| Name | d3256d7293ffc2d2_afgz_pv1.out |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\afgz_pv1.out |
| Size | 607.0B |
| Processes | 2540 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 02d76612d214b13980d00ae75f10c606 |
| SHA1 | cc487ce67a8030c71a9783e587bbb43a37fbe87c |
| SHA256 | d3256d7293ffc2d231905e73e3b50088d750bbad305387ede1df39d1c4eeddcf |
| CRC32 | DAA7121D |
| ssdeep | 12:K4OLM9nzR37LvXOLMvenPAE2xOLMF4Kai31bIKIMBj6I5BFR5y:K+9nzd3BvenIE2nF4Kai31bIKIMl6I5G |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 95663fc25b248304_9mrxduhn.0.cs |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\9mrxduhn.0.cs |
| Size | 210.0B |
| Processes | 2540 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 0ad933604125ec9937c6f4daf872e6a6 |
| SHA1 | 6d24004a768b9f664cda12297aeb537d1a197808 |
| SHA256 | 95663fc25b2483044b92264f3ead29ff7e1434938e7660a84aa9956f941adc54 |
| CRC32 | BE4692A0 |
| ssdeep | 6:V/DsDrSWVPeM/s62SRw6AKowvlLOlFzRXAL:V/DGr5DDtokOlF1AL |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2db764b8b9282d2d_afgz_pv1.cmdline |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\afgz_pv1.cmdline |
| Size | 311.0B |
| Processes | 2540 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators |
| MD5 | 95b69a4d6fbbc430f5fce6faa40f454f |
| SHA1 | 067d8f349164af4f8617b2288abaadf36350d409 |
| SHA256 | 2db764b8b9282d2dce2a8f4d34818b0905dc2ee6b732c85d0bab35c19b860bb9 |
| CRC32 | 0E89FA41 |
| ssdeep | 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fHemGsSAE2NmQpcLJ23fd9:p37LvXOLMvenPAE2xOLMF9 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 33cb56c647356444_CSCF4A1.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\CSCF4A1.tmp |
| Size | 652.0B |
| Processes | 2712 (csc.exe) |
| Type | MSVC .res |
| MD5 | 5a6008afa291716a812255c77c14820a |
| SHA1 | 2c8d3db008ba39643e26c9a2fcb55d5c2d5f5c3d |
| SHA256 | 33cb56c6473564446de31986b5cd64e28318f5d73b3c3e77260dbfc5f95536cc |
| CRC32 | E69AD827 |
| ssdeep | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryhak7YnqqVPN5Dlq5J:+RI+ycuZhNjakSVPNnqX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fa2310b9a9d0edfe_9mrxduhn.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\9mrxduhn.dll |
| Size | 3.5KB |
| Processes | 2712 (csc.exe) 2540 (powershell.exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 09081a436df71b8fee6d5a33bfd17cd9 |
| SHA1 | 1def28c377843bb21b719df49e9c0dc3d030ed39 |
| SHA256 | fa2310b9a9d0edfe7f514a200881f0f8d2cd62a11b5d2ed75997c94a10e06766 |
| CRC32 | DCA81184 |
| ssdeep | 24:etGSQst+mWEPSRa873EJEt1bdPtkZfcg+wexEa13mI+ycuZhNjakSVPNnq:6kkEam0JEhuJzpeP81ulja3Pq |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 77d2dadaa46d5a7d_9mrxduhn.out |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\9mrxduhn.out |
| Size | 607.0B |
| Processes | 2540 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | de8ab5c5b1d3f951fcdc8bacb03b3bd6 |
| SHA1 | 2b09ffd9146c19023a89d3ca561ecbb6811770e5 |
| SHA256 | 77d2dadaa46d5a7d91d847715aad6a1aaabe1359a2fce25a0dcd9f059ff4e1cc |
| CRC32 | 2FFE8A68 |
| ssdeep | 12:K4OLM9nzR37LvXOLM1FnPAE2xOLM1+UKai31bIKIMBj6I5BFR5y:K+9nzd3B1FnIE2n1+UKai31bIKIMl6IU |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 64c336126136bec7_afgz_pv1.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\afgz_pv1.dll |
| Size | 3.5KB |
| Processes | 2804 (csc.exe) 2540 (powershell.exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 85c96f29e30a283f142207426aa4bd37 |
| SHA1 | 6c81b21917273670fef607d80b5346505fe2681b |
| SHA256 | 64c336126136bec765b7a1a113db93f6de8448574dfa3a1143a4ca3e3b6b32e1 |
| CRC32 | 7D969215 |
| ssdeep | 24:etGSvstusmuP/potmlUuo1LbdPtkZfGBjXxG+mI+ycuZhNt8TakS088PNnq:6wtimyPuJGjGV1ul+a36q |
| Yara |
|
| VirusTotal | Search for analysis |
| Name |
e3b0c44298fc1c14_9mrxduhn.err
Empty file or file not found
|
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\9mrxduhn.err |
| Size | 0.0B |
| Type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| ssdeep | 3:: |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cceab02630d3733f_afgz_pv1.0.cs |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\afgz_pv1.0.cs |
| Size | 331.0B |
| Processes | 2540 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 885120f66ed400cb844051f3b2509cb7 |
| SHA1 | 1035be96b6ba5e7ed6b5250d097ce2356ef67eae |
| SHA256 | cceab02630d3733fc07e880a371093e9e795095817d72283d2197630a44dcc5e |
| CRC32 | D7407B75 |
