| Name | f4d28cf0f12006f9_590aee7bdd69b59b.customdestinations-ms |
|---|---|
| Filepath | c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms |
| Size | 7.8KB |
| Processes | 1436 (powershell.exe) |
| Type | data |
| MD5 | b770148dd160455bac8fe186a882733d |
| SHA1 | f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a |
| SHA256 | f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e |
| CRC32 | 94B533F7 |
| ssdeep | 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 04d0c747dcbabeb2_get-content.ps1 |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\get-content.ps1 |
| Size | 2.5MB |
| Processes | 204 (al.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | a3e36b46cf210ca56ddcd2cb44317824 |
| SHA1 | bac35bd0cd461abed4d8ea796df9697a2bce0903 |
| SHA256 | 04d0c747dcbabeb278e21fb3cfbf6e20acb61b037fdf3770c3c89704263349ef |
| CRC32 | 899EDC9D |
| ssdeep | 24576:BjaXC2GC0hgziQ7/532y/sZt7zqWj/4yKPOnAkIWMBUQfo3vri/7bGMvettDPJsr:BQsnixmpzJMpPywBUQA3Y6tFa64+hFg/ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | cc7097fa515dfc07_ready.ps1 |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ready.ps1 |
| Size | 6.4KB |
| Processes | 204 (al.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 065cc96fec70546c9f195f703e4d657b |
| SHA1 | 9da24636d8fd3de61f46ff7282640d3fa27d6b45 |
| SHA256 | cc7097fa515dfc07033464b5e71ba0172f440bd4043ec1c7c48c6ce4f18e3bc3 |
| CRC32 | BFBB2EE3 |
| ssdeep | 192:/Tsj6BxSLYVQj8dhpLYcj8sLLLY4eBj8kbvXTauS1qU:1 |
| Yara | None matched |
| VirusTotal | Search for analysis |