm5zrv.qg8pj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-tm5zrv.qg8pj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12plyt2.bfle.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12plyt2.bfle.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cbvzxb.6htq.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-5316546711109569427-6424731152009755445-1865401096-39904702810521317361253941615"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cbvzxb.6htq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1xxe46s.cw2o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1xxe46s.cw2o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jezmeo.ncut.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2224146101373870905-41755017-1542809631438349265-1772820015608159142-433457203"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jezmeo.ncut.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1n91uc9.xp36.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2890741111255178990-13627397191542256374-1003686129-2697245181570345536-592340408"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1n91uc9.xp36.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-fwq6hf.b45t.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "426567869295409512-1902724539-9610386398662301821958153290397953-1693900859"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-fwq6hf.b45t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1c4nmo4.cdbgj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1c4nmo4.cdbgj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-98frl7.t9996.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-98frl7.t9996.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-451xxi.n4wco.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-451xxi.n4wco.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rz6u1j.vtr3l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rz6u1j.vtr3l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pw0z1n.evtz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pw0z1n.evtz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wgid9b.9wku.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wgid9b.9wku.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-y3r5ib.8z8i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-y3r5ib.8z8i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-16dnpda.d4mr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-16dnpda.d4mr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ndgbjh.tj03f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ndgbjh.tj03f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jcf2mr.g575k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jcf2mr.g575k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-a9buy3.z0ih.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-a9buy3.z0ih.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-s1alft.l20v8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1303574165-82366711872747684-715520611818620736-400539993-5951237141132346701"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-s1alft.l20v8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-doupu.chaor.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-9188397422099072748-1294392983-16680103841477633550114612556170454938-286269972"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-doupu.chaor.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-prbl2q.12jyr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-prbl2q.12jyr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-18y76rk.2cvb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-18y76rk.2cvb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ps2ukl.hss7.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "665531772839648001-1493901180-13511758002033784642-13263629513259999471570755072"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ps2ukl.hss7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mpwq5b.37l5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mpwq5b.37l5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rl7pp9.sh8x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rl7pp9.sh8x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-o3ahmx.qsepp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-o3ahmx.qsepp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-g91c0v.cio6.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1565140994-953604533-807624092-1104309011-146971091-432494102-626703375-1695226749"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-g91c0v.cio6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-15sc8vq.oyve.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-15sc8vq.oyve.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1aptvyh.nqivh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-158957415917638513154040282701559044392-382203701-999564264-224977242746742047"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1aptvyh.nqivh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-h4dkav.vqvx.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1787702074177995217-719743527344185419359393058116209571839895386-1908013595"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-h4dkav.vqvx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1lzxzey.utqg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1lzxzey.utqg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-djr8op.ste2s.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18333206741128375125112390771667121919-191783105710321836291742476227-159267651"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-djr8op.ste2s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ddbe01.hdtv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ddbe01.hdtv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1e9y5pl.2lvt.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1745669237-342647106-1072093615-825451014781650133-1740517701412877229-915851047"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1e9y5pl.2lvt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-iowols.02uik.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-iowols.02uik.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1c1s2if.irwf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1c1s2if.irwf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-l5pjd1.dibz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-l5pjd1.dibz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mw3zoo.umiwe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mw3zoo.umiwe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-10d2zwc.m3s.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-363101242-1875098921-47634138515133990051401420163-1641038719-15262081282013085278"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-10d2zwc.m3s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-e30qmf.lr5w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-e30qmf.lr5w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1povmcg.7j6w.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "182571558216704980693267654071468261339-94984417013576956451217951305-787085602"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1povmcg.7j6w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1rjvdas.8r1f.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "6704645-1504167225-1852123085-492794494237383713-42098085812474869231806452122"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1rjvdas.8r1f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-v48s5z.ysn68.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "594608473-137928611-563417187-926591200-14948557561831742267816219233-1764764924"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-v48s5z.ysn68.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bpq8ov.5z1z5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-bpq8ov.5z1z5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qdykja.k3x6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qdykja.k3x6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rosw2b.c794h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rosw2b.c794h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-8sncje.94ddl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-8sncje.94ddl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-manhp0.4gsz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-manhp0.4gsz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-o6k71.gp1wz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-o6k71.gp1wz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-14u10t.atjrt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-14u10t.atjrt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jouh6q.3awym.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jouh6q.3awym.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ubexr0.rppl.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-15068467781683961720-1431026651549914671-1255061464-191562732111724760551722551623"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ubexr0.rppl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-k1bhs4.itgj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-k1bhs4.itgj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gdg27s.x6bil.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gdg27s.x6bil.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-w1xww.ipn1h8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "17329717311996634675840774727458993346781789473430482470-1313877618-918781158"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-w1xww.ipn1h8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-n5uod6.431r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-n5uod6.431r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-l7j6t5.hvz3.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18567907961241854990-1618296466783886042-301962276-1313786061617527325233920755"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-l7j6t5.hvz3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-swrwtr.gtpcl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-swrwtr.gtpcl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-xrvdto.xrkdn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-xrvdto.xrkdn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cjw1a7.wn7jg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cjw1a7.wn7jg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1f93r34.zbtf.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2087763103-6445909417643409121028222685377763812679158585-1557897361258293212"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1f93r34.zbtf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-n4xyff.b7z5p.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "12500194521763473379630412-756855163135262572615757908961170759908-1136688357"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-n4xyff.b7z5p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-e80k36.7616s.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "734614859-1979676446191781658818601774301225528575-1892640394-8965632001109225809"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-e80k36.7616s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-nb1eg8.qm1r.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1797671142-18946584412013463511-427435733943704290-877865341-348587698-1697781942"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-nb1eg8.qm1r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wjwnqo.cffc.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1501009100-1122056145127316667-4390976871684246394-16898607991330781728-908264967"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wjwnqo.cffc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b5zzmj.5kvr.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "786523987-1664938209-16749934017818137771901114079285204481-568723974182782169"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b5zzmj.5kvr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1840hoh.6gy8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1187525181-2656205261319459572-45625976211291998111095759961800496713-1545673024"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1840hoh.6gy8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mlpzv1.vk92i.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-4359007934580112312154582931291400941578654925657217929-2092523805-358725791"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mlpzv1.vk92i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-blort9.q8g1c.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "17906164583292596541879535121151626172-1648202581431878148-1651035045641337687"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-blort9.q8g1c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7v4slm.zkee.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7v4slm.zkee.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-frwzdn.ni2b4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-frwzdn.ni2b4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wf6tut.7sxrg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wf6tut.7sxrg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-36kozv.gt3da.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-36kozv.gt3da.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1p4sqpw.eucrh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15967709348675825263800242701800038164106435643-87547908917930118961845986145"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1p4sqpw.eucrh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pg7aqd.nq8i.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-4620068031952154010-1472043917432285919-1541890612-940027947-5402825371114186555"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1pg7aqd.nq8i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gdydto.rr6x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1gdydto.rr6x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-i8kev5.3t2rk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-i8kev5.3t2rk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ehuutu.2aazi.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-10913119631759284814-794482341-2039490202-13188164761858365484-1844508000917454930"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ehuutu.2aazi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7z942a.20hx6.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-14234926371941708320900432411-309508998-3519315383545954201646066271086601828"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7z942a.20hx6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1oygxd2.3v9m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1oygxd2.3v9m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ezol43.xjauc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ezol43.xjauc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1bcnlhr.8mda.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1bcnlhr.8mda.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rs1zhu.dssj.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1222527777-1736097053176056856613734257011875490433-183073927-668367742586659073"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rs1zhu.dssj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1h94bmr.puza.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1h94bmr.puza.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-5zckgt.z21f6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-5zckgt.z21f6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-17ftrou.uwhm.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1777164875-1491471279-537140759-1479708396989457868-4257696215678324621935965639"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-17ftrou.uwhm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-18b401a.dp6e.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-6582521-4964204871273786190256069935-1074430977-351707699-2080012804-1581371469"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-18b401a.dp6e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19mzv4.d2ex8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "47606642612022225433274045071993456491-621431816968889468-2138603376-1707531289"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19mzv4.d2ex8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ejict7.2k5e.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1433304530-874228842-1681697011202714708416465981561497726210427110011-1519057656"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ejict7.2k5e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ub6zsw.27wz8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ub6zsw.27wz8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-cwlib0.60kb.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-353300553-1517268808-1830269352-1693432525-417028854109088838-801181564-2036326529"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-cwlib0.60kb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1piuk3h.0ab8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "739575603-940458389899124451-577932217-2014626985334740370963032251496424737"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1piuk3h.0ab8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mu13cz.wwh4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mu13cz.wwh4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qod7fh.5loi.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1086215641-1664963873-1199266161698991979210626913620732472961518664084-1171736854"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1qod7fh.5loi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wkdeoe.vv7ii.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wkdeoe.vv7ii.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-znivca.jlmu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-znivca.jlmu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b80csf.4qdd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b80csf.4qdd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19a0ljn.rgsgk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19a0ljn.rgsgk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1j9qbvh.cgdb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1j9qbvh.cgdb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dqw2i4.6crk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dqw2i4.6crk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-q6qmoi.ot9fb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-q6qmoi.ot9fb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1l0gzt2.4kza.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1914468527-130848876-18352468051202573801947164883952018157-1547787709-274997330"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1l0gzt2.4kza.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1rmozql.kbz5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1rmozql.kbz5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-197fd3q.j88n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-197fd3q.j88n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hkfspa.du54.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hkfspa.du54.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-3wtrz0.yucpj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-3wtrz0.yucpj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1j6a5uc.lju8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "290618394-900870628-5501116931303522433-1352135674-433538872489981080-901820534"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1j6a5uc.lju8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1lkk9ow.hopl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1lkk9ow.hopl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1s34an3.qsxb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1s34an3.qsxb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-9hi3o8.eyytf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-9hi3o8.eyytf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-hm3da0.ekrso.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-hm3da0.ekrso.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ueh3ws.ixb.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1878012683-1696138178-713763735-17444162842399215061878704668-12374750061547867379"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ueh3ws.ixb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1kl77uh.r5d4.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1401323379-1229278631157987298920244696562016257594-1002012161638952920761318899"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1kl77uh.r5d4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-smc9e0.1dxo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-smc9e0.1dxo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ryzez9.pmeni.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ryzez9.pmeni.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dj99wj.vgbmd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-dj99wj.vgbmd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1dbarww.whlj.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1400536614735529421-1895313794-21386986481983143007-1809548054-405311308-1140701245"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1dbarww.whlj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12t9ic6.8px5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12t9ic6.8px5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rj3jxv.r4vo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-rj3jxv.r4vo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-10rcxcq.ax7r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-10rcxcq.ax7r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mwvsrw.ml6m9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-mwvsrw.ml6m9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-3gvhrp.ti8ab.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-3gvhrp.ti8ab.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1yws8qs.1jpk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1yws8qs.1jpk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-126m31y.3m6t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-126m31y.3m6t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-zvooa7.q0s1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-zvooa7.q0s1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1o00cki.wcnf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1o00cki.wcnf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hriv5e.c9xt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hriv5e.c9xt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hwmjso.el8b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hwmjso.el8b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b5b1w5.re08.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b5b1w5.re08.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-13qlxoq.85c9l.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2136613486-7480096522056145755-9606504741442944751-6308815891608470526559200548"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-13qlxoq.85c9l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-l87re.ww1zkf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-l87re.ww1zkf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1jnmglo.3y7dh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1jnmglo.3y7dh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-uaucls.128o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-uaucls.128o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-14s8whb.qk2q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-14s8whb.qk2q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ixtw8o.2x3x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ixtw8o.2x3x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vbmzbh.pocf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vbmzbh.pocf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1rk1ajo.bnpe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1rk1ajo.bnpe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ffns5h.l6ctk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ffns5h.l6ctk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ved4qw.1hie8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ved4qw.1hie8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jimjuq.q900j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jimjuq.q900j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-up7tmc.orvtb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-up7tmc.orvtb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ypvoa5.52jn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ypvoa5.52jn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-4rqxt.hvnk1q.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1727788117-1952239996726353301-1508545923155951094920350242401955782341-940704103"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-4rqxt.hvnk1q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1k0ner3.zmm9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1k0ner3.zmm9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1nwql5.rhsy1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1nwql5.rhsy1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-gb8uzy.n23e6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-gb8uzy.n23e6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-s8eh86.wpee.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-s8eh86.wpee.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-r3jdz2.9tm1p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-r3jdz2.9tm1p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1mvyco1.nsyg.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "478269422774509054-1775342040-14897994573959690291804640524-1471251090-1966960925"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1mvyco1.nsyg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-b161b9.ojkbj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-b161b9.ojkbj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-d09dbv.8jqhu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-d09dbv.8jqhu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-597jnc.neu1l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-597jnc.neu1l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-y54o7j.81pl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-y54o7j.81pl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1y36td7.sxiae.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1y36td7.sxiae.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hbv6a8.9zpi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hbv6a8.9zpi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-oz034e.d6yso.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-oz034e.d6yso.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-b7vu5h.pncww.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-b7vu5h.pncww.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wqexho.opn0f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wqexho.opn0f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-k3dn3k.h17u.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-693903645-385435401193734057808166046-2046949611165328884-707227527-86405077"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-k3dn3k.h17u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19khkjc.tch6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19khkjc.tch6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jqlsgn.wwh7e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-jqlsgn.wwh7e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-gzbyrh.cgvdq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-gzbyrh.cgvdq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cye00l.t85c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cye00l.t85c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vstm9s.qqpw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-vstm9s.qqpw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-fmn20m.hrqc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-fmn20m.hrqc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ynac89.nasl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ynac89.nasl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ity7t7.4u4t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-ity7t7.4u4t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1is0oa9.d2kw.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-14096970511182023638-5453883601315572580-1485495894-1199993051563770171-1071474444"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1is0oa9.d2kw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-4253wx.59l4c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-4253wx.59l4c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1sq0b46.3zi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1sq0b46.3zi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b2o6fx.kt9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1b2o6fx.kt9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19whxvw.1assf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-19whxvw.1assf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-5czhog.5yhlj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-5czhog.5yhlj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wpec20.rprho.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-wpec20.rprho.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12uvweu.1vra.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-12uvweu.1vra.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1p4dct5.v25a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-1p4dct5.v25a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-15ga5vl.9ai2k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-15ga5vl.9ai2k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7pvbfq.z7gea.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-7pvbfq.z7gea.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-2388-15wozlg.hkk1f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-2388-15wozlg.hkk1f.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp

Files

\Users\Admin\AppData\Local\Temp\a27791d7-b596-48af-a765-8faa2e070b0a.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

\Users\Admin\AppData\Local\Temp\252f5e46-dfc1-4fed-80cb-7604d7c80560.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

memory/2748-9-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2748-42-0x0000000076F70000-0x0000000076F71000-memory.dmp

memory/2388-52-0x0000000002F20000-0x0000000002F21000-memory.dmp

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\CURRENT~RFf762b54.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

\Users\Admin\AppData\Local\Temp\a36f25af-930e-4c93-a72f-fe89a26496bf.tmp.node

MD5 08b28072c6d59fdf06a808182efed01f
SHA1 35253af00af3308a64cff1eda104fd7227abb2f4
SHA256 7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5
SHA512 f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 ee8d6caff29dceb1dd8bb122d45e732c
SHA1 45b5acee45c696f4caa0c18769ec566df7689183
SHA256 8e5491302010f3a507b27d66af23af162a756253a18c724b1e656add542d57a4
SHA512 6ad8dca83450dda13c856fd0efc11318bfacbc53b857e1c9a6a2ad8885c656fc601a8bdd2c36e612dd67ded36f0ef89bb20a58361fec190f1b953dc8be425de0

memory/768-226-0x0000000001080000-0x000000000108A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-u0c6xk.4k55j.jpg

MD5 d6aa70e0fd51c17e7f7d5a7806754651
SHA1 7f0a1165ac1de5821175fac3673e289e5c43d77b
SHA256 b13380248c7338878d9a3400ac6d3926854ee12c6ed3673cd19b19fade8d717e
SHA512 68c17ddbf3e4bd3b76eef40e284bfd7bce566f49982c882d9deeed2d076c7510b949489d00bf14e1f07fff5a2dd225bdaa3e162bd1e01c22d1ac68912abba532

memory/2340-236-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-4ki9wh.yiimm.jpg

MD5 3a92d8f6fbcc47dcd35717be514f3b28
SHA1 534dd944e7a0b51ac478de16f4d008df7b0b7133
SHA256 fbd3cb167e224f3b1a95ce7ee46d3cfcbf47c62cf9ac00e4629edbe14f404b39
SHA512 edc961b87ffe1e9c39502c6efe89bd9d9639417675f2c68f5b72c7e5d99071092c830b3c5d336ecb0e9b4322f3a92242c765032a7827338185ba0d0ca70c2c79

memory/768-231-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/768-227-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RES33FC.tmp

