| Name | 1f194878aa557011_releaseform[1] |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\releaseform[1] |
| Size | 184.5KB |
| Processes | 2368 (mshta.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | db1ae063d1be2bcb6af8f4afb145cdc4 |
| SHA1 | d01a16ab0c24b9597154cd8c8a7686b00b0cc8e6 |
| SHA256 | 1f194878aa557011e83bd5c1c6fab11956322688a35ef0fbd0bb876fa667c5f5 |
| CRC32 | 8AAE97F6 |
| ssdeep | 768:S0WfYij5T3By/zDO580WfYij5T3By/zDO5aA9zJ0WfYij5T3By/zDO5+P0WfYijx:S0AC/O580AC/O5aMzJ0AC/O5K0AC/O5 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 57ea78b45ddd6624_config.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\config.txt |
| Size | 714.0B |
| Processes | 284 (powershell.exe) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | f8fe7a5d83d02eff92b01481be2b4c12 |
| SHA1 | cd4dae414016ec38b1d04353535cbfb26767212e |
| SHA256 | 57ea78b45ddd6624327818c76dc1c1cd3fa71ab8952eb710732899e5d5bb8fa3 |
| CRC32 | 77930822 |
| ssdeep | 12:Msx/dMw4Lc82p4M72TjsT7NqMSNEOhuc5Pl1F7AZohkhPEXsElG3oRo:LxtvjyTj0NOEouc5Pl3QoH8ElG3om |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a9b1dc8eaa5fcd00_d93f411851d7c929.customDestinations-ms~RFef4599.TMP |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFef4599.TMP |
| Size | 7.8KB |
| Processes | 2160 (powershell.exe) 284 (powershell.exe) |
| Type | data |
| MD5 | c1d8708bab1e838a2deda26d58bb8d42 |
| SHA1 | 95d39e75a804752961c139bb6c0b67f84f685035 |
| SHA256 | a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2 |
| CRC32 | E71AF2A2 |
| ssdeep | 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo |
| Yara |
|
| VirusTotal | Search for analysis |