| Name | f4d28cf0f12006f9_590aee7bdd69b59b.customdestinations-ms |
|---|---|
| Filepath | c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms |
| Size | 7.8KB |
| Processes | 2704 (powershell.exe) |
| Type | data |
| MD5 | b770148dd160455bac8fe186a882733d |
| SHA1 | f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a |
| SHA256 | f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e |
| CRC32 | 94B533F7 |
| ssdeep | 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 85748fe72d152db0_83octjq1.cmdline |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\83octjq1.cmdline |
| Size | 311.0B |
| Processes | 2704 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators |
| MD5 | 97f74e6cec27d340e29b40a9e59c60f1 |
| SHA1 | 70cf030511b8683085b360bb94871b4c28483b7c |
| SHA256 | 85748fe72d152db0ded0283145e7883e9b077f0efab27d355a19f97fa268a34b |
| CRC32 | 984CCE2E |
| ssdeep | 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fwYmGsSAE2NmQpcLJ23fwr9:p37LvXOLMYYnPAE2xOLMYr9 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c5c7012656bfebd5_get-dnsprovider.ps1 |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\get-dnsprovider.PS1 |
| Size | 2.5MB |
| Processes | 1868 (i8u7hjdc.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 9fca6b1768eba2c5d42f189123152e32 |
| SHA1 | 560ec3249af6e8d82e994554475b870d32145352 |
| SHA256 | c5c7012656bfebd5ba7d4ae8459bd2fcc57ac661e413e2b1da339b9fba86de1f |
| CRC32 | 79C4FAD6 |
| ssdeep | 49152:bgb+Vu+pMbakNRNX1mF/AL5j1jUFiobeAJz:Z |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e1a4fbe36125e02e_83octjq1.0.cs |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\83octjq1.0.cs |
| Size | 424.0B |
| Processes | 2704 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text |
| MD5 | 9f8ab7eb0ab21443a2fe06dab341510e |
| SHA1 | 2b88b3116a79e48bab7114e18c9b9674e8a52165 |
| SHA256 | e1a4fbe36125e02e100e729ce92ab74869423da87cb46da6e3c50d7c4410b2d9 |
| CRC32 | 5C42D29C |
| ssdeep | 6:V/DsYLDS86paevuMjFs2SRadPc8hAfWhMjFs2SRFo1cLDMeWhMjFs2SRcBuhmwOV:V/DTLDCaF+Pjh+kLWhcB4mwoFcekG |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | dc0a66472f152bec_83octjq1.out |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\83octjq1.out |
| Size | 411.0B |
| Processes | 2704 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 9c78238d1f30af9e26ef3edc334dd6bc |
| SHA1 | 710164ea69a6b1a0f43937920b4be7a16fda8eb0 |
| SHA256 | dc0a66472f152bec6feaea656bd929508f6639f832c7b44622b6dbc4f73ddf17 |
| CRC32 | CFA68F74 |
| ssdeep | 6:KOmQpcLJ23fcMLAwmPwRhMuAu+H2LvFJDdq++bDdqBnmQpcLJ23fwYmGsSAE2Nm4:K4OLM9NzR37LvXOLMYYnPAE2xOLMYrY |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | abb6ceb444b3dc29_ready.ps1 |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ready.ps1 |
| Size | 2.0KB |
| Processes | 1868 (i8u7hjdc.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 28d9755addec05c0b24cca50dfe3a92b |
| SHA1 | 7d3156f11c7a7fb60d29809caf93101de2681aa3 |
| SHA256 | abb6ceb444b3dc29fcdcb8bda4935a6a792b85bb7049cb2710d97415d9411af9 |
| CRC32 | A120AA93 |
| ssdeep | 48:PmilK+QyruG64du5pH90ooFLKw+1Itx41P3f:XM+QybzG30HFLKVmtx+Pv |
| Yara | None matched |
| VirusTotal | Search for analysis |