MD5 9bb09635c2849816ff9c4677b8b061ec
SHA1 e30d457b96fcc3722852d4eb27d57ef564c61ddc
SHA256 e91649723452852c5505c8f040fc802680609513a67dfcd4f770d2c3f9bc9e34
SHA512 9b4d26bb34046ffddd2320c23bdc5f56b5ab5db38467157c410c30fad9255a2946e041093799d5d374adedba723a6ed24c92d63366188ecc8e85e5cf8d63c55b

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5FAEE389F07A4175972C2D2FD5022DD.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

memory/1724-245-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/1724-244-0x0000000000250000-0x000000000025A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1ib8lts.rdub.jpg

MD5 88581e235057a3ad52d545eb2b412d85
SHA1 c5dd4bb1688b1e90eada9e599305f97c3300d8a4
SHA256 949db7498f9213fdf9b49b430261f52faffba3dd292390131292b27f918c2e00
SHA512 af9cbb406f7933a75056b56b57aeef4d7b3c7a779ba5db17f24b86209c549f707bcee5966ca59b1b0d95c2e4d59d739bb3a1c356767cd891eeb69fa0b356c093

memory/1724-252-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\2024319-2388-19lrdw8.jkqh.jpg

MD5 e1bbf79c140993ce765da977429c3eb7
SHA1 91a569599e03b9a536a785110eb43f63820102b5
SHA256 2928b51a1fcb2bcf9bb4b682c6514011298d0f768f716a8f3d1292d3f7681c26
SHA512 0b1cf0b5c564361481c4ac03b52a0250305a948b35e70630f97b6aa0c6de98e545c767c94c7c10020fa67402d30483b9d0b2051f850593113e788eac8896a450

memory/584-258-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/584-257-0x0000000000BA0000-0x0000000000BAA000-memory.dmp

memory/1948-267-0x00000000011F0000-0x00000000011FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-32wli2.xvuaa.jpg

MD5 0c5ba4891d621378fbe7f19883194610
SHA1 5bf8e6b0a017ca36f881b11907b8f85620ef3848
SHA256 26d15875a919c1bc2a9969eb554ab1a379640fd7a9fd6637eccd9dc0e17d9d8e
SHA512 c85723e5f945c6518d0eec31788ae4a3cb5e1c1b717e6fa3424eef0aae1a3767c528e80e346ef66815780fa8856b229ed729e7429faae504fa2a6919c8fe281e

memory/1948-273-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1g5zxnr.jlvgl.jpg

MD5 9b70e15927e1b9e884444be60bb74fcd
SHA1 141184427e5093d0ca49ab73092574766d1d4d95
SHA256 e9c636e07a2ab87f9c82fcacd9b9b10377c6a9130451722a86248caeb260347f
SHA512 860401b80742ff237e9c97ab790654ecd6eb70e2fa942703a42f832d7ac8086b96af0e42c416a76f634793c7998e45821737247f476acc721b7691235707e199

memory/2104-285-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/1652-292-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1eu8yrl.9p4m.jpg

MD5 831a2c38f865660b5bfbd47f34e2133f
SHA1 a2fac88626a70b38b9e5f199e4c81e4b041adb72
SHA256 f75c70ff972cdcc6c7a3bbbd0366dd84b75545ef95eaec7bccdd227833a810f3
SHA512 f9bd410e2523a9cfea05f1a776568c2368f65c127b7081c7f1f41e28ac03397f4bc7ec3dc6984fca30b1004251860ca1dfaeb2dabe80e3c2f570eeb59c44d94b

memory/1652-295-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/1652-291-0x0000000000380000-0x000000000038A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1cb1wsr.9mtc.jpg

MD5 c7f76debb02b265f978dd491ab2507d8
SHA1 482171e7393ebe1b2a7bd24520e7fc05c02293c1
SHA256 d927f02a0b3142e1bad282df23810abf191898dc15d263b28b0e9f1f88d25e40
SHA512 74153d3bfa3e9ba994761831de95bf86ce2e6c5af019a94b89597223f88d213245f00c1f7ba58ec1dc3dfb2b8fdfe8311d67cfb02ce8eb84b44a054b9e5fd325

memory/2936-307-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/2936-304-0x0000000000FB0000-0x0000000000FBA000-memory.dmp

memory/2532-318-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/2532-315-0x0000000001090000-0x000000000109A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-vx4rx5.1qmer.jpg

MD5 a9cde0a792e47beb81dac70d20bbab41
SHA1 5536c9bbbbef650f216de55e9320e6824a3fa024
SHA256 de6112e8427c61020962c7d139def0bcc5b5a59972e45c9b9cddcaebe3dbbdc9
SHA512 5b786b320a87af169b2f6b00fd2ccb42e4015312736cdcbc3d830748acda52efb68db1704956df47549c16210e62a535a78068f5eea464c38b6a6be27027d9e9

memory/1448-328-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/1448-323-0x0000000000290000-0x000000000029A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-660end.alj84.jpg

MD5 52879e1323968895b913d2085e8d8235
SHA1 68a88f8b4c80d3403bbcac2b8e7591510c491961
SHA256 e1586c373cc796b7682c1c74592bfd4f723374466e6b5b77ff5dab1ebfef0e1a
SHA512 d1eef76816d365f8d7f39f0f112d304108b3ad0962a0d50f3882232b175c98012953dc0589daa6c59dd2ef52fb20af8359196e14130f85d1ecf4ecb22f2e565e

memory/1524-333-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/1524-330-0x0000000000C70000-0x0000000000C7A000-memory.dmp

memory/2436-337-0x0000000000D90000-0x0000000000D9A000-memory.dmp

memory/2340-338-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-v5oqp7.y3ynr.jpg

MD5 64eb7d06c24e4fb3aaab147d57bbb3ab
SHA1 1b1bc7fb1783acb8b13d4906ca7aa2c6d9abe3c8
SHA256 ad8e8afd34442e5b0713f9c36ec1cf610ebe83df2b3c2d52ce83a63d2cfe201a
SHA512 b38c2cbeb19cc6b348e699a28557edc401def7655586711758e7acf70cc1be57f3f7c53cf778edd093e6ad4255cad1b438a5703a10e48a39a9ffdff7dbe09307

memory/2436-341-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/1700-350-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-pmuj5h.50hdf.jpg

MD5 e44841b2b00148fc5c1b43c489073b30
SHA1 a460008fbf457e3084318cb7d9c8047516e16782
SHA256 8929c3fa791ca1c2486f4200213271856316b8e24df351ef3a22c33e16145617
SHA512 23201f2188c2ba8c1000624b6c796375c19054bb859678eb6aa883cfa02936e672bb295e297d546fa19f93e75b995fb0e74d7388cd5111c02c6824daf7e86f73

memory/1700-345-0x00000000000B0000-0x00000000000BA000-memory.dmp

memory/2112-359-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/584-356-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/2112-355-0x0000000001310000-0x000000000131A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-h1ui26.gzkvk.jpg

MD5 671472c3b083f02168140da60eac171c
SHA1 57e8488f0af47465027d118934c6d89c066e48f2
SHA256 a92f5f61160d11c54854f74674b1a934ca78958ea07ac6418f0897ba99fb125b
SHA512 97dd275f1ee26479698861d5851e0b1b90d274815c87034d49fb0d47cc3c4ba19618b18f0a10175defb05c7dd52f5a4a22afc9985403356c5055b34750795171

memory/2400-367-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/1948-366-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1dtj19v.n1lx.jpg

MD5 265d048d07c72332486d61ad25c08267
SHA1 aa75d4212356c5d6277d1b9455721124ace7304f
SHA256 4b1a6dd6eebb53f4c1d24501959aabfb8aee2769f580f6cb0e05843e3315e68c
SHA512 faee633fb9c836efdee6e7db1c9c8e2289cfc0a7cea842946524249db04d1723f94c36452ac7a5cc90ec636807594532bb7d1ae5795009ca3320362654088c0d

memory/1544-374-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/2104-373-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/1252-382-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/1252-381-0x00000000013D0000-0x00000000013DA000-memory.dmp

memory/1252-389-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-171hn3g.so29.jpg

MD5 2f8de0e05490d1ac0f1cd38893a1e7bf
SHA1 0bd7885c20142107de534352941f323fac8ea07c
SHA256 c2ecf250f5d37fed74068a9878b27af552105e209cbd7c5cf832644350de8781
SHA512 a6acdfd78c0e8478721cea622b95879a783d6de50864b0a34d027f5f2c2b8a7e0cf22096661435096dfe4e370c35ae23ae52d1431bd5d8ce850a24c0f0e5364e

C:\Users\Admin\AppData\Local\Temp\2024319-2388-12j1lc5.lwxd.jpg

MD5 900deb34772288266472862cdbac6033
SHA1 a1f718881ec93694fc4fc58df8175d06fef66413
SHA256 bafc2044d593b968fcb7eeeb52797a8df136dfe4460044e41625a5190865fbbc
SHA512 021d44cefb07afde219d5c6a6eaa6c1aacd0a5790ab98f4e3491c60e360596200121af07fe36b9df23b6661f28dd21335916654f390eecfb7bd071efa3e1c743

memory/2264-400-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/2936-399-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/2532-408-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-oxtac1.9ln58.jpg

MD5 189628fdc3f792ac6d70dcfa32cc563c
SHA1 a8bc1d4251525fa51aa0dedab117404e4732afa6
SHA256 91534452864a3668240b8a4adbdb857cafc3b3ea408e4c1e58c4d1d9c9837cab
SHA512 1af5dc0703e332adc3501febb074ea9ae6d7810f46563c9129670b6968b155808b65b798a503315aaac4595678bf373d9ba62a3af5d6587a5927150df7a6f7cf

memory/1560-409-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/1560-407-0x0000000000350000-0x000000000035A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1o5qql4.uhb3.jpg

MD5 4e2460fcae9fa0b39a8fbe94ef92e478
SHA1 b108bdbea2d029d7fd7b9c479cc81197729bf4e7
SHA256 deb11b9faf323d2441bf945b41daa77a45ceef0b1c194fa5e654287a0ff8aeee
SHA512 c270d687a9cb35492ec5dd011086339e151cb3481e2175a0db0986aa34e61918ba0dc21daae8846c481d6ee0d054ed98a189cb37668f6b0be8861e7a69c17498

memory/900-424-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/1448-423-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/900-420-0x0000000000C60000-0x0000000000C6A000-memory.dmp

memory/1036-432-0x0000000000210000-0x000000000021A000-memory.dmp

memory/1036-439-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1wutrlf.78ij.jpg

MD5 3d2fac6cd423fded37be9a98e7bc3109
SHA1 649818aa11644b8381ad42bd4d8cdaefef8ce33c
SHA256 fb805c62b55aa23877811831e1ddea27800f4b216b830e8785daeda4614b8305
SHA512 7c6c34445ad4842ca4ccb6c744b87d6b5e52c850588e58e1c0381696c033518ef70bb1598699730f101fab05f60ea54e26f881a317f7d3679c7fe15723696630

memory/1524-433-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/2724-452-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-beld78.rueh9.jpg

MD5 bf7e8875ea7defb7980f94859c3e59b2
SHA1 e75e90a6accea5f705317cdddc8714776d4f0aac
SHA256 063e86c937c7d21505d1caa5ac5286a95ec901d332ff5f345e9aeb0a9630a163
SHA512 9c5eb988faa1ae8cfb024fcbf3b3542b055e0940c83e2ab2e16ad7733d838cc3c38c3115f80d4c72523e72b0af4aac45b77e4d8d9384757a8a5cccb8228c4fa1

memory/2724-445-0x0000000000950000-0x000000000095A000-memory.dmp

memory/1700-461-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-11d8fqo.8fxw.jpg

MD5 4dc2bd02171614df22e08f481e12c497
SHA1 75a83d5bec4dc4b3b0510a3341bd3fe69198a548
SHA256 cdd8624fb75dbd880d9d69a38940d28fbf31283719e2ec1e782253e03ef9d1ed
SHA512 0f1182c9bb873db3c34e1d254b26e888ae83782caf57fd5c25a840e3a42efd165e0d4f2a043b78304b556c8fea718483a65b29fc2a54fa87156d392be3fbd0dc

memory/2780-462-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/2780-458-0x0000000000C10000-0x0000000000C1A000-memory.dmp

memory/1600-467-0x0000000001030000-0x000000000103A000-memory.dmp

memory/1600-468-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-1hzzrh7.br3j.jpg

MD5 d1509472688cef551483563cfb5b80a2
SHA1 4e030f306bba51d20c19ecb9a9d45a9b75b6140a
SHA256 d62be8fb75bc36a95aa446188433085cd968e897294c5419f93d20fe81c76604
SHA512 f1d7fbf831e509c8d658b20fc996a99931df625dc4769df084797703b90e74e6bd4eebcfd36b958c123a2f1c2630cb6ffe326a54fc89db7c2e58a5306f04f800

memory/1600-471-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/2908-477-0x0000000001040000-0x000000000104A000-memory.dmp

memory/2908-480-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-157rhcy.g74vl.jpg

MD5 e3918650b08c2ba850302ca21879e020
SHA1 a5732e57dcadb6a22cb4f5cb018b7d4c18f936fa
SHA256 70d9c48bf81ed212bee3653419dacab1d5bc53b0a4e69e310c34e5bc2f6ad044
SHA512 b9a3ff837b9bbc0cf8802f344aab51e419be38aecbe137bf22c9a01c2f0938501031648b20b50978a16c14853871c644c0cf133bfc74333959cd10809c8e109b

memory/2908-476-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

memory/2172-484-0x00000000013E0000-0x00000000013EA000-memory.dmp

memory/2172-485-0x000007FEF2E20000-0x000007FEF380C000-memory.dmp

memory/1304-495-0x000007FEF2430000-0x000007FEF2E1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-2388-mnksp5.scl4m.jpg

MD5 027b8ab9725130cbcfba85794fe8d412
SHA1 a54a01fb611a73ea84827859a9a839bae18383ee
SHA256 cccd4e94f8acedbd10e9101c5c33ef4b0d1e48d22fc3e202d0892fe4b635e080
SHA512 b0ed4728c64972a5cec18ae29245712738260d085e21cbb479f665a85e275f848dc95746c3b30d315a6e944a8de8b97904425541955a161b3fc604288784f033

