| Name | 4bfcabdadd5c7c3c_flyyunbkomvmwlwq.ps1 |
|---|---|
| Filepath | C:\Users\Public\fLyYUnbkOMvmwlWQ.ps1 |
| Size | 1006.0KB |
| Processes | 656 (powershell.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 5ef1c9c28dfc7a99c177ac448fd0e1d9 |
| SHA1 | 0e05934e3cbc8c54db85a1f613c8403711fc0444 |
| SHA256 | 4bfcabdadd5c7c3c4c25a2a1377185b782da0c5c80f0b81865b59a9747a319bb |
| CRC32 | 05565CE1 |
| ssdeep | 24576:6zmXok/nbPb953jVz+6YQBT2KzTJkdogmi6Z+yLk4KU:z |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 29863cbd4b407c4b_firefox.lnk |
|---|---|
| Filepath | C:\ProgramData\Microsoft Arts\Start\firefox.lnk |
| Size | 1.3KB |
| Processes | 656 (powershell.exe) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Jun 18 03:18:27 2021, mtime=Fri Jun 18 03:19:02 2021, atime=Fri Jun 18 03:16:51 2021, length=288, window=hidenormalshowminimized |
| MD5 | 6c8eb4f175b764529fe01fbecf21955e |
| SHA1 | 889de317121df85a6ba85075a1cbd9c0ae407beb |
| SHA256 | 29863cbd4b407c4ba808476582306257892faca5ad967c185ffd64199bce0931 |
| CRC32 | D9B3571E |
| ssdeep | 24:8+Q1Ofi00l8Iw3G8hJ2ZeEv3fNuNCzfJ2JC3It0RRMe+p2sYRzmI:8TO600wWOJ2ZbC6xuC3IqLsYN1 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5465a01507e5781a_microsoft.bat |
|---|---|
| Filepath | C:\Users\Public\Microsoft.bat |
| Size | 288.0B |
| Processes | 656 (powershell.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | abadcf58a4141d403b3dd39658a2fd5d |
| SHA1 | 54a943bf33a5e9000c91478067fd07c4334001c2 |
| SHA256 | 5465a01507e5781ae07dec562bef6d667a5c0c0d9ff5c597d0fbb455ed5e4b62 |
| CRC32 | F928ED4C |
| ssdeep | 6:Zk23GEPNvH2PSuAPuedjHQIYsIKIEIA5HGIc0JKgx3CutTFzsIOGHGIBQYtFVUv:ZkQG8fuQPue5Q5s4xA5DcKKU5ttsvGDQ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f825dd89181e7435_d93f411851d7c929.customDestinations-ms~RF2ed02f2.TMP |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF2ed02f2.TMP |
| Size | 7.8KB |
| Processes | 656 (powershell.exe) 7940 (powershell.exe) |
| Type | data |
| MD5 | 61d3b003e73f968491bb9de05318fcbd |
| SHA1 | abb40732bf72a072c5b176449fdb8f1c56383e03 |
| SHA256 | f825dd89181e743525684aff8d99cc6d78046e461147c33b6f7a182b98c58ea9 |
| CRC32 | 76116DE9 |
| ssdeep | 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCworc7HwxGlUVul:wt7XoNt7bHnorXxY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4c58bf31bc921227_d93f411851d7c929.customdestinations-ms |
|---|---|
| Filepath | c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms |
| Size | 7.8KB |
| Processes | 7940 (powershell.exe) |
| Type | data |
| MD5 | 44ac4b1a8c56bf8ed4aec15a764a7524 |
| SHA1 | 8409ee2c31d4874e79530aeca75f45dfb5fe954c |
| SHA256 | 4c58bf31bc921227eb1e5c785bc2c6141cfbbdb162e4f41df14f3a43f8bd680f |
| CRC32 | 9266082C |
| ssdeep | 96:0ftuCiGCPDXBqvsqvJCwoBftuCiGCPDXBqvsEHyqvJCworc7HwxGlUVul:0ft7XoBft7bHnorXxY |
| Yara |
|
| VirusTotal | Search for analysis |