| Name | 04aded4081f283d2_d93f411851d7c929.customDestinations-ms~RF2d113b.TMP |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF2d113b.TMP |
| Size | 7.8KB |
| Processes | 2236 (powershell.exe) 1812 (powershell.exe) |
| Type | data |
| MD5 | 5ce5527e81e9198ba80c94de3c02e834 |
| SHA1 | f009f3a740ef11f1794ecc6b8303ce91c23efb23 |
| SHA256 | 04aded4081f283d24569abe5cbfd10a5b6351ba0a46aa68772a96cb7884ed8a7 |
| CRC32 | 4ECE35E3 |
| ssdeep | 96:1tuCojGCPDXBqvsqvJCwoUtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:1tu6XoUtu6bHnorXxY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1ac6a05f2fe3b95d_programs.bat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat |
| Size | 141.0B |
| Processes | 112 (Project Korvus.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | aafe63c0e3a10ecd523de79d0c2f2400 |
| SHA1 | b6aa19f83e8bb50461369bf51360d7ff736ccf18 |
| SHA256 | 1ac6a05f2fe3b95dd31f9bbdab33222a155f3e2311f42852d993fadd0bea3f48 |
| CRC32 | 2A9FF243 |
| ssdeep | 3:QwZ2vOUrKaM6eNGRjDmWxpcL4EaKC5SufyM1K/RFofD6tRQLRWLyLRHgn:QElPhxumQpcLJaZ5SuH1MUmt2FWLyS |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 65138897f467adf9_programs.batXstart |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start |
| Size | 59.0B |
| Processes | 112 (Project Korvus.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | 579e29cec6bde04c5c074d8311d6b884 |
| SHA1 | 2fdfd4c6b8eb43a4c6f4c0d3998e4a5364221dff |
| SHA256 | 65138897f467adf9fe20594326d724d2cd5b437d9aacf5f83721af340f70ce3c |
| CRC32 | B2EA4990 |
| ssdeep | 3:eGAjGJwbZkREfcjMGERMQhM:ZuGJwi8cwGj |
| Yara | None matched |
| VirusTotal | Search for analysis |