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

119s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000b0e231ae871f3d396b56cad466f49e8c7172de627c23f21f15aefbb98266669b000000000e800000000200002000000060a6282ebc354d3c498840425b816ad3f961d6dd76a13b829b011591c1b58f32900000003b48e5425c4820ebf3522f78744786fa4019bdf39d5f0499b12439269d4d77a9bc2e7f09405ef10165f47f8da42fe0e2276d4800be4a4957abe912bbb8ea230fed0bdc4871769ea39ec5f6a2c0e97d8e320f27ebc84d2232c46e5d178713b118772bd7bdbbf912d2a9aa48cfa3cf5b77cf76af8f9671cc20eae3c95e1d3a7d976e95373388eb1f1f18757502ae4c13754000000053efc110f1a8bf36bd3212fab84ebc0d724d3110505ba7384980c7088bb6bc59b376cf8061651ff0ac187401a6bdc5c2b7e630932b21d603b180fe700f467850 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE6E17D1-FDE9-11EE-A3B3-6A83D32C515E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000040467a9967a3a7c42c80818563274387b6464ea1225e0a892ddda4e24b8f9f56000000000e8000000002000020000000f4a18027f2e423f0c4bff4b6fa4c8fa246f6dcc86c7a6f2b920c4d79677bd1e020000000d6b5d313b5dcde3979205405c15ebd58811e10779fd5bf27bb8def32e60332004000000076b252a5060e64f4a82949d6d3c613f58be485ffad96065f9ca22d3a539d1e75a2ada6c91639a4117f744b0196f81f3160a6730f6732a2e234e23bba6fb6e3b4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20d60383f691da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419650926" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4369.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar7411.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb5b43530150a5bf79a62bafb14d6acd
SHA1 94ba86dce1a3170f5c8785d32d3f980c91dc0c2d
SHA256 e6a5eca2ed772e1664f70c48f6d830cfebdcfab8b4e8964edbf828b5c49364b7
SHA512 d0807383a15e4d6a39fd9897b8944ff0602ec43e1240c46f3fd2e13fc1a0983aead5ed3ae97ee1fcd4c35c4a3b56bc48caa58f05c0e83d223639ee7b9de693df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9db023be579e8b6b545bba641280dc9
SHA1 c032f771dab55ff5ab640e3057d5d39b28ad31a2
SHA256 e383c061e2a27827fe71b050fe94a60c879f5ce5da968785054339b341af6275
SHA512 4ccbc390a82beb0edc75d1bc97b466a790c6d29e62df047afd7006160e830034d83657d21841599a993bc893fe85898a8f6d102fb9a75983149a028cb06d06f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba143df0ad5ce551db705f975eab88ee
SHA1 f8d33781a1dcc4d074f932a09b0fda4259b0411b
SHA256 c624e98367043e6a470aa597ae71c79a3c3844431ed691fb82d61e54f899b2f5
SHA512 affa65230dd8a505de7d6d8d458ecf0168586d3372a64f583db237ea5f017a5395c7a79a09aab62e1df7cb4016e2645fe7420756707af56377c144ca5f9f132e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19bc65d026dfd2bcda9decd523e1bdaa
SHA1 a7b612baf3fe2c1353ba5d4de4e81eb09bd04e8f
SHA256 05def2243767bae77a7bcaa37be4f0dfaccc8866d100dc7745a5d23ae9de1aec
SHA512 90f7ef12dd6ba1511bb0df2c18eb287511c19d55c6e17459c02eaa1de61bd601048aaa72ecf8fb11934a8386730fb92196dff2bae2c3d2776b972726c52dff6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 412827abc162c776deb1fc7daa5a0a29
SHA1 08ae845ae8cb6aa9f7d9c90deb6ebc65eff4353f
SHA256 4fffdfb763d871dd87d96c89513eeb80d9fae08f8ea3f9d515089def85901ada
SHA512 0e618d7674584fc1b3853530fab5b5f5e14ace8d659e19f4f01c56843bf6a4e743578f5c19d618f9903f3797ca430367fc046daaa70b1e3a65bad0cf8b7a4ff5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7fa288a1fc6e60f6ecf7da7752ce127
SHA1 a2c3c54d36314e04e05713c87f69d841fe0a4b71
SHA256 30fb3aa17ceadc81d1155b6855eb947c9dc88f11f43a3016ba393ff95c1c8fe1
SHA512 2ecf81f3b79c993f4aef585f572f16c205fb40488d44bcb4cf956a528b5c566d5c5d2b64c754f72c7787487dd07db9c4645384bfca1b1b744201b037a0ef0ba5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d4a4f3f69b96ec521500f3f2e61ce21
SHA1 7e395de0985cd87e8769ab05bdfceab21d353327
SHA256 996557b05d93e019d1a05ff2c90b008f0e094ef889febc67f4a4983f9597414e
SHA512 93772c8c19196fa504ef7ff963281f2b5fcdcea0cc40af62ea499f01046dede22d7bd9bc4e7045e82d54722c5c60acb7e56f8f3bd37ec4876f21190f83ba70d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dde1fd9cb1e42b1b52d4f7d6f4fcc14
SHA1 23f9a8a6d070bb47c4ba3c5958ac021d166680c1
SHA256 76a782654f4aabd9992f77e6bb71fb50e0931d86058d47ffd329cbd8e9ab506d
SHA512 93ec450d2d92fdc244b71fe8b49f0af8f093c448262f9699a7aa7f92f2db63f10e55fefefcf5602b6e94f092eccd6a8f191d31f2528743182886c9821d829e9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6ea941d949177cd107351421d478478
SHA1 7d9f9d46863abfa13ba789813879430ba431c765
SHA256 ef024bdf0ed1b0e90a9e1f120feeb9b3246eb155a2d83246af366ea9963d6fde
SHA512 ba5cdfb995e3c6cb692443632f191b874f01c212186ec29867b630ad78f6ca270b24559736bac5a28443e5f2b058389a4f05a9ef32b3402aa56970429f683f19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f28f541d5560a8a2fbf7d88ad256ddd
SHA1 d7d07f8856d58e2edafc3b2a7b246a6cbd40ac19
SHA256 8dbcf3b06a6c89c0c846a58706400938ba10a06625a16a5b5867f3369c1f79c8
SHA512 df0bc0c4a08e00be971c9277f53518e8624bd2c54c0940f988542a4cb4b0c2c665fc451ddd05d81b4b73f4faeae949ad7bda02ba31dce9ee39ecdaecc81f77f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03ae249bc1583de6520f30771cd7b823
SHA1 049a29823746da854813c5f7c2ae1371201e0f51
SHA256 9928347fe6b68128e04549464df4e354d206444d89539647d50ecfdce1c554c2
SHA512 f9bfdb5db4b486c05c9e3a7017c03631b901b7390788cfcb31ae86ef5584aadad6d23f4cca76c09542c08233e0837d4b04906d6a7f2b2594c7424e158188902b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 540af86c493aef3f8da6f9f61be73c0e
SHA1 657c1a78089a90a954411e27a3d3f52e6dc23e41
SHA256 e0eb2c74314944b3d212d1b28e1c8120ab8621fb5d40092f40675b272fd8e16b
SHA512 503054a0d130fb729b4f9398b34050c4fc5b8165fde56ab88646843d6e68e8dad10f6b21a7829f50f170b966f565ce246d907bec0bdabbbec208e6a40cf6392b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efcccc3f3a0bf042418432e816209933
SHA1 1bd790f2207d8208da22cc487b285c0ca0ef40fb
SHA256 c3be84a1ed74bae7cc20c0438ab8c7901de79540d0a8d2773c2dadc84935460a
SHA512 c0071495517ea7e94a6df3b5ac1a083658ff24307da78880782fa94a1fb689726c54f7dae7785e807105a68770fb1737e13ecd1bcdf6691b93c125ced53c0c48

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240220-en

Max time kernel

119s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 2120 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1700 wrote to memory of 2120 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1700 wrote to memory of 2120 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1700 -s 88

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:14

Platform

win10v2004-20240412-en

Max time kernel

123s

Max time network

167s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240220-en

Max time kernel

121s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 220

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240215-en

Max time kernel

115s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

Signatures

Epsilon Stealer

stealer epsilon

Enumerates VirtualBox registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\SOFTWARE\Wine C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Enumerates physical storage devices

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1888 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 1888 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 1888 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 1888 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 2240 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 2240 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 2240 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 240 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 240 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\conhost.exe
PID 240 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 376 wrote to memory of 1272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 376 wrote to memory of 1272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 376 wrote to memory of 1272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2752 wrote to memory of 2992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 2752 wrote to memory of 2992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 2752 wrote to memory of 2992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 1244 wrote to memory of 2272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1244 wrote to memory of 2272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1244 wrote to memory of 2272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
PID 240 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe

"C:\Users\Admin\AppData\Local\Temp\0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1020 --field-trial-handle=1176,112635022185521769,3871614173226015032,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1264 --field-trial-handle=1176,112635022185521769,3871614173226015032,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1412 --field-trial-handle=1176,112635022185521769,3871614173226015032,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1884 --field-trial-handle=1176,112635022185521769,3871614173226015032,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1gz4tgf.jckl.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1jxzz4b.b1to.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-c04lo9.4dso9.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-2ryh1u.s2qru.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1608 --field-trial-handle=1176,112635022185521769,3871614173226015032,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-mejbhg.zb7hd.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5570.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCA355D4F6BD42AB8BDF96CE6F1C2FE7.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5571.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC53B9275A72EB4E33BC1255DCF85761B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5580.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC498D67C15E9140738A6EA7E4A633DA54.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5572.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC23AFD2375A5D486EB3769E7C1FA6074.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-2ryh1u.s2qru.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-mejbhg.zb7hd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-sjo515.q8y3o.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-675612398-138387590298233838221388587081259451833311165840149355548-1278806048"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-c04lo9.4dso9.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-sjo515.q8y3o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1j0chk1.8mq.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-19fv9c7.sn8v.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hi55xn.nfy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1j0chk1.8mq.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hi55xn.nfy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-us0sv0.ywsup.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-19fv9c7.sn8v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-v4l96l.69foq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-us0sv0.ywsup.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-v4l96l.69foq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1h6g9c3.u9xa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1h6g9c3.u9xa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1r0qd0a.b4dt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1r0qd0a.b4dt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-uag8dg.9xnoe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-uag8dg.9xnoe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1dj08ze.32vh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1dj08ze.32vh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-a77853.tjfza.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-a77853.tjfza.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-19ef6gc.rnac.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-19ef6gc.rnac.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ylx3aw.p44me.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ylx3aw.p44me.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-bx27zg.vhll.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-bx27zg.vhll.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1y9uw5z.30s2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1y9uw5z.30s2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-30bqnv.tl4xr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-30bqnv.tl4xr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-jbh5yd.h63y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-jbh5yd.h63y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-b3my1b.yfidf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-b3my1b.yfidf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-o8ndyu.zrw4.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-411879823637200838879296618-260186095944461302-1115729636-440973279636819486"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-o8ndyu.zrw4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-t4n41c.aecr7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-t4n41c.aecr7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-osz5ji.i6avm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-osz5ji.i6avm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-vxl952.34zh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-vxl952.34zh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-182bfh.7b25c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-182bfh.7b25c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1p5cms7.8ehp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1p5cms7.8ehp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-19b3nxz.i3bag.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-19b3nxz.i3bag.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1eksddp.8cgp.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1051374348-1005455515-2704563291014861275515821066-17113897241012259195226302713"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1eksddp.8cgp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-c7wuw0.9k6yb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-c7wuw0.9k6yb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-nvgntl.ksl8n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-nvgntl.ksl8n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-nqbxwg.1wn3j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-nqbxwg.1wn3j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-15l9ovh.tryc.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1750068447510425906361292682-19635759891826537451-916821390-764883444-177190213"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-15l9ovh.tryc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-aid1os.114hh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-aid1os.114hh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-19wp8a3.vrfy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-19wp8a3.vrfy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-177q59z.bvj5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-177q59z.bvj5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1niggya.fnxp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1niggya.fnxp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-o0x5x3.o2u1h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-o0x5x3.o2u1h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1cm076o.ozas.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1cm076o.ozas.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-rqkjed.q0jps.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-rqkjed.q0jps.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1yghb37.al37g.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1638794202-1839355083-19541898556630100861597408169-18875795531435648224-1433444861"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1yghb37.al37g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-9u32wr.snluc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-9u32wr.snluc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-9ux8mz.64r9w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-9ux8mz.64r9w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-dvzdk6.wsm2j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-dvzdk6.wsm2j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-2q1xkh.ojjfi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-2q1xkh.ojjfi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-byjtia.jkmcd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-byjtia.jkmcd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-11ek0uh.1i6x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-11ek0uh.1i6x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1o2fd9o.bghi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1o2fd9o.bghi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-aiev3r.mi0b8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-aiev3r.mi0b8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1gy4dqf.lq8z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1gy4dqf.lq8z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1csca5m.sch4g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1csca5m.sch4g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-15glmvd.u867.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-15glmvd.u867.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1w5rsf3.8xj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1w5rsf3.8xj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-s8172j.z72tq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-s8172j.z72tq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-sxaepd.dhxs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-sxaepd.dhxs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hqwx3t.ha3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hqwx3t.ha3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1xxmfu4.0bbh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1xxmfu4.0bbh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-4knk9o.jl91a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-4knk9o.jl91a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-s2r577.i9sw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-s2r577.i9sw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-k36m4b.cq24.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "19052374881688683211897086735687039927-581488145372289478-2081740372134028413"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-k36m4b.cq24.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-pu2o69.kv9vr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-pu2o69.kv9vr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1jg3puu.dbhv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1jg3puu.dbhv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1k45msi.xhm4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1k45msi.xhm4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-tk355b.un6vs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-tk355b.un6vs.jpg"