| ssdeep | 6:V/DsDrS5j92SRcBuhmwORXWw9OLtl5AkGK02SRLsWKn9QOT6QqD:V/DGrWPcB4mwoFcekCLe9QMA |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms |
|---|---|
| Filepath | c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms |
| Size | 7.8KB |
| Processes | 2540 (powershell.exe) |
| Type | data |
| MD5 | 81ca4510272caf505e8091e9a28cb716 |
| SHA1 | 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e |
| SHA256 | b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf |
| CRC32 | FC31E90F |
| ssdeep | 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 116fcab9810a0e86_afgz_pv1.pdb |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\afgz_pv1.pdb |
| Size | 7.5KB |
| Processes | 2804 (csc.exe) 2540 (powershell.exe) |
| Type | MSVC program database ver 7.00, 512*15 bytes |
| MD5 | eb1f8a273c787832755237e9a47550bf |
| SHA1 | 3073d84c45bb54f18f3db4bd9ae5187e1de0425e |
| SHA256 | 116fcab9810a0e864f5e05c7beb14136db04267d1982806609b0b28988385678 |
| CRC32 | D72FAE34 |
| ssdeep | 6:zz/BamfXllNS/PDB0J8e1mllxrS/77715KZYXxGQu+e0KpYXeDB0J8moGggksl/b:zz/H1W/rBISXS/pw2q7BgRD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7ea1c044b26b6a3c_9mrxduhn.pdb |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\9mrxduhn.pdb |
| Size | 7.5KB |
| Processes | 2712 (csc.exe) 2540 (powershell.exe) |
| Type | MSVC program database ver 7.00, 512*15 bytes |
| MD5 | 5f8ecc6ab0790416605192bbccedeedf |
| SHA1 | d8ad63e223f761b5ec2d8e02882a39a407b9a524 |
| SHA256 | 7ea1c044b26b6a3c138e00fab059257c12cf6db68e5e4387a3bd5aa5a53feeaa |
| CRC32 | E4C91F9F |
| ssdeep | 6:zz/BamfXllNS/2sZ1mllxrS/77715KZYXxGQu+e0KpYXDsbtfoGggksl/cEDf:zz/H1W/2sLSXS/pw2qGspfRD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 51549d539adb2613_RESF993.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RESF993.tmp |
| Size | 1.2KB |
| Processes | 2848 (cvtres.exe) 2804 (csc.exe) |
| Type | Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols |
| MD5 | 5a9a499d542bd85067feadf51db698b7 |
| SHA1 | ff862640cddcec1fc8160effd5a3502f552b2a35 |
| SHA256 | 51549d539adb261389f3c87564b75f4d46cba9458184253ed4cf427693e2c9e1 |
| CRC32 | D36C4A45 |
| ssdeep | 24:HSJ9YernKO8HqmHYUnhKLI+ycuZhNt8TakS088PNnqjtd:nernkqmznhKL1ul+a36qjH |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e59df853f7d7b5c8_9mrxduhn.cmdline |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\9mrxduhn.cmdline |
| Size | 311.0B |
| Processes | 2540 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators |
| MD5 | e4b3ad0304834132501ee473913645cf |
| SHA1 | 95212b8260d7bd9de05cad063a31c02c07bef3e4 |
| SHA256 | e59df853f7d7b5c8e8fac856db1cfe72f1b9d16d7021f9837e5b86d790f1929b |
| CRC32 | 4964A1FD |
| ssdeep | 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fdFmGsSAE2NmQpcLJ23fd+x:p37LvXOLM1FnPAE2xOLM1+x |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c7194d3cc4178767_OutofProcReport16866772.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\OutofProcReport16866772.txt |
| Size | 1.9KB |
| Processes | 2540 (powershell.exe) 2896 (wermgr.exe) |
| Type | data |
| MD5 | 8cfa48fbcdd0b11f8b1d5a7c1d7cb202 |
| SHA1 | 27bed2cd17815a73e89cf69407c010a4e6785650 |
| SHA256 | c7194d3cc4178767353b21751312da8e5232e1ad76aefd309a3e7346317460c7 |
| CRC32 | 3D8073E3 |
| ssdeep | 48:zhxOQfs+RH+Uj+gNS0e+No/+4/w8K+hK6ZpS+V6Zuk+VPW+gBEz++yrz:7B03Uj5U0ex/QQKhRr6+5cUH |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 012a4a232392ff79_RESF4A2.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RESF4A2.tmp |
| Size | 1.2KB |
| Processes | 2756 (cvtres.exe) 2712 (csc.exe) |
| Type | Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols |
| MD5 | 29bc2ed35ab042b85b34686943739efe |
| SHA1 | c86718a9da288d3838f6e13635d51c90c6a56b7f |
| SHA256 | 012a4a232392ff79d933323ea1e9f50bed566bafa3d14e367c9dad571efe2ac9 |
| CRC32 | 94D5656C |
| ssdeep | 24:HBJ9Yernl6imHOtUnhKLI+ycuZhNjakSVPNnqjtd:Wernjmu6nhKL1ulja3PqjH |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 362dd83fd0e1512e_CSCF983.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\CSCF983.tmp |
| Size | 652.0B |
| Processes | 2804 (csc.exe) |
| Type | MSVC .res |
| MD5 | 1d2ce479041ab36a2227499469b3a5b4 |
| SHA1 | dd39c0936bea8c08af2f3e13e844c4b05e84bbbd |
| SHA256 | 362dd83fd0e1512e94810aa833fdd7bbf9049d3821c952d45f529b4c809430c5 |
| CRC32 | E5E192FD |
| ssdeep | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryn8Tak7Ynqq088PN5Dlq5J:+RI+ycuZhNt8TakS088PNnqX |
| Yara | None matched |
| VirusTotal | Search for analysis |