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ade84.dn493.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ade84.dn493.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-8dbc30.ad84r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-8dbc30.ad84r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1j8nb1t.f05z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1j8nb1t.f05z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-17rys96.yhpr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-17rys96.yhpr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-shivsp.ys9ah.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-shivsp.ys9ah.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-3n5l9p.li9u6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-3n5l9p.li9u6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-zwj07q.uho8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-zwj07q.uho8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-s441qr.5q7pf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-s441qr.5q7pf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-35sxy7.myg39.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-35sxy7.myg39.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1whkv1u.rifok.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1whkv1u.rifok.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hwc70g.w2qpj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hwc70g.w2qpj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-7ku5pc.jrqd6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-7ku5pc.jrqd6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-mjtl3l.o96vk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-mjtl3l.o96vk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ga5lv1.ympi.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-86804014-3609682931956475231550753207-1199085354145256459916994642752064006491"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ga5lv1.ympi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-sedqfr.vx5rr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-sedqfr.vx5rr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1v7yyi.3ulg7.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-266613555-4053624321172485508-491430030534643880-1843118890612969175310494640"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1v7yyi.3ulg7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1daw7fn.mqx1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1daw7fn.mqx1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-4lnols.8wsmj.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1676316563-1429851453-485821338-1410062387172500301614369414431134317728-1783392751"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-4lnols.8wsmj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-bekb2p.hrcrd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-bekb2p.hrcrd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-5xkjfe.v1tcc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-5xkjfe.v1tcc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-dy91y5.elrj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-dy91y5.elrj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-a8c5c8.kqh4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-a8c5c8.kqh4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-nkj5hh.pj5er.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-nkj5hh.pj5er.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1w36w3v.xm8j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1w36w3v.xm8j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-16joupe.i4mn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-16joupe.i4mn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1l7akw5.7r5e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1l7akw5.7r5e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-14hof4e.4m2x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-14hof4e.4m2x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1axjsha.rqm2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1axjsha.rqm2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1lj1gi9.eno.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1lj1gi9.eno.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1jl5q5q.33qy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1jl5q5q.33qy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-cjdlcl.dvl7v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-cjdlcl.dvl7v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-12syo66.h5t1h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-12syo66.h5t1h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ddhani.p5lb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ddhani.p5lb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-145hpw7.qsw7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-145hpw7.qsw7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1sd6w0f.zpjhi.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "4423713691982645213-1195974741-1832466551-66752099-1719776022021734290-2073957278"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1sd6w0f.zpjhi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-16n0wym.r2vd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-16n0wym.r2vd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-hvsgot.ak0bh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-hvsgot.ak0bh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-14t1uae.lmibk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-14t1uae.lmibk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1tmkups.t5vj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1tmkups.t5vj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1oxb51l.03qa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1oxb51l.03qa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-d2o8q9.3j57g.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1981455228-1100003870-331302753530199880-551187879-1495132696-1830250469-1293145398"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-d2o8q9.3j57g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ke29oc.xm6p.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "657497292-1387187017-5747133451230598480-644413134715937738815380618454843960"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ke29oc.xm6p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-160hjoj.2g6h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-160hjoj.2g6h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-qk7284.ci1an.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-qk7284.ci1an.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1sfjznm.sxyj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1sfjznm.sxyj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1d7d7gu.pqgq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1d7d7gu.pqgq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-fy20u9.79qzf.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18252040441840537456-843717862-533822546-169729157208628272316227767011319854704"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-fy20u9.79qzf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1io1taz.bhy7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1io1taz.bhy7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1oi1iz1.w48c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1oi1iz1.w48c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1a50w37.i0pq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1a50w37.i0pq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1158xdg.ay19.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1158xdg.ay19.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-xla1fa.gf71.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-620792952-1202945734807822491528135240-4220468511426527499-209387554-1306370388"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-xla1fa.gf71.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-2dbmy1.ygwao.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1396042871702354419577709381-904992370-1244439268456610010617004311719606912"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-2dbmy1.ygwao.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1fh01ox.6x8z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1fh01ox.6x8z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1fajl78.nqn5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1fajl78.nqn5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-h58l8a.63en4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-h58l8a.63en4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-13gtiqf.bpc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-13gtiqf.bpc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-qqw90o.4o0ie.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1998476444-327637651-933893517-991814133-18484376318146718971103097259448397560"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-qqw90o.4o0ie.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-f5hm7m.k7jl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-f5hm7m.k7jl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ej8x52.7tqtg.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1292921301-2146840184590421267-293700879234245399128202913717371481301253026549"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ej8x52.7tqtg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1migmg1.7y3g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1migmg1.7y3g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-atqpac.1dcbc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-atqpac.1dcbc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kndto4.lv34.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "269405951-10166942931437155831-1312672024-2126854383-1844380234-267138715-843445998"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kndto4.lv34.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-f6bnwc.8j2gv.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1567133001-15247435592076544317-2095725428-129809105931841311416129120162079349777"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-f6bnwc.8j2gv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1so1zxk.385al.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-503121620-32457247670948773620703858583139297251732623705-661021370-2050347825"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1so1zxk.385al.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ljt7he.kthzk.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "16259579671652147585-150174093-1600681587865520151128953188-11684040551483206092"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ljt7he.kthzk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1szoec9.i753.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1szoec9.i753.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1bdwgm8.74gd.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1588967467-1718486378-1434669435-748174960-19245556231627429446-2087098147-706529749"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1bdwgm8.74gd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1fyc7aw.ltoj.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "709438022134054920-5271838961127164981444061304-145284094-1209346449929151282"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1fyc7aw.ltoj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1xgd048.b29t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1xgd048.b29t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-62zr8q.10b2o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-62zr8q.10b2o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-5boge2.3xkdc.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-765350927-18960919601629118919259273696-14056949427826778531983589128-1772038126"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-5boge2.3xkdc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-145gfu5.tnoc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-145gfu5.tnoc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kar9ub.rlz4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kar9ub.rlz4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-19ddcz8.ojjc.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2112803940-1160360030-11589444491410665923-69330056212388373991431626445832450896"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-19ddcz8.ojjc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hzk3fc.vw6o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hzk3fc.vw6o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-et497t.kr53b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-et497t.kr53b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1h5tfgx.nx75.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1h5tfgx.nx75.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ymz10t.4rtyd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ymz10t.4rtyd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ww606v.15eb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ww606v.15eb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-o5uze0.2fqg9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-o5uze0.2fqg9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ahrq4y.m65j.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "17166820997042361541998341544-1990778415-533884133114674943228607791920647612"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ahrq4y.m65j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ob1qok.q1ex.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ob1qok.q1ex.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-150iw9n.70rdh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-307474545-1959717888-1966042752-1894084334-1614492269-169029839018984653742006408361"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-150iw9n.70rdh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1lfagi1.zk6ah.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1lfagi1.zk6ah.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1uqunoc.bojs.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1818990317-66307779912025229571695705296-1340419900-207989145-1179647643580650554"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1uqunoc.bojs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1nr5ihf.a1tw.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1152424601853707453325275915-679827-2099864991701093568-11031279381090762162"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1nr5ihf.a1tw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-18n9mvj.h91g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-18n9mvj.h91g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-3mr01i.ao6ue.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-3mr01i.ao6ue.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1c29laa.jylj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1c29laa.jylj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1pim2nw.6usy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1pim2nw.6usy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ey9ea3.uxfm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ey9ea3.uxfm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-14gb9fd.t6aqg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-14gb9fd.t6aqg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1eykhke.svbb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1eykhke.svbb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-zttrv3.ipgl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-zttrv3.ipgl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-13n82up.u3vk.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "232187117-1104787154-117320076414014559221685375283-9991401161485551389-934885204"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-13n82up.u3vk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1trnhza.l0gg.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "11281532481772005622502778565-225266582-1866811760-186899150935682413389111000"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1trnhza.l0gg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-qt4ao7.wtfu.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1599767835-114704322-1566456675-80590343-2579309321558450135-1617177377419785034"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-qt4ao7.wtfu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1qsc1y8.qq0w.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-10857356561838940334-1153029131323498054-138658712-20425714502088365783697988135"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1qsc1y8.qq0w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1polfp6.6t0w.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1159911462-1884165302-462629033-239309117-304025498806562803-1951115849296356702"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1polfp6.6t0w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kavtny.ugez.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2046102158-5535262751989163613-12717566452057517530-1472073133-959226982-2047413518"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kavtny.ugez.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-js97zc.ucrr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-js97zc.ucrr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1qpxgio.bel7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1qpxgio.bel7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1gxpbnc.36kk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1gxpbnc.36kk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1rercs1.lw5s.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "7889912251607284978-213349351-1164660942697781963-540085087-16207258331032147903"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1rercs1.lw5s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-468re3.l3kj3.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1110290684-970623526819235118263610523-13393403817012536572140009679-1889920611"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-468re3.l3kj3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-hvmau0.unwv8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-219312873892283929313675439-702121344-1004300320-56745678710244836381896863216"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-hvmau0.unwv8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-yvlfty.obnv.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1727266196569277675656956119141721245912838563401234759062249614800-86737526"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-yvlfty.obnv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1cg4dgn.k17c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1cg4dgn.k17c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-zos4o8.fm3y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-zos4o8.fm3y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1w2wc6v.p7qd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1w2wc6v.p7qd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wvo7x8.z7bgh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-18835895371202662494-1061687488-66033573010865864201387002661426162068-700709283"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wvo7x8.z7bgh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ubhzgh.b36ip.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ubhzgh.b36ip.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-13j6i47.0432.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "4247285492123629786-160027923-122007080-204216647618275138021043589798-1348527550"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-13j6i47.0432.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1onov3o.9pr8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1603489664990089104230171106-1950885671-2043018964-1284932697-12226349151074444088"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1onov3o.9pr8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1inmqld.7mlt.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "25475208516149159959729350939572606641292389712-172003485-35196491-1258233915"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1inmqld.7mlt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-16wn11m.is4u.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-824829166-2198489071730774783-90122586318727040041364173144-20064667171991342354"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-16wn11m.is4u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-femllg.pb62a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-femllg.pb62a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wrbvsm.x423.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1660358682-1056877069-1018366787-228651941640499834331518534526200132-1580642180"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wrbvsm.x423.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1snt5xv.qe93.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1snt5xv.qe93.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-179ihor.fayy.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-531647563887464306-1349388385-2094469400-1386199679-838675734-18137832441263467493"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-179ihor.fayy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-t2jx2t.93hm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-t2jx2t.93hm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-16fk82g.jv0i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-16fk82g.jv0i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-xc86xd.0x4t8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1708146874939292941092415669-1101880132-527655188-1282925467738553341017714667"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-xc86xd.0x4t8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1p14vav.egef.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1653596893-11630372882005717343-603446284-835358369230361679-11439125331146917526"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1p14vav.egef.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hs2apx.3vms.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "3239066331325820751805413742-273410066-797543715-5585442941503505881304206123"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hs2apx.3vms.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-etwcwv.o8k6n.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1320206040-1314935570-975194515-20339095861513869863-9463219451003290149889691789"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-etwcwv.o8k6n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-mtspxq.slna.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-mtspxq.slna.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1tzrxg6.v0f5i.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-10653927471792967285-1272965363-391996543191817849617624911711365390121-1288828560"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1tzrxg6.v0f5i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-j2klx3.9agdp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-j2klx3.9agdp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1rnomu1.2p64g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1rnomu1.2p64g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ptp3k.rg0k8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ptp3k.rg0k8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1lemzbw.fr31.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1lemzbw.fr31.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-oaun9b.i1wz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-oaun9b.i1wz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1u0a38q.662z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1u0a38q.662z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-11z7vxi.4i6o.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-7582129271121508602-6201934901708640098-1060022993869933559-1220006518693964460"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-11z7vxi.4i6o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-tg7uhr.9bskg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-tg7uhr.9bskg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1yzm9tn.8cbg.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2046321751-5555950431667830432-515361582-2036250245335069621768222350-1536230161"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1yzm9tn.8cbg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1bzqxdf.1k6n.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1284376979-14489956371004105652-9265524381661650656-1117928177-5787306982138273708"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1bzqxdf.1k6n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1a4fuuj.7gy6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1a4fuuj.7gy6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-yua19r.n9uoq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-yua19r.n9uoq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1m0fjfa.hoelg.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-370197646827427859-467952670585725842-5775372192038937786-542936907-1563759487"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1m0fjfa.hoelg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1cvtnay.cdg5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1cvtnay.cdg5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-7fjxfc.wf8le.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-15214926546109768881121333662-1060851353-1575037191-144813984113373328061774916646"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-7fjxfc.wf8le.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1iypknu.zs81g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1iypknu.zs81g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-t3mfzd.djpd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-t3mfzd.djpd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-2kci8g.k6xds.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-663345576705410138-692923984116504108217641940831346483395-847949019-1491517005"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-2kci8g.k6xds.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-hp6k71.64mqi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-hp6k71.64mqi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1k7d9tl.s651m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1k7d9tl.s651m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-rkdkj1.0uhol.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-rkdkj1.0uhol.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1yqk14f.frni.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1329120521-1643511069-15742193856874806-1073001376-483605430-838215809-173691520"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1yqk14f.frni.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-t5h0iy.fv1y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-t5h0iy.fv1y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-bsnk3f.rpmdg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-bsnk3f.rpmdg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1318mn3.h94x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1318mn3.h94x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wiaroi.jj6v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wiaroi.jj6v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-mmhbh4.lfhtb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-mmhbh4.lfhtb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-vtnjw6.r25gr.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "714356437-2067345575396622687-1053489253-9174989451518986163-2115943581-587509253"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-vtnjw6.r25gr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-p5dw6m.vhqsf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-p5dw6m.vhqsf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-18qlij7.ba8l.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-10476830521279300426-1697824319-122195354854705499160454156-1138598712-1953187999"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-18qlij7.ba8l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1asx95z.fl4j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1asx95z.fl4j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-lvlpcf.ky2hg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-lvlpcf.ky2hg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-k0rw4d.quve.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-k0rw4d.quve.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ert560.lifr8.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-662211568-128467995-11147378601309687341-934540721-240063399-379810632106661729"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ert560.lifr8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-phwp5a.w0tnj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-phwp5a.w0tnj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-14r3u2h.g2w3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-14r3u2h.g2w3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1olbo6f.s6rf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1olbo6f.s6rf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-7t08mi.9dym.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-7t08mi.9dym.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-jez4so.fwn49.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-jez4so.fwn49.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-17sesuh.2odn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-17sesuh.2odn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-a3q7ll.iiha8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-a3q7ll.iiha8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1bmeaed.7b9q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1bmeaed.7b9q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1woy6sx.p4hci.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1woy6sx.p4hci.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1oko64t.r9t2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1oko64t.r9t2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ngkwzc.424u.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ngkwzc.424u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-kj6zh.59sq8e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-kj6zh.59sq8e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-12315tn.092oh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-12315tn.092oh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-un0nuz.9dejl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-un0nuz.9dejl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1agybgh.ntbk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1agybgh.ntbk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-576lyw.cd9y3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-576lyw.cd9y3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1dr8h72.625m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1dr8h72.625m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-rd1q4n.wk5te.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-rd1q4n.wk5te.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-k7a0c3.0j5hl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-k7a0c3.0j5hl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-gmm4v8.hrit7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-gmm4v8.hrit7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-16dq2fs.7wce.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "14767866751628798143609108930-565634072-6800400841298514586177280056-831847410"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-16dq2fs.7wce.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1aalkb0.2vei.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1aalkb0.2vei.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hc27el.qmrc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1hc27el.qmrc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-vchzjh.7bl8i.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1966985441-20786203061878928725-871655963-1944325376-15979403621312256617-1856016459"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-vchzjh.7bl8i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-wj1pqk.zy9j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-wj1pqk.zy9j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-wtfh0o.03sac.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-563130850-1082431736-649673520-418066990-1119027988-1733024701689450967-2122904287"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-wtfh0o.03sac.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ca2733.gu98l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ca2733.gu98l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-12t7n38.ssmmh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1466485920-1797221607-132082172294636387882380881879150309796589137-1454271952"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-12t7n38.ssmmh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-qk5a0h.6scd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-qk5a0h.6scd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1mhaia6.8dgy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1mhaia6.8dgy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ihbg68.t5ve.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ihbg68.t5ve.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-jxl48g.2qbn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-jxl48g.2qbn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-15rtlig.i9vf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-15rtlig.i9vf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-2hv644.adl1a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-2hv644.adl1a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-ar9hte.fhmbw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-ar9hte.fhmbw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wohbqs.h4m0j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1wohbqs.h4m0j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ggz0ex.qzv0m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ggz0ex.qzv0m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kdb6ys.ei4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1kdb6ys.ei4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1toddti.0c3c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1toddti.0c3c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ufe64y.x2nd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1ufe64y.x2nd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-11dhki3.vh87.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-11dhki3.vh87.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1318r0r.wzoz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1318r0r.wzoz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-1khqikk.26hg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-1khqikk.26hg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-z0i0dv.1m1k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-240-z0i0dv.1m1k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-240-mmp2o9.acuc.jpg" "

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.4.4:443 tcp
US 8.8.4.4:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 8.8.8.8:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp

Files

\Users\Admin\AppData\Local\Temp\nso1B01.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nso1B01.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\EpsilonFruit.exe

MD5 b65bbb81f98474eb8e5239ae8902ee33
SHA1 2d6f6b82133ca0b738c9bcfbe86b809317c5c2ac
SHA256 0954f84a125443fe8f6b153f2f89367e7346cba588283e351666bb97a51d4f8b
SHA512 a087340f9aa0120e44c799f2d1be29f085c77a1769b8099e1cdd7ee95f9ceb612cc19844248452852c0b1a2773d50c1a7685907f680bfa1054b06fcac241c06c

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\ffmpeg.dll

MD5 12cb29b61007fd6cd166882635241038
SHA1 31bacefd2d7238fb5ac77f728bb39a27b400dbb0
SHA256 2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c
SHA512 cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\icudtl.dat

MD5 599c39d9adb88686c4585b15fb745c0e
SHA1 2215eb6299aa18e87db21f686b08695a5199f4e2
SHA256 c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859
SHA512 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\libEGL.dll

MD5 979b72ca6e98fc7fdcfcc50d77906fb5
SHA1 dc4b874f495ed73c90b39feb566a48a081371c4b
SHA256 73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9
SHA512 bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\libGLESv2.dll

MD5 5300049a47fd88310ef94f9e37eeb247
SHA1 89672d16382a75781eeca002c850c17cfc46e851
SHA256 33863ea4047e4eaae8f24bfa3491bb809d4c3d44489ae2bbe5e3af9e5cc1fe50
SHA512 b38ef83cb40923654ae1efcdb8af63e1fb47f640a0cbeac350b97f24da1365da23d757cacef1f9e994ace0b076b4bc1408644347aec3c94995bb27d184a93c09

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources.pak

MD5 2db0729cb0a452b13400e0ad97a46a8e
SHA1 2aaaa7e0e932e7b46958214cce81d60099cfc2a0
SHA256 af41c2d4484ee3b86b63bde75f150bf67f78a6257d91b397b6b15d47b041e177
SHA512 967bcac22315ecbe76c5a1cec4439523a92710791ea6112aedeb2d294419714e7aab5526f868898c6c2cb83886dc98c694dddd314766c2ae373f55f3529a65fb

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\v8_context_snapshot.bin

MD5 c384ae622a7a6c7ec328678af12922c2
SHA1 25165dcaf78d3d29a16e4f979370e0b009ede240
SHA256 977a027c50bd79e93ec015fbebaccfaaa8885b88c76f7e5a2c33337d6d5173c3
SHA512 d0571f5e18dcf14a591a76243d52094bb843b0779630f31cbb66fd738c1c35d10bb7ef751eb01a953305ee19f2777f4d3ca6f9b132199b2af357c0b03185d9a7

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\vulkan-1.dll

MD5 ad4a5dcf631afd553b4fed8a269c7897
SHA1 f1bded0b28ee8aed4a52a6d19d871eba4828e0f2
SHA256 3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db
SHA512 8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\vk_swiftshader.dll

MD5 37bba2c66e2364a5b3e6666864f3b604
SHA1 f2ecffd48760482ba055aa50cd78c5ac02d09ba2
SHA256 23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46
SHA512 6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\snapshot_blob.bin

MD5 19f1e25cc7c427dbfb519ce6dc2c7e64
SHA1 5578aa048412482650bb51b04ccbf038155f5c8b
SHA256 b6531c8ff3a288d00e4625cfc5019ccdac9cb8a53e723792616aace3b27f90c3
SHA512 ef07c82a8a3f36bc8492d0c0a964ee57c3bae3188c7c67eb555b9d117739b5a09e44183dbf9f2cf17ac386d7d777b62b534b2f55edec977c75ec3d6b5b535620

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\LICENSES.chromium.html

MD5 df37c89638c65db9a4518b88e79350be
SHA1 6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256 dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\bg.pak

MD5 8448caa7a70f74dc0c6e453e7487bedb
SHA1 a7f67df94ee9532d26c6e6e827d61414f4516d0c
SHA256 19f49a247dfa1328799a1be9a556d940618ceefc04a5dfd813e5c023d086a41a
SHA512 337293839e64f514152c7558f2d1cbb301730675936ecfc11242d1346c9da535896dddaa8ad563a40303cdc8884f80af679c324b31325d40b7141a8738ab14bf

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ar.pak

MD5 d7eecfb7cc52b3dfb69d8047dc6aa12d
SHA1 fa5e4e98395c4bb14259c2e3c36fc84b55f0c3d5
SHA256 e38cd21fb917db4671ab331ee505948e109e2a0c6a2f3ad0e64d09863efb7df8
SHA512 2ebc6f7749e50bb3a9c27d2235be1478fc2d58a7b6f5c4cbbda09ad4f28ee3873881dda16ea668eeb63dd259a23ac68c73e4ab4295d51a22c36284d9c8667ed1

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\am.pak

MD5 b319cd4192f5bd03bab4644ee51e4ebc
SHA1 49c52f43f542022a97d2ae18a56a266deb901496
SHA256 ab1d0f3bedb5806fa7268773b6193928cdb40e641d8563c14df1bf962434d5f2
SHA512 3fe8284422bb7de7f2e3e121b8657b7686586d597b4d453b2e38f119fd25bddd61c1218f22cc8e4bbf37f393411bb866c0d6c166207b5bbfeb45f5459e29e370

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\bn.pak

MD5 124d35950327fec461c07dfb6dde72eb
SHA1 f3d7791dd6bdf88f65a62ec2e8170ee445b6a37a
SHA256 def934201f35a643c8b097be42fe86f2a08cef5523cb61e2d94cb33ae373f502
SHA512 05a993c9ba52083b8a7f0b3662eb8e4a873d23f309d334cb4e4088fa5e33d8503fdc6d19f247c4920cdd91a165995c514b2a061c26fc44f89e864516ffdde9b6

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ca.pak

MD5 90d8b16ace2fc684d0ddde0d71f64831
SHA1 ead7dbeffb3c102d3547c8c256135991b547ade9
SHA256 020350f4a902c79e0f1f5366e209b2c309ac51b6e72d9ccf51cdde2fab756e3e
SHA512 bfeec65e7c001d7a29c18e6bfc2b4c6688c828419d0e9823d524a7b35c24a3303c1cfb8f14a98d965d4ab41c5110842ec64cb7a2928309b0bd31291e85b168b7

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\et.pak

MD5 3ca246cd997a68bb4a6daa8b3b81908d
SHA1 842bf5f6bdd29ccccb24ea412497acdb37a5f805
SHA256 25c1e1306160779466d8c039ea296db65d12dcf21d2ad794a36ab62b1a7901fe
SHA512 32135a0c29bf666833292b557634d4510c185f711d7ad8625e981811ea082dca0d1714f481c9c8ce8b3acefd18469093d48fc05bc0160ffb87d1e2b90f4cba1c

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fil.pak

MD5 7c3df3c13393e1b24e4e96f2b9082a6a
SHA1 caae1c99b589e14184e9f2c89f698a2558f4ec3c
SHA256 27196aee4a6248bee44ea2b5a3de90ccc2cd53f8ce1beeb796aa4d7e25bd43ae
SHA512 2d85d37d9560cd6ff460e32c3c569851ae28d794b5319ce74c010cad527c4004e54c993d5440bd22d6e51d86c4c4683f8db03c38abca4839a10e2efe46ae35e4

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\hi.pak

MD5 815dfb3eeb9a69919ecf2562b6d4ad34
SHA1 2d0fb4c2a19b7a991974783b51b13c7b3610b686
SHA256 a480e95a5cf338a90f7d077e4147f45696db9ad6e8cae1765ccc5ef05fb48505
SHA512 0e6c8374ed7f6f3b523c2dd5455b598ab0650da8ce3a8243a1a42c6327db9a694947a508a90edf95685c84120cc73964a16c7ec49835ea398dcc6186d08ef1b0

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\kn.pak

MD5 5a599f47d2e2ff1aaf4c8ccf8bafd10c
SHA1 32aa52f2e90348725eb619187272e9c5a7396bd9
SHA256 e55425a4ab6425f60a9389e5c19dcd5bf437816ae09a21cd53750819040143d2
SHA512 7ecb69b70d5782e22ef9047fbfa29c0778e894c5cd987d33d65e68616ba2a42a133abe16f2af70aee4fdcb34c7e8e3d3bc3c556c754a010132610628516ad456

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ms.pak

MD5 63c4977a1e8f5ab37881705d084b47ca
SHA1 f716932d886b8a5441397dd6a8625cef88e85bcb
SHA256 8b18fef24ad28663e4dc5a5113a35111a78b848d70ea7fef4156ad75bdb4fea9
SHA512 3afd4f8db5a0880319b13009bcdc14892b8710b2ac91dea8641f1f632866ac564791f1d302e1208aeeb9977e613fefd6bc7c0a0fd5cb5d031a768362bc0d85ed

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\pt-PT.pak

MD5 b7598cb8f05f465909ddb0045d60162e
SHA1 b794c944dd5287e550a3e46bc9a0584d3d753eb1
SHA256 c338f6de946cca52c457d236037cf1c9f13b6c73796b713f390524f321b401d6
SHA512 a53e9d6af760c4aebd418de134ba23ebc27076b02082e9eb1afb1bb7ec93a45ea22a4961c49023d7ca8b2d3aa99462ec35180797982a481ae823ac19b4b96f84

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sk.pak

MD5 3ee3730ba0f6894f2651e4e1be37a214
SHA1 3a3adb77fcb6d0514a221e6671d815a1cb7a2c35
SHA256 23c8d9722e0a2e22fbc8ae1bebb9cff456fe026c986a211565fa9398376e64af
SHA512 000928407693007645230ab593a6055e6005e6c2cb362057ce8a1915ad96030a03b134ee20e3197daac9920c69df188867d3c5a603a3e36c2eccb0bdcd549206

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ta.pak

MD5 3dcd0523ccad674f2e93de57ad0082fe
SHA1 fd4a28ee288a1f33ee7260ae80df93aae9718039
SHA256 72ef4527f01018c90c583e48f37d20bfa684012bc00cb9ab5ffa3e222b9c7f3a
SHA512 2ec95b89051b019e98e6a1852e5e89e1c985a10998af1cb2603e5766698a2880355d8e6b959e60e9edb84354e99d0286708027c39a8add816c172ad1efe35b49

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\vi.pak

MD5 806b7d282e74565b95264ebbe6794d48
SHA1 3aabe2d802283fb9b3ef43932c1b7638ef6a1053
SHA256 7b4bf97b78a07422359b709ea17d1d6aa038e12ec420cd0fc7dce4b313fe4af7
SHA512 7380b7a2b239932d1167f194f81a1c867983fe318a1e48d246470de0c94837edd6c0a641e06f888e36ff5041fc2a69d19cf1a46bef816d07fd3ecda42b84e524

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\zh-CN.pak

MD5 c82a124cc6e87ad403a67007b9c1fdb0
SHA1 1d4f1c0a3cda7d4a75a0f4035bc6d2718102f09c
SHA256 f597245963ca7b42b2a7e5e80af5258972002fd4bcd3a21c875e4051df3eb1a9
SHA512 5e45df31658039144316299879b4f1de7eb157fb830d08e8d93d3ccc2e033b1f8e2f59d29e11785ac8346988d5ba2afc373c01bc4a58ba3cc4439d9aff1ada87

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\uk.pak

MD5 ba2462d8b3b975bb265bcce6a3410cf6
SHA1 3caba82b3e14350a33711db68d98e6d211ac9fe5
SHA256 1dc63c538f6b96cf4e70284c078a6e18f58f599db2a2ec594da23b244944c9cc
SHA512 a46441e2c97032928dfc19b178cd3261887b7076917a4fe829083151c8298703c3921001cd62c630b35504444f069973605b487c954623ce16682491fccb7d50

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\zh-TW.pak

MD5 ad19e8ac7f2b5e5f67b9f5671299d19e
SHA1 4a6936a4971c2b9a414f40de3eb5dafe1b5b3e52
SHA256 e30d22153e0860246c8c37855a385471ad1e74e1eadf56476a1ea980f9204d86
SHA512 4f283deaad6ef0327baf7cdfef063293d27c1746431261553a6c7925832fe77c8017c6d11f36c5ec657ecd3b563099c9e35bd2cbe52c12ee734f4bef9bffe077

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\tr.pak

MD5 2bcae092530d06fba9b23492ac4a1d6a
SHA1 4114af7364210a4bcd10099911083de2abc25d40
SHA256 65105386d6b52445fdc7660648259b43a04849a05035d749858d9f64d4209836
SHA512 e87778246b98d87f2f29e2abb02290b829cdcb753fd9b184fec61b0523452e262527432b73a11eba86d547ffce2ce00b4180ae8367419e2174b825ed290345b3

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\th.pak

MD5 1a66feba0d44231b935d83a7f36a09a0
SHA1 3e674234b10350ebec218c904a9c90f3edd29711
SHA256 11fd04f3b33d09041d646d34e61fa15b96c12dbc62e229b64306356de6155cac
SHA512 b7617094a6d27670c0720dc5dade4a866ecdd68c45c1b9e6dfe1c3074dd1957bd7459210d111ef33727122666b24c2449cce9f3e903aae59dcbe438b38c8a021

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\te.pak

MD5 1eccb7be373fc3144ada2df9e493cc07
SHA1 eef3e05afdf910671a046cf90291c17731bdb378
SHA256 bd0a936ab62ab6ab172a192b7c082b824706f6b3d88580a6b6be32809354fc2a
SHA512 ea30d14fb7c2ad54263e12eb8469e6b058afb30448900b55d944aa87e266d735f2a04d2f29303087f2d13f379483d681285182e6ad2bb25bf36e311828e2a08f

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sw.pak

MD5 89c5dce32ff87d5fb2b8e815f7e4cbab
SHA1 ca3138ea6103a5ba39e35c53e980b44c9889d386
SHA256 ca8d57f632880f7b736ef7f8c5f35ddc867e50919b1f7d835bae76f823ebed13
SHA512 9e3ded0e33f9441f31e95317ac6a7a140ee5c63bea8b1bf8c03952804fb6783e61e7971d5cbe1c698d3c4067233b78bf37099054fcfe38b091829f5435e6d435

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 d226502c9bf2ae0a7f029bd7930be88e
SHA1 6be773fb30c7693b338f7c911b253e4f430c2f9b
SHA256 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
SHA512 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 41d3387761bbb79d4820e8d242561027
SHA1 27dfda8ce933af12578fb64f3171f40f56bace55
SHA256 ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5
SHA512 cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\swiftshader\libEGL.dll

MD5 2ffc36c5555a36a4f26c1aa7a8108b4a
SHA1 2ec38b17a0e9d5b0a4c397921aa4430607d32edc
SHA256 f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5
SHA512 0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar

MD5 dc3b86aed20a3253e321fd8ba626c12b
SHA1 2dd32b86a3f8337f413203bb03921cb25132f386
SHA256 93c18d94b203026d490823b5f362355b2a60f1c2d752ddbf20b0b4ce0e6df45f
SHA512 985bef4162bf2afb57a0226e0dccf5af9f4f49c36f45df8507e68dd07de01ebf3e249d9b4d4b8ec93bf2865a11ff872b4b9edefbeab423badf776974b792c487

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sv.pak

MD5 007d56b78104f7e245f7c84f07949f25
SHA1 8e3104a8c26f8418f44e19640d9babcd68a640c1
SHA256 e6c9329d7184190a0282f6440dcad5531f9656514a37b7dcb5a510ef17f3793c
SHA512 30c492d48aff33af8a0290cbe29864ff5c7d46dc50f5c4c6d5c96e6aa273926840b28b78958070e1534038e66c0142ab65153d32d28b56fb5dca28844370a946

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sr.pak

MD5 0cf9aea120b76672d2b5e30e928459c5
SHA1 0219aaa5d84847fe86762baa82b7b8b301239c9d
SHA256 b6aeb180462d8f312762a419b45c910929e2322d45bbf2b84b0871ccf7838945
SHA512 e79a0800571ab7b64602db4941b689231edb20d65a89272b7dcae53426b7811791df8f6ef174c83680a6adf931efc3d47f133b971254c139e8b04953b8a10979

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sl.pak

MD5 c20064c5c0dae644ce4ccc0a2234c128
SHA1 a50411c1431ae1f4fac74a34f1716809a0623380
SHA256 576891a9a61b9cd50024e507e93d32476332977db8e29ef3d46427015d4d26e6
SHA512 04f979cfc813c6b1d3a5d9b3b306c415529a1fb72e415e2742ee25ccebf04bbe3abca91bd66aa3633a97a1383f3c4b915319b8d0b25c0ef6eb8c2e08312dc01e

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ru.pak

MD5 d269143626296c69906523810139e9af
SHA1 43abe13a4837892644774bf06eb89cafec49ac95
SHA256 b1bd2d1cc678784ab73a691d4a3dc876be78eee0a30661ac2666a9b8ab864ecf
SHA512 76b0cc1841dba7d4b4175b0c10d6c36c7f3e8ea4ad0b4e4c091391e2754913cb6c02f0285b73372d604a395b23995998090a0c68b607b4106226b7ac67ceff23

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ro.pak

MD5 1ab0cbe10cb7c3d5beadc7b04a881885
SHA1 eca1fe3842b4a1b070a0f9ba1a27fd3e6284ba80
SHA256 9a80b326b712debc0d6e9639b45352fed1c4a49ec37490b49b8506c636fd2947
SHA512 581e42422db7ead773990036ce49a5d2589f3af610604582a4820dcee1c37d2923fbace738a42cb8b87407915e1693bbca6a2234a0716c7c8d875ca30915289b

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\pt-BR.pak

MD5 7b7bf21b01ccfb27af8cd37d738f1106
SHA1 da1db09ee88c005610ed08dcde1b2cd73bcebd84
SHA256 1feb01da1f443fee8ff01c3b585d8f0ebe6a5e242483cf6f0f93088e76913e76
SHA512 ea0bf1357616fd33b41c7189eafd2948324bbfdedb043974dcd0f78693fe868a4d37ee2c0e979d9795cad63cbe70fba0794641beece737886cf92bc29622e464

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\pl.pak

MD5 def25f809c246d15d8a2f41a78b504c9
SHA1 4462b50e5613b1519987584d974fa0efd1812ced
SHA256 165005f81f071a315d0c4183fb3bc899e464c4cbf2dc450ffa09ae6bb5d517d2
SHA512 e6f17d5426ba98348209a51632db0cfe19287baf3752948bd76acb77b7eca51aae905adf7c316b17cc44856231d034f044cc056b0e0f1ce3b4999dea29597cc9

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\nl.pak

MD5 6e404adeb945cb7952a8c4129e098759
SHA1 a870715beab03f3a53c74b5aac2f314b517184b3
SHA256 7531e450f725f7ac75ceaeceb09155786d367a4456f4e71e7523af9219748434
SHA512 30917740d923ca25fb9f3c32bca100d58388f5c6d3516a29f3a39d1ca8ab3e4058b271224c8b9554479d91718cca3dc1c9cb08b38b19ccc36a0d57ed0146ab70

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\nb.pak

MD5 23d5480b833f65f1f55cc3bbfbdf53c0
SHA1 639eff4556e4d6c879abf305176f23c014927042
SHA256 7ce821732e743c2da1f81527355226df11a21eec137940a034afeb34618c5daa
SHA512 b46b25a4dc294dab0f34e5ec733dfe7e1c73c6ce2817640a620e9a0c196292a7a4737f0f10806efba4d5831d5a2f0833925083983927b0d74cbc5c46e9c8b953

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\mr.pak

MD5 da44d4ade4c258629118dbf534f0c2cb
SHA1 d93756c9d2d2db7755b4b7d47042a451435cca7d
SHA256 fcf1d938863cbc4d4a1d62de0eacbfd17fee4a0f5a9fcc09627bc22a98e268c4
SHA512 827c291ccfea31799e2fd48ee35aa179006a7bb3420c0346b5f1291abb4560f84b952a2bae820ef129ad77719edb16873328e7f0d030f9e2970e0c620fe59328

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 e953af210d80104c8d11bb9b0ffa610e
SHA1 622182ba16e306764dd1065b5e9b60dee4c7ab61
SHA256 2e23fcc0fb0b3f5627d673851d3332bf91013bbb4dbc3f262103fbc9f3a36c13
SHA512 862523d972bc61fd9307eeb211b3937544d1512d3e11d7842c0b3d6caea01015e4c5779ae6569e04133982add662d61136f0e042c45c1a644ffeaa22504e7ec7

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 7586b9fc6576b92a34ec42559d682493
SHA1 4cfe6267b70fab7dc710a13acae198c31f3c8827
SHA256 0159c789c41c0605910de892eb9d77abfafb48be409a9f1f2dd6dd7a3139c00d
SHA512 7571281f97761b878f9e4c3b8467df908761012a7e97dd1ad4a74ebae4b5e40da8cab4aa5f23a3f151e3d0038943e30e4b943af4bdd2449e0d3df0429c033d45

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ml.pak

MD5 a66617706e80fd5ff8ab6ba8dadafef8
SHA1 3718d0afa1bff72ad7164e41cb46981811583422
SHA256 51b2c600046abfa5774b85665d4c882daa3c90bad5559185f9335ff61f04fede
SHA512 4de6fabef9db34791d0d165b5064e68ffa19630482219e4c72e6dc0f9e9e56b1941297862bb2e267cc02c3d3327193a233f642b11cf74e1892270721a2d7dc74

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\lv.pak

MD5 fe9ff0063f35ba05d27cba720e2e69d5
SHA1 16a87c24f027eda9865df7090ac8023c7ae5b57b
SHA256 43bf3b7181b607d8769da6c2cf671e2a429439aee253dd774ab5bf5aa5fedde0
SHA512 794b1b87ca400798574be56cf8da9adef78f1f9f91dd42fb23e6355caf0455f8d982f2b3d9bc252673704375eb4ccf32d58ed1cbbadf8780590e5777ef41c035

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\lt.pak

MD5 720c1b3c95e8613f2cd9e40f3d160ed6
SHA1 1ea62b51f1a2c80b92e3348de260032427a9c79f
SHA256 51027bfd566fa26cd561f9bbfd2b4a6d2e41e0ddd786b7338cecc43423b3e6d5
SHA512 32ad5243df09d642e058550d2ec58a8a8de00cc442da551c195958a95af7c82c4d2b63b27d474a065b0ced5680d3e005b2a36301d02fca09413e165089f47822

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ko.pak

MD5 e2a95b73f9081efce223a180b7791c16
SHA1 addd6ac05707597b917ff9f7c3f7524be26df7ca
SHA256 afac9566a4e1fdb2be75faee46bf9182f81b85373d60cb583f1051b12d9719e9
SHA512 70eb91347c21f0e648e9fcf82ffbef5e3eeb6c0268f85fddc7ad4eaea2e22eadeab653476196240a75361505f40b0bdf8602b0f414faaa77354f0fe76ba4e09c

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ja.pak

MD5 640bb80728453be0104566caeeb8eb82
SHA1 362b46036c58421f4b0f9b2f714b21e244aeee44
SHA256 1bfb337c19c9d04bc53df2d2eca6b73c11df33b6fd07a6a3fce5427ef0f38cd4
SHA512 1bd764ec56166ac59fd2acb1ac81140bab2ba7f326c0bbdc9cd30ff6246fcdd98e49310b0528fb0d8a9256ac06ca3e145a3906a1815dbe395d989443650f81b0

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\it.pak

MD5 5b03bfc915b62aceb06b9c670fb77e33
SHA1 9c88ef98dea5a7d7be8571354ad3c033033a40b8
SHA256 1f9a38c852c05577aba397c388b35037eec6b9d90593800b5b57bac437b42684
SHA512 b22c4db0b56c136e9263a15bb2a31a9213ac20321b189cb0572bd1f0b0b9989a7e698d94750d9c5d01557f4b247abf9a8cff1940bab03fdb737a8276d96ed1d0

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\id.pak

MD5 39378b548f712608903ee8aa25db212d
SHA1 7f5a3466a4c8609c6bab7ed3dbc9fed52cfe1e62
SHA256 426a302448ec17e313724b38bda9ad4d5c031da48a1ed3690b547b51a06229a2
SHA512 7d2d823445316f5a63df286af2f1e28b90b8e3a04aabc835020b17f690d95f7ba2d0261876495345876cf826fc57dd0a9577e79af7e609adb8c71b8b4ff03550

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\hu.pak

MD5 4b5fea4bd49738337ab10bb3f1e6bda4
SHA1 0f27220019e099b658a9c563995dc2b022fb1d68
SHA256 e526c9c9a8c4d27c432d3cc30766fbdec6c536b696a7ccb7e9376f0e55147b90
SHA512 4e271f8ca0028ff5b8a86e8610174739d2d2b7a267381562bbac3543d03f6895b3361c2f6fcfbcaea6f5aad1690e878ae0de5c905de12b213c2c5c396caafa66

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\hr.pak

MD5 ebdf0ad52e9a0f8c8735614775ff5a94
SHA1 787feb9f703daa094814464b090aa5d36725e007
SHA256 b9c21e5187e8649157f5e49e014b8c285866ec839638344a31234b60a17e7d47
SHA512 e2853884687393fa2b0f8e4b27af5664c223fd5bb2862e5ef788f912771eb9d61e7ca1fc39f29ab679f49986b5a95b9da44727c69c99dfd3bb8ea2f4e974ada3

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\he.pak

MD5 5db44f8dc63c819b0ae2a5458e36447f
SHA1 6b440ad4bdef6acd31ca8be5d085db26a49a209b
SHA256 bee5f133cc85f8ca280f9f41df6790aa65161fe8dac8dea7e26fc609240e84a1
SHA512 cd0d104597c5c926480443b5d1a16526ec0e48c3d6dca6233ec7cfa63f01f2f5674d9ac9a86a45b789a94fcb3b63aeaf92351bac2f4920a25dd8d4fcd1edce19

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\gu.pak

MD5 10c1dc999bc7ab62e1f26b0497afa7bb
SHA1 68da1055b8acdf016b152a2f401322d3d76885b5
SHA256 b9690f3c550deb0827e409015abf3bcaab01c9acd33e96932e85ac84ff4c7831
SHA512 c10a956fdfab446b74f1dd2a169201f0b7ddc4ff1d7a635b9c81f07942ea0d34ea327e2e7f07e3a672ac85c8b8ce7a0e871d02946da4fb5e8e75713e56cbce61

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fr.pak

MD5 a17cca5f1db7cedccda9c5a7784bebd0
SHA1 c5e0a0d24a14a535406886c00ad10d20638341b4
SHA256 e8da96855f7238a6ee3162b08d46e5ab84d98179dabf535060ef5fccdb36bc79
SHA512 0bb2217e44f1c8cd9e4cc2127454e1fd137c6fa101914bd230b9089d6317f599c9dfdddafe3d5cbc0fdc036e7b4f6e5cb528bddc572b5e26c8e0322f1a7d0b97

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fi.pak

MD5 a3b5292c5e2e981dc4ce9504f638a542
SHA1 6cf480f3d7cb5df71bdd4089a1821f2eb2dacecc
SHA256 f4f2438a3810ccda4740442cdd964e43883cdeb820715cbd7be03cfa6b1e55ed
SHA512 6ed819896e2aa72d73bd2af731f7f714119fbe7d1fce5909d1a9d9ecb99c6369505e6d33f1f9ebadcb0da608f9aec365bc6cb5f6e22373d577cced7e317772c4

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fa.pak

MD5 46412682e8d0743714fc28a520aeb35d
SHA1 dc6bd723efd460a56d205bc199e3be4c98698ba4
SHA256 9861d5260b98b384603ef02e97dac0295fd255e550b57fd427bbef24b1cd7b17
SHA512 c77c5344c6a7af4035f865aa7e3a3aaab39b11c4a3bdd94aa99f15dbc6ec7cf4b6057ff48fd55e2ff41041728fecf80dcd488578dc1db249ab1b7598fa438f14

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\es.pak

MD5 09e0feb85585bb4a220a3ab3f21adb9b
SHA1 e564afb37d5f5305585ad1081a26b34ebee73ccf
SHA256 cf7ea140dceac78042e0d35da45a4fe732eb04e1d2b138bee4cc2dc5e7e9a0fa
SHA512 8317bd2b4f509edabac1a74ec32bcfd54b14598799537d90178ec349cd71fe967d5c677403c85e305a6f2e94722c20a83e65c0bdb29a6265c5355683856f4ade

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\es-419.pak

MD5 f9958dd6ce0ce1acea070bbf317b1160
SHA1 0dbc4020e505a053cdbe6a0a9506829498a8a25c
SHA256 ea868929f537d48e846f86020762c59c77a0ec67765c3af22e08fcc853f94c2e
SHA512 35a6e5fdff6b4e3a076eea70b7c551f1d303b4db4e63aabbbde54b4fefe40d750a03440bed7851f12750661ff8b87c5ce3382b0c71d0e171f729a7a82f968cf6

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\en-US.pak

MD5 b58cb46758c6bc8fe4385ec2ce4e50b7
SHA1 34026e96e02220cea46a31c2319f695ca2e0a914
SHA256 e34c459684971971765943e8b5b2d1751b329a9502f0fd6649679823f725b8c3
SHA512 702384f9d6d77da08fc8c49a5f65957c56e363e1ad37f9d0611092d248db1f79636a6cf336e55669e002194f589f584b5663b4d77e54fa95e18f84eb4864d7f5

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\en-GB.pak

MD5 05f7b55019ba0a9da84073cec0a954c3
SHA1 b46462fa8c614161ec42fa791e4ce3163c92ea8c
SHA256 a690e642a6b781efc3da2e8c83e554d6e8b9ae6ac34f6f0a4f327dd9ea7cb7f1
SHA512 30e93503db60b8c7a8dc902efa960583316cb83337eca102f0bdafc47d3b59ad5ea1eb99b5b9deb0ff66345d551485963e4c61ce555298880aafcd298057fd34

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\el.pak

MD5 b3724a4dcb17bd341da403acfdff0bf5
SHA1 05fc9eb29381f1befbafb937c564a87205779264
SHA256 0adb6e5173572ab4a3df5671cf053196f158294bc1e07275a7e6fb6d8da81b06
SHA512 3ccd57eb43840573bbd7e6d8b24028213acf58040b2795a975ca4750e4a9500d8af74bebac1b47f2d9b87204c68707d53b0d927c0aeac1fa1bfdb1c899e66f37

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\de.pak

MD5 8e560e240bb79e453167f70409226619
SHA1 bde183d2191d42797a300f0c4cd83e1db278c928
SHA256 61c4a4b5c309128ba86a5345db04798be0680905543c6986f7b3cc4b1ba72729
SHA512 5564555eb203fe86e9630dc223e4012c7e3501d68554b6b7138a3c6064d39b868e7e2e0e8b994169e918e9c6f67066440b89c7ab10f48731a84fab84c2e7ff82

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\da.pak

MD5 66e780528890dc0f484a3d6938ac281a
SHA1 5f46f7915cf101b88d29213b457f37e24d5a083e
SHA256 e698945093c1f562d0e591c03d9670a9b01d0eaa56a2c80c1d12d91d88b7b407
SHA512 9cbc2b054bd3f9d39050a4a189fcf0127a43b9991ecdc9453679c53b38cf8a25138057648a756e01fc9b4825c009a8894ef68b94faca83cd35d268fb05556af1

C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\cs.pak

MD5 2c9e55ed46954a8eaa27105f3f074ca2
SHA1 bb4a36964cd1e8f140c9937586b5215fbd7a9632
SHA256 86f1847450d5c341893fa097fa6d4e0964963c0c2466a985d014dab0b65f34e6
SHA512 cf7141a3db9d44c0940e88ded1f326b5ca4031d18f8a8236b313c6a6c41289e9dfd12c3367181edcbd5425deb584b082df004bd6db0ca55a1da151703af575bf

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar

MD5 596cca96bc2ac81bdc4d6c611be479dc
SHA1 570445e538f6cbd293f08a15ce120f00bb6a246e
SHA256 3cc6e3861eda5558105c9d44cec880c14911793d3727152cdbbf96b2d50c6c3b
SHA512 b4a0cd1475a11567d1283d846084c3e8d98fb60feb0a49e448a390dda7a7742f94212f6f7e2bd06d8f92a6afbee27391c3ff072cab286c21f84ef3dc642117b4

\Users\Admin\AppData\Local\Temp\f70376c6-f5b1-40ec-a9ea-c87c6cae1c2f.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

\Users\Admin\AppData\Local\Temp\70540422-b6f5-462d-a180-174a46650d20.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 7c5a66a3d56012ebd47f9ed26a2706dd
SHA1 734b5772ad328cee987c8553b1813411c7b9e70b
SHA256 132e49190d981d15d71f0e294bf92769605cd2316854cc95183b97b7587a7ac1
SHA512 eca6e47498a5a5021863ba333c190b302af1912d693291f6e26b1f0a5a4d57da91d71c2ba23380a094feea4908625f60212180c631e8971ea6934dd416b5672d

memory/600-574-0x0000000000060000-0x0000000000061000-memory.dmp

memory/240-581-0x0000000002E40000-0x0000000002E41000-memory.dmp

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\CURRENT~RFf763d20.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

\Users\Admin\AppData\Local\Temp\4fcb3bf4-869e-41c8-a29a-e11cb5d8c6e1.tmp.node

MD5 08b28072c6d59fdf06a808182efed01f
SHA1 35253af00af3308a64cff1eda104fd7227abb2f4
SHA256 7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5
SHA512 f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

memory/600-659-0x00000000774A0000-0x00000000774A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 95174ed811ca9da2645f855af26df2ad
SHA1 b507630ffb5846c203e161c33b2cdd64ca0a02a9
SHA256 ebdf629c02d8fb171ef6944d1980bf84408063628fee2d52976d152755486fb7
SHA512 43e6931270350e5b90a9b3787d52f4bc0f08cd976aad2371a8ea16dd4990199868c4519eb9f91b398bd1a788b3e812a67f57c2b041a5416b4cd6edf74e234ba8

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 aa2fa71346eea4be6695e82c04127e9a
SHA1 f1771b991e9f8ee7055e30d77277adba7af79921
SHA256 029db454bb721c0331aac95f73bad78ed278ef2836ce0a5e8113f77f0f270828
SHA512 6234d63bd1909dcc74674d2745d65094f009ab6a561ea75fcdd14be66bc39817de91c9b9185d9df2a228fbbb23545a2a985c56389b99b11170fa61f3e25d5a29

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 e0d4e30e1624d659e72176efee191c9f
SHA1 ed1ebc135e15086c8369128500f97294c5778af1
SHA256 59bc9f739f9c5f8fa1d15ece620ac1fcefc2496239496274000016919237ce80
SHA512 98ad551c9babe26a9b7b401451a011ddf3995f070b87dcb2f1490580232633ba846587f8dbda1ab8afdb2ed79df08f4718bc78c03232ead89575e2fe87aec1b3

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 af770148a2dcbbe050a72baa716d133a
SHA1 3b5a9aecb903b654fac411b010e8d62a058cbc58
SHA256 6c4e8dcf0492e9c4210a43b71e83362fc9d5847fd9d171aff769ff65d7af4148
SHA512 23bb1f6ac0d10fbc7d08c63d21785827e28f0ab03145af2a228bbe804a884f968fda65eabb2a604c89c6fed73836d4c0c95f84051d4b4e37b9e0fe8bac999066

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 67cb7c8f9f9e808d4197363e67c2bd89
SHA1 7d771fcec49e4ea49cae667fe38146f410e7989b
SHA256 0b26789c5c67e60e2e60be0f6e9fc873a2c1d09b1a7d164728ad44c9306ad7d0
SHA512 6c11d70c960f17d2490257e45e692d78f5f82c6759edf2f64e07ddedd653393fe14cb3d338ede9424ac837ee1e38dfee506ba1ab4d773c7e551158f48e6ded47

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 3c8a5fe94ee5f001a65d07786b6e439d
SHA1 224031b7a06f894721c0a6a1a00337c9602c133c
SHA256 573a09ad8d0ae2da9ac1a9113e16d6930bca689dcf14c1d5b37efb9033e8fcba
SHA512 bdf6436a0e6463a770cfd82434fe90fdbf96f8b4def76492b61d2466949da356d499c259c1950dc7758df5957eb32d6c786f7d5b6e68f889eae0b97b7e52d310

\Users\Admin\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe

MD5 291d9c7458784389d287ef8d4137ba82
SHA1 a91ae3ae4e211f4d69cd4e901eefc4a1a68bd09d
SHA256 4aa814574f1cc2b0af6b1cb6d7eb4ab9d0f26f7d87bcc28ab139fdc67c5dc0c6
SHA512 c282ab3fdb1afdd0e09b8e1cdaebb0e5ff19064570071ad34cf8031d0e5981af778f1fbe0840f05d1bc7990389e0b936ef1441e19f46b742462bd4ea3f97c1a7

C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCA355D4F6BD42AB8BDF96CE6F1C2FE7.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 4c9d460ff7a76a417aeaa7550d1ace1d
SHA1 579006b0100e3a9af6d6b0e00f579d7fc845a393
SHA256 ce4092bff946ec9f727134bf8b2cf1bed8639df3d3f5bc00522a0074e06dfba2
SHA512 2a50738d62e8fe91d87d267447968cd41a3de517bff3de93da2f87585c5240a77c8c15282618e1331f8dbe196aec24a07021eb83e59b799aadb6697516e95128

C:\Users\Admin\AppData\Local\Temp\RES5572.tmp

MD5 f43a80f46b4226f25417173967433b9a
SHA1 73093543bf80a27754d8cd648a6271dd9e405128
SHA256 6fc631cc549443b4309c1805a88e86f794af7a240020147c7d4754ca0da52373
SHA512 301ff138dc3b4d37f5abec4ea14f619b94b205fa253722b1f3aebf76166a5bc765fd6e4400475a02bef7774555eed70f987f571ce7739357b1dfd5b9dbc25d6f

C:\Users\Admin\AppData\Local\Temp\RES5571.tmp

MD5 d2b2f98a52544817268b79e3db410c8c
SHA1 37482f6616e510a9430a28ac9743b87661244ecb
SHA256 609345ea003dec74f4669297f0004665a5999aaae021f5287d8b94f87d0dd5bc
SHA512 9f5b84a29ed92f1103310472e8f6e3ce6d45e3f578ad2757d4a75c52cde3ba535b6daf9a2119065a18b43ee0983e982390f68d7e47039406e0194e369893fe49

memory/2532-831-0x0000000000C40000-0x0000000000C4A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RES5580.tmp

MD5 61eed4694ba5217da95e64ebae66571e
SHA1 6f92d891fe208e45121f0c67ba46cb07ae92c69a
SHA256 3d68fe639a9fd89e0451dffb2797853de5be0f6aa8570a6e404024f381ac1de4
SHA512 88542094fe49a29db2bf9ba5eadb76cd21229ca709f2ed17cb4089683901dc38ac3786963f58840f0e9fd61efb0aafdd7399d2d014f65f1837c6ea8a0c174eb4

C:\Users\Admin\AppData\Local\Temp\RES5570.tmp

MD5 7823d76b4aa0f7757180198242fdfd8a
SHA1 2026f201145465505dcc67625428a3ef7674c144
SHA256 405a3a9137d18affbd2b5050d1524ac7f3c8444623d156e892221a93aa1ef6bc
SHA512 943abdbd1c8557df9e320c5daa89b9db61a0bbaa3d02343b18990ab232df20c47e0874432ecde78412d2940a375231986148d9ed3f9c3ba23c40d777d986797b

memory/2428-844-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2992-849-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-240-1j0chk1.8mq.jpg

MD5 dabdaa372e0a6350ea25255d7c45c4cf
SHA1 d859d31924be44623a88285caaa2af0cca8d7e58
SHA256 78d497f3e70e558b6d3e697577159dea83e61564b199738ca3ce1260b269f1d2
SHA512 f4f0fedbe3dc8d5a2b5dba21c48cbd883094d88ecf6a68a0982fe8a45c8dc1d52bfbd85289b3fc790267b5cb08749d405d1ad977d84b0c2a2f6c459a78fd35e3

memory/2652-856-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2992-852-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2652-860-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1016-866-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/808-870-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1084-862-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/808-874-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1084-859-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2392-882-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2152-898-0x0000000000330000-0x000000000033A000-memory.dmp

memory/2152-900-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/3060-919-0x0000000000B90000-0x0000000000B9A000-memory.dmp

memory/3060-922-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2152-916-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2408-842-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2532-841-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2844-840-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2428-927-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1656-931-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1656-928-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1588-934-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/1588-936-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/1656-926-0x00000000013D0000-0x00000000013DA000-memory.dmp

memory/1568-940-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2408-944-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2992-951-0x0000000000350000-0x000000000035A000-memory.dmp

memory/2992-957-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-240-bx27zg.vhll.jpg

MD5 2f8de0e05490d1ac0f1cd38893a1e7bf
SHA1 0bd7885c20142107de534352941f323fac8ea07c
SHA256 c2ecf250f5d37fed74068a9878b27af552105e209cbd7c5cf832644350de8781
SHA512 a6acdfd78c0e8478721cea622b95879a783d6de50864b0a34d027f5f2c2b8a7e0cf22096661435096dfe4e370c35ae23ae52d1431bd5d8ce850a24c0f0e5364e

memory/1016-952-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2848-960-0x0000000000ED0000-0x0000000000EDA000-memory.dmp

memory/2848-961-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2848-964-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2540-970-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2392-975-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/816-976-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2304-982-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1500-986-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/3060-985-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/1740-991-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/704-999-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/768-1005-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1568-1004-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2632-1011-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2408-1010-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2376-1017-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2992-1016-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1964-1026-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/972-1027-0x00000000010B0000-0x00000000010BA000-memory.dmp

memory/972-1032-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2540-1028-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2168-1034-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/2168-1033-0x0000000001140000-0x000000000114A000-memory.dmp

memory/1764-1042-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/2304-1041-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1764-1038-0x0000000001260000-0x000000000126A000-memory.dmp

memory/1544-1048-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/1544-1047-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

memory/808-1053-0x0000000001320000-0x000000000132A000-memory.dmp

memory/808-1057-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/1740-1056-0x000007FEF3580000-0x000007FEF3F6C000-memory.dmp

memory/704-1062-0x000007FEF2B90000-0x000007FEF357C000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

157s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4652 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff972f046f8,0x7ff972f04708,0x7ff972f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17424330102665439288,7621720802365733611,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 559ff144c30d6a7102ec298fb7c261c4
SHA1 badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA256 5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA512 3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

\??\pipe\LOCAL\crashpad_4652_HOGSSBQNJJYADDNB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e36b219dcae7d32ec82cec3245512f80
SHA1 6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA256 16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512 fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b35dd7b3269bdc0c2be0b32301f2c924
SHA1 307e2cc1387dc1ab09f3cb5409172551bd2d21d2
SHA256 ab4b3f9c5747c5ac3b61c221053fe221a912f3ce55e95ca249cc9e8c199e0ff7
SHA512 4d982fe1642673dc81ef2d795eede3e4c9993a133a5c516d603cfd490d90472551c2b92a200b1cf800b45cc8cdc857d72e71f2c92c44306790572c4f99f2b13d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15453a44ed96be32e038a4b21262ad63
SHA1 54ef2724d807eef039ca58a77ae1eaad50fbd605
SHA256 1a3e20f69f6768ed4e12c87d52bc025b9ef697f9ceeda67a5c74afaa350e569b
SHA512 aee15934acbe114670984039e5229ce718a8105074d9018d0f86ca260131d54d9e0b364fe083591e905326e8f8c8d96f2ae8d3b8bc8b6cf3dd99ad1c1a94f5ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54e0befe27290ef1ab09c472d3d69a53
SHA1 381345d16258cfbf0887023fa70eebfb04aa5952
SHA256 8d2248285984aa2bba4d94a411da4438f25e2081e51c49bd2b7851c9338cf634
SHA512 006bf32e23381b263f4002c6cf2ae2758d93aa0af8e6b38c1fe023bfa9e6ed292238f210ed1e6292827f7dda3301f95d0fab0e49788351bbe77b011a0f9c7ffa

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

122s

Max time network

128s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 2380 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2844 wrote to memory of 2380 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2844 wrote to memory of 2380 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2844 wrote to memory of 2380 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2380 wrote to memory of 2372 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2380 wrote to memory of 2372 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2380 wrote to memory of 2372 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2380 wrote to memory of 2372 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2844 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
PID 2844 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
PID 2844 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES32F2.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC14F24DE6C04B417183A65A27A065BDEC.TMP"

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe

Network

N/A

Files

\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC14F24DE6C04B417183A65A27A065BDEC.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES32F2.tmp

MD5 d455a8251868ea69f97f5b15cfb1d7dc
SHA1 80f27e25eb7ce86a5a9d824b605df55cb1b11bc2
SHA256 6ceab3ed79a2581bdb7bb9d093ca65a11b5458eb8930a0f579cd58d9a9aeb643
SHA512 df0ced419ca4d90e8ce8ccd485c29b6bb1604ad26bd4f592759eac0da5ec139f5f3f6316c921a3d95f1169c8f3b17f0c872ae4fe20712f4fe0eac62f5820fd06

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 90b8c634c725453fbccbbac689f167f3
SHA1 ad68517648efe8a05418599561987e652b27785e
SHA256 0ac884653f1ae93dfaad497852a5afcf3f6542b8f93d357849e4183fdf10e813
SHA512 de4073c052648096c4f0b407dc65c058e090d8d2f5ec15e676bfdc386a01a0b90335421ae5e6828edcc27d10294787903d0ad9db767856cc998671b116664d0c

memory/1728-8-0x0000000000A20000-0x0000000000A2A000-memory.dmp

memory/1728-9-0x000007FEF52D0000-0x000007FEF5CBC000-memory.dmp

memory/1728-10-0x000007FEF52D0000-0x000007FEF5CBC000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

119s

Max time network

133s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240319-en

Max time kernel

119s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:16

Platform

win10v2004-20240412-en

Max time kernel

199s

Max time network

276s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 67.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

119s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 2320 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2124 wrote to memory of 2320 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2124 wrote to memory of 2320 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2124 -s 88

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

121s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 220

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

143s

Max time network

160s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

109s

Max time network

118s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

Country Destination Domain Proto
US 13.89.179.14:443 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
BE 2.17.197.240:80 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:14

Platform

win10v2004-20240226-en

Max time kernel

154s

Max time network

175s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 13.107.253.64:443 tcp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
N/A 13.107.42.16:443 tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

138s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 23.53.113.159:80 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

122s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 220

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

118s

Max time network

133s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

150s

Max time network

159s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

118s

Max time network

135s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2508 wrote to memory of 2744 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2508 wrote to memory of 2744 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2508 wrote to memory of 2744 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2508 -s 84

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

151s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

Signatures

Epsilon Stealer

stealer epsilon

Enumerates VirtualBox registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Wine C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Windows\system32\cmd.exe
PID 4680 wrote to memory of 4744 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4680 wrote to memory of 4744 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe
PID 1736 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

Processes

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1784,15037436157930510615,7329048885218531749,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1964 --field-trial-handle=1784,15037436157930510615,7329048885218531749,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2364 --field-trial-handle=1784,15037436157930510615,7329048885218531749,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2956 --field-trial-handle=1784,15037436157930510615,7329048885218531749,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8 0x51c

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18op2qn.22y2.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1tk7wvo.liw1h.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5AE1.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCE385B958DA0744D584E638E835C3148E.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1tk7wvo.liw1h.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18op2qn.22y2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-x4vy45.bgb2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-x4vy45.bgb2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i15e48.p1p3n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i15e48.p1p3n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1twbgs6.vcah.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1twbgs6.vcah.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1unb3r0.dqy5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1unb3r0.dqy5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1o0jjij.014.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1o0jjij.014.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-57dmye.hd15n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-57dmye.hd15n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-19yfeu7.dai.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-19yfeu7.dai.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-d2u0q9.iicnm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-d2u0q9.iicnm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8y5kye.j3gw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8y5kye.j3gw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-atllch.rzz0l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-atllch.rzz0l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1c4ewd1.d48h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1c4ewd1.d48h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-omlwh2.cgt79.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-omlwh2.cgt79.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xi5oun.xdm1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xi5oun.xdm1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5udqja.gul12.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5udqja.gul12.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-149fta5.uan9f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-149fta5.uan9f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1wjwwdj.1oqh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1wjwwdj.1oqh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-rfwkcq.ukzbq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-rfwkcq.ukzbq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ugs2d1.ymir.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ugs2d1.ymir.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18pfyr.5ekce.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18pfyr.5ekce.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8swnop.led8h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8swnop.led8h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1jhuv1k.iswf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1jhuv1k.iswf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1u9vrlf.r9yj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1u9vrlf.r9yj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ys0wjc.0ek8h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ys0wjc.0ek8h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-2de4hj.4avxm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-2de4hj.4avxm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1misv9r.hx2t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1misv9r.hx2t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1v3wguw.glku.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1v3wguw.glku.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1u8vue4.x6sm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1u8vue4.x6sm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-vjbsr2.6rgk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-vjbsr2.6rgk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18j09w3.ilw1m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18j09w3.ilw1m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-wrii4w.k5tts.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-wrii4w.k5tts.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ezv550.alkn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ezv550.alkn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1v3jyht.32y2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1v3jyht.32y2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14b8a0f.obqq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14b8a0f.obqq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-k5xvtd.dl5tf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-k5xvtd.dl5tf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-bycrfq.vy0lt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-bycrfq.vy0lt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1234d06.z54z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1234d06.z54z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-15jb4vk.rqpj.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-15jb4vk.rqpj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-iyy3zm.bc23.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-iyy3zm.bc23.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1m9lzi9.5cmd.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1m9lzi9.5cmd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-b4ifzw.fy08n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-b4ifzw.fy08n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1w51ee1.wcfs.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1w51ee1.wcfs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-55unj3.6jemi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-55unj3.6jemi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-99rjpp.snpba.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-99rjpp.snpba.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1oeot79.k7l.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1oeot79.k7l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-nxmfz2.8otjo.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-nxmfz2.8otjo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-exjbed.abdu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-exjbed.abdu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ovmq4.2ya05.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ovmq4.2ya05.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1m3szwm.9pxg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1m3szwm.9pxg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-qgqdxt.5clf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-qgqdxt.5clf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-170r5t7.24ep.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-170r5t7.24ep.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fyzyk.wq06q.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fyzyk.wq06q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1gv5tmx.52cqk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1gv5tmx.52cqk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1b5rgoe.tlic.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1b5rgoe.tlic.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-12i6i4c.fblti.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-12i6i4c.fblti.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8os1vd.rgn5x.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8os1vd.rgn5x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ef74n5.dfav.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ef74n5.dfav.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5cuc8k.b62q5.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5cuc8k.b62q5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-xl4jpc.ym8qh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-xl4jpc.ym8qh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-k3n6md.dq4v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-k3n6md.dq4v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-aq5vsg.o9qgd.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-aq5vsg.o9qgd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ly0gn8.lwaq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ly0gn8.lwaq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-11pq0gt.ndjgi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-11pq0gt.ndjgi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-m29gr3.zwjtd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-m29gr3.zwjtd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1a1xmfw.5hu7l.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1a1xmfw.5hu7l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-605zb4.ppxjv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-605zb4.ppxjv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1szmdh1.sw3fj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1szmdh1.sw3fj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4axn8h.8thk3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4axn8h.8thk3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1oovon3.22fk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1oovon3.22fk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10nah7n.cqoy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10nah7n.cqoy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-atkw6s.dagje.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-atkw6s.dagje.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-k5wq8o.htzl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-k5wq8o.htzl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-19auz6i.trq5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-19auz6i.trq5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-y1qdcz.qrstm.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-y1qdcz.qrstm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-uyrpf1.tlgs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-uyrpf1.tlgs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1vtmair.pzyw.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1vtmair.pzyw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10gvu42.1mzdf.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10gvu42.1mzdf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ilmt7t.678cp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ilmt7t.678cp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dwiui0.h31df.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dwiui0.h31df.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-uew6yj.me4dj.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-uew6yj.me4dj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1gvd77m.l62i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1gvd77m.l62i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1n3iq6o.vej5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1n3iq6o.vej5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1cghymi.ocxj.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1cghymi.ocxj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1cs55m4.39zi.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1cs55m4.39zi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1qpkurr.xf9r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1qpkurr.xf9r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fv7e96.yxnc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fv7e96.yxnc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-52k8er.tzuyh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-52k8er.tzuyh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i3t61h.bga49.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i3t61h.bga49.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1u8es1o.e2vai.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1u8es1o.e2vai.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1l9c0jo.bk0r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1l9c0jo.bk0r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-bia10.m3ih8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-bia10.m3ih8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1839l7o.83y4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1839l7o.83y4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14m3frc.hvg9.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14m3frc.hvg9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1447fac.7ld5.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1447fac.7ld5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-sgvg09.mr3pb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-sgvg09.mr3pb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1sd56as.xdfd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1sd56as.xdfd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-shvvtc.onqr9.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-shvvtc.onqr9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1jlq6j7.cc2e.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1jlq6j7.cc2e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4a7sck.9ovy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4a7sck.9ovy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1isckcl.rwg1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1isckcl.rwg1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-15ivav4.9u38.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-15ivav4.9u38.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-yax1zr.wfbr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-yax1zr.wfbr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3xfn41.d7q2l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3xfn41.d7q2l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-paes7y.cv0t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-paes7y.cv0t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1d1dxho.dqt6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1d1dxho.dqt6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-49f0zu.j0xge.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-49f0zu.j0xge.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5ucdhy.tqi8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5ucdhy.tqi8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-b5ldgl.rejpa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-b5ldgl.rejpa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7f3hhs.28fxl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7f3hhs.28fxl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hgpm1x.g2q7k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hgpm1x.g2q7k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-r3rwqg.h7wy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-r3rwqg.h7wy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1bfbsig.uja0g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1bfbsig.uja0g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1jxm8zq.kwagg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1jxm8zq.kwagg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fcdfah.fd7cn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fcdfah.fd7cn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-gns9s6.n04ii.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-gns9s6.n04ii.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-193kw9g.lx9n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-193kw9g.lx9n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-g4tw0a.az2j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-g4tw0a.az2j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1obykck.px16.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1obykck.px16.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-jk5tmz.bd5n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-jk5tmz.bd5n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1qhwkjh.dpryk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1qhwkjh.dpryk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-cpij9y.3usiw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-cpij9y.3usiw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-33vj4g.i1fch.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-33vj4g.i1fch.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1g9g8qe.ah6s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1g9g8qe.ah6s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rn6zz9.2cp5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rn6zz9.2cp5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-em6sbg.6eqha.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-em6sbg.6eqha.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4s3zb6.x6y7i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4s3zb6.x6y7i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-df8pws.x9nyo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-df8pws.x9nyo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3xzj33.uob5e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3xzj33.uob5e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ni32z5.aht6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ni32z5.aht6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-g2c1qc.a2jaq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-g2c1qc.a2jaq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1lmrmf5.9w0of.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1lmrmf5.9w0of.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-zyzn0.ko8sol.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-zyzn0.ko8sol.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hv7tax.l883i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hv7tax.l883i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1adqabu.nqep.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1adqabu.nqep.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4dkqfm.39vri.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4dkqfm.39vri.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1lxvf1t.hdycl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1lxvf1t.hdycl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-nzj9qr.t6or.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-nzj9qr.t6or.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1lw8ywd.2ep3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1lw8ywd.2ep3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18qpx74.7jce.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-18qpx74.7jce.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-blwq0h.hswgu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-blwq0h.hswgu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ki63d3.ejwc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ki63d3.ejwc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ph0i1.nn0f5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ph0i1.nn0f5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-dpveuy.wmfs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-dpveuy.wmfs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1q5unxr.qx8n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1q5unxr.qx8n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rs94dm.7j3y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rs94dm.7j3y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1iu6bgh.kax4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1iu6bgh.kax4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-17aqf7d.lps3k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-17aqf7d.lps3k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-6ylchu.g1s1d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-6ylchu.g1s1d.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1c8jln6.iwjzl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1c8jln6.iwjzl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-r9vaum.11mbs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-r9vaum.11mbs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1nnmc6q.5ukl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1nnmc6q.5ukl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1uiik6u.x2v2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1uiik6u.x2v2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1t9wpew.xvk3h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1t9wpew.xvk3h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xj6rp.4arvu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xj6rp.4arvu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-13uo4w5.6fu3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-13uo4w5.6fu3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-okn1yc.k04xg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-okn1yc.k04xg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1k0pk2l.g1cn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1k0pk2l.g1cn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7eatm6.gjomq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7eatm6.gjomq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-pn3yn3.acj3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-pn3yn3.acj3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-82bfso.n35ax.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-82bfso.n35ax.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rg68f.97z19.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rg68f.97z19.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1l9t0ob.9zabl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1l9t0ob.9zabl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-2v1jet.rxegu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-2v1jet.rxegu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ur2yqe.uf22a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ur2yqe.uf22a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ckb89g.lwhkk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ckb89g.lwhkk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-19ql0i7.jf8z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-19ql0i7.jf8z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1v0c9r.ahc7k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1v0c9r.ahc7k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-34kj0z.ba7oz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-34kj0z.ba7oz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ob1odx.tu4bo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ob1odx.tu4bo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1760ya7.ljtwg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1760ya7.ljtwg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1g1kc1c.6woy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1g1kc1c.6woy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7f3qly.hqk0l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7f3qly.hqk0l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1mrcgdi.u061.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1mrcgdi.u061.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-601bqy.pnnjq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-601bqy.pnnjq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10t91ty.ku2s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10t91ty.ku2s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-vlpqki.twwhc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-vlpqki.twwhc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hc17jf.wc76k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hc17jf.wc76k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1b92jw8.5bsi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1b92jw8.5bsi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-qq3311.amo1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-qq3311.amo1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1cpaci4.7m33.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1cpaci4.7m33.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-15c8pfb.bohng.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-15c8pfb.bohng.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-lo2963.r9gc8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-lo2963.r9gc8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1yxicsr.jnmc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1yxicsr.jnmc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i1vd9e.et7im.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i1vd9e.et7im.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hb5xby.4402.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hb5xby.4402.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1euj0q5.vbi8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1euj0q5.vbi8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14wcert.1wou.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14wcert.1wou.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-wxru7a.5bbbn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-wxru7a.5bbbn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rq6cqp.zdlj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rq6cqp.zdlj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1bza8hs.xhhg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1bza8hs.xhhg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-pwo2eh.8hx3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-pwo2eh.8hx3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-9t5spy.tdpqw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-9t5spy.tdpqw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ermpav.h8beq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ermpav.h8beq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dcf1hs.f2g6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dcf1hs.f2g6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xlm7lp.fehb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xlm7lp.fehb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14tdfox.652t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14tdfox.652t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-9g7ee0.lsex.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-9g7ee0.lsex.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3bxncr.5vmok.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3bxncr.5vmok.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fg9df8.hlybh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-fg9df8.hlybh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-yd89s1.ur13.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-yd89s1.ur13.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-12gfoge.wysw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-12gfoge.wysw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3bi586.elvvw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-3bi586.elvvw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1uqup5w.reei.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1uqup5w.reei.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1283aau.gq25.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1283aau.gq25.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hinwjx.v5ti7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hinwjx.v5ti7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-tknqux.xfbhc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-tknqux.xfbhc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-11lfvs6.kuue.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-11lfvs6.kuue.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-12w5jno.jg1t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-12w5jno.jg1t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-tpv0sh.kbat.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-tpv0sh.kbat.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-nuumw6.le8vi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-nuumw6.le8vi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-197n1a1.59g3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-197n1a1.59g3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1at5b5s.hdtn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1at5b5s.hdtn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8drqy1.vqhl7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8drqy1.vqhl7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-t2n35p.kxjco.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-t2n35p.kxjco.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8ue1ub.9fqv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8ue1ub.9fqv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-13zla6n.2fj5k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-13zla6n.2fj5k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-gkdsh5.wos5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-gkdsh5.wos5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dek3sk.ai2s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dek3sk.ai2s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ii52tz.2u1sd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ii52tz.2u1sd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14vhcy0.v7ix.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-14vhcy0.v7ix.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-xhc9na.vfpk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-xhc9na.vfpk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hx2ccg.xplus.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hx2ccg.xplus.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-103i4c5.azwz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-103i4c5.azwz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4qmnqo.fi5v3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-4qmnqo.fi5v3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1yz2q1h.s9db.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1yz2q1h.s9db.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-f42a42.bjg0v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-f42a42.bjg0v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-x3j2bi.x21yr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-x3j2bi.x21yr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-152c4h7.hh38.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-152c4h7.hh38.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1bhyahd.yb04.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1bhyahd.yb04.jpg"

C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe

"C:\Users\Admin\AppData\Local\Temp\EpsilonFruit.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\EpsilonFruit" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3736 --field-trial-handle=1784,15037436157930510615,7329048885218531749,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-39r78q.yb4jt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-39r78q.yb4jt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1d7zhgk.8vzo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1d7zhgk.8vzo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1k5bmci.wlp9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1k5bmci.wlp9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-x77ggq.8c37g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-x77ggq.8c37g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-oh8nv0.itz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-oh8nv0.itz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1g7rgvc.d4u3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1g7rgvc.d4u3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hvg8qx.s4hc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hvg8qx.s4hc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1tnro6a.zg06.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1tnro6a.zg06.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-13nr58l.9gzg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-13nr58l.9gzg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-jf7i34.euj9c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-jf7i34.euj9c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-jvzh96.hd2xp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-jvzh96.hd2xp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1st15nc.iv2q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1st15nc.iv2q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-sopymr.qs12.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-sopymr.qs12.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-wiysc8.kcr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-wiysc8.kcr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-d7eovw.ibzn5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-d7eovw.ibzn5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8kyjd5.ll6pn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-8kyjd5.ll6pn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1vwgk24.m50n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1vwgk24.m50n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ps2wdm.zhfh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ps2wdm.zhfh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-awq7tn.ic4rc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-awq7tn.ic4rc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-33ys4m.leqo8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-33ys4m.leqo8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1wafg6t.yfjg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1wafg6t.yfjg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1f85v2k.euzbl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1f85v2k.euzbl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-l9rapx.besbo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-l9rapx.besbo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-11l0hrb.inl5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-11l0hrb.inl5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1mew9ir.po3vl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1mew9ir.po3vl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hkqg9i.c19q4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hkqg9i.c19q4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-97ln6i.ugbxr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-97ln6i.ugbxr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10d875n.xyq2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-10d875n.xyq2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ibnj5t.c278a.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ibnj5t.c278a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-107r2x4.8fpe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-107r2x4.8fpe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1s07sy5.9e21.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1s07sy5.9e21.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1q1fywo.ejk0i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1q1fywo.ejk0i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-gh4du.4m11w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-gh4du.4m11w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1i10f96.1pxw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1i10f96.1pxw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ibr11f.535nq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ibr11f.535nq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-v7v6jl.fgz5d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-v7v6jl.fgz5d.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dlxz41.j5bi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1dlxz41.j5bi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ebr5rj.bp0nf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1ebr5rj.bp0nf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-114wlxh.zf01.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-114wlxh.zf01.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7gy2qd.pkt7l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-7gy2qd.pkt7l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5ptqmw.99svx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5ptqmw.99svx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-30eqkq.cuzye.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-30eqkq.cuzye.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1wet9le.m0ws.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1wet9le.m0ws.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5qz2z6.utyg2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-5qz2z6.utyg2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-frito6.t146.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-frito6.t146.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hvnbh5.24l8r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hvnbh5.24l8r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-xwoe86.39o2e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-xwoe86.39o2e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xoyjk3.xd3e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1xoyjk3.xd3e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-dcgrj7.085r5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-dcgrj7.085r5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ibg8pf.dv2eb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-ibg8pf.dv2eb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hgbd0a.yvhwt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-hgbd0a.yvhwt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i0jfqx.4c1rb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-i0jfqx.4c1rb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hvhv95.9coe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1hvhv95.9coe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rsy027.e381.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024319-1736-1rsy027.e381.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 119.176.67.172.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 52.165.164.15:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 8.8.8.8:53 udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\98d423c9-5970-4ce1-99ef-99915689fb14.tmp.node

MD5 1f86d23226fffe71b8784029d8c5125b
SHA1 9cc9bc5a5ca25a682746480dff1677d0ff5ec16c
SHA256 265d11dea86267a478907b398b8b33aad69f0944784386c1795cc32b8c931ffd
SHA512 4f1aaee14c9cb0a76853a15030b525ee082a226ac67e9c90a96bbdbbb9229f6fe48192d63686f72c55e094de45c2a032bdd241fcacc190b71ffdc0fde80824ae

C:\Users\Admin\AppData\Local\Temp\47e06f23-b8a6-4a1b-a307-36dae41f3ce4.tmp.node

MD5 b0e113443ddc1ee234acbf0eb0e6f8a0
SHA1 84cc562b82570ec05df6dbbfc8f29fbb16ec68c7
SHA256 8d6f5cab1d6a99ac49772080c6f383f33a9bb983e0f8d02d0f3de4b2bdd26215
SHA512 306e89ec66fdf8b0de19d5bcda01f69809d83f464a9c21fda4b470e81ad3b722aa6cb6086fb4c2af59504fe4332c1f9efff27168598cc00be0f28fed45dde8ee

memory/4640-11-0x00007FF8351E0000-0x00007FF8351E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\3b0fc2ff-5c60-47d8-8848-90a21333dce1.tmp.node

MD5 08b28072c6d59fdf06a808182efed01f
SHA1 35253af00af3308a64cff1eda104fd7227abb2f4
SHA256 7c999c84852b1f46a48f75b130fea445280d7032a56359dffecf36730366abc5
SHA512 f2592ade5053b674dbe4191c7001748a801dca3b19e97e19b440a3e944011c87926b0ef21c87e98b48e038889a32e01c1d74949124be3144834e2f06d9781198

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCE385B958DA0744D584E638E835C3148E.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES5AE1.tmp

MD5 ddea14bb91bfebb02147fffe58522596
SHA1 736a21e6f1c635b5012049747a82eb0ae47babfd
SHA256 68c1ac4c751f3c70cd9724d7939d39b533ebc5bf15f8f5eccfa04cfb29cdacd9
SHA512 e1955ef43f79929e34ede9ffc5c66844d2c218a0af496b62b8942c80c66a5806cd7d0f493a55d6080884cf2f6b72360d25ef87a2d7ee05350ba44108d30f8a93

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 102dc4bdff28ab089a2cb3e31bbe6e26
SHA1 62d7147a73d18c934988d3f43309060518eb8c0f
SHA256 6dc4e9ece9159964fb027969c7a82add13a1fa27874fef16621bd7352dd5e1a8
SHA512 06d9acac94ac0b86383f687f3b40646e0c4a3a7ef1ceb7dd3e73f635199780d69d378264c53f59fcabdd8c61bef2158281cb5031b0625f6e54f8e0d0c47cfac6

memory/3768-135-0x0000000000C50000-0x0000000000C5A000-memory.dmp

memory/3428-136-0x0000000000B30000-0x0000000000B3A000-memory.dmp

memory/3428-137-0x00000000053A0000-0x0000000005432000-memory.dmp

memory/3428-138-0x0000000005440000-0x00000000054DC000-memory.dmp

memory/3768-139-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3428-143-0x0000000074520000-0x0000000074CD0000-memory.dmp

memory/3428-145-0x0000000005A00000-0x0000000005A10000-memory.dmp

memory/3428-147-0x0000000074520000-0x0000000074CD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2024319-1736-18op2qn.22y2.jpg

MD5 ad34f77143c8220a8309bea7b045af06
SHA1 0b2709d717c96942a7a32af1b4f3d9183f35faf4
SHA256 34de6d3d989236401fe8daee5cafc22c9d7d78ddd45d182b9e885221d1b9157c
SHA512 e5e87d63d5ae540ddfe0fbca835dffd1f0d3ddeb7d290453209cbcdb3290f50a3c1c8893246ce25ea1fca3063b84d399ebcc26a6643f3e491dd238340905f36b

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

MD5 f3ac7a0e31b9af1b495241eff29915ad
SHA1 286fe23eba741cd3fca3f3e9a919021946655392
SHA256 f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a
SHA512 b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

memory/3844-158-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3200-164-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2828-173-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3508-179-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3508-182-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2680-186-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3892-196-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3768-198-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/456-203-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1756-205-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4272-211-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1396-219-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3844-223-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2012-226-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3200-232-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2828-237-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4640-240-0x000001CAAA260000-0x000001CAAA2CB000-memory.dmp

memory/2828-238-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3196-243-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3848-251-0x000001810E1E0000-0x000001810E24B000-memory.dmp

memory/2520-252-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2680-258-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4800-263-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3892-265-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3176-270-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3660-277-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/456-272-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1756-279-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4848-284-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4272-286-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4476-291-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2320-296-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1396-293-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2028-305-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2012-300-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3656-310-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2828-309-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3196-316-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3184-317-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2520-323-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3092-324-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3092-327-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3872-332-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4800-331-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3872-335-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3176-339-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1532-340-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1532-343-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/3660-345-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2508-348-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4848-350-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1292-354-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4476-356-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2196-359-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2320-361-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/4916-362-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/2028-366-0x00007FF814780000-0x00007FF815241000-memory.dmp

memory/1292-351-0x00007FF814780000-0x00007FF815241000-memory.dmp

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State

MD5 3a60f26b8551c861aa481094f8d24382
SHA1 66d09af04605456e71eb5207fa9d2d6eee09b3c1
SHA256 bf87674b3c6ec10ec2fa018455c17c6c4a4916dfa64cee4800828f15a094ce21
SHA512 2a1a0dec2b439bb53b4a64859b2a2cb7a82c8600ecd8e30c5109e0449f9a9a2681e15ec0ccfb01e8970aeed495711c0b701308785eff3782b2a08c0594397077

C:\Users\Admin\AppData\Roaming\EpsilonFruit\Network\Network Persistent State~RFe58749e.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/3164-1344-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1343-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1345-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1355-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1354-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1353-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1352-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1351-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1350-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

memory/3164-1349-0x00000121E1C30000-0x00000121E1C31000-memory.dmp

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win10v2004-20240412-en

Max time kernel

145s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:14

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

175s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3528 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.187.202:443 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:15

Platform

win7-20240221-en

Max time kernel

128s

Max time network

149s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:13

Platform

win7-20240221-en

Max time kernel

119s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-19 01:08

Reported

2024-04-19 01:14

Platform

win7-20240221-en

Max time kernel

122s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

N/A

Files

N/A