| Name | d6431d5645fffd05_d93f411851d7c929.customdestinations-ms |
|---|---|
| Filepath | c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms |
| Size | 7.8KB |
| Processes | 1508 (powershell.exe) |
| Type | data |
| MD5 | 260d23ce04a8f8555a73b7d2dc15e911 |
| SHA1 | ebad746fb7de847c50f7502a44f6e35534733efd |
| SHA256 | d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588 |
| CRC32 | 11D6B213 |
| ssdeep | 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | d308d2c91cfa3925_-5yxvqrz.0.cs |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\-5yxvqrz.0.cs |
| Size | 326.0B |
| Processes | 1508 (powershell.exe) |
| Type | C++ source, UTF-8 Unicode (with BOM) text |
| MD5 | c395adb422eedb33ae024d833117df7e |
| SHA1 | 867155f355a29dd4423f954234f97681582c5625 |
| SHA256 | d308d2c91cfa3925ec5200dc34b41ece26a8ce2588b98afd3050ef3a061b7f2d |
| CRC32 | BC44D852 |
| ssdeep | 6:V/DsYLDS81zu1jXTMRSRBHALR53vCS2RpJFqmzqsYEzfslUSmXhPVEcyFQy:V/DTLDfu9LtcJCrpJFqmmsiCnPScyKy |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7b87b75e4f25b489_ejaz_hje.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ejaz_hje.dll |
| Size | 3.5KB |
| Processes | 2156 (csc.exe) 1508 (powershell.exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | dd80259692a79bbe8ff46454268b4532 |
| SHA1 | 4610dd83cc5583197a5e3ed52ecbf1d79ec544f2 |
| SHA256 | 7b87b75e4f25b489d475fab49e01a9c6efcf846f47da5f74dbfb6bc93547f567 |
| CRC32 | 32AAA8D1 |
| ssdeep | 24:etGS2N6G7PvRKXYC+EIQCgK/J26bdPtkZfOJTncmI+ycuZhNWxakSJ2PNnq:6FgpKXTzIb//J3uJ0jv1ulWxa3JKq |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 58f4d4641344555c_-5yxvqrz.out |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\-5yxvqrz.out |
| Size | 607.0B |
| Processes | 1508 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 2984ada355fd1451e6e946181bc6efda |
| SHA1 | fa78caf4bc88142c683f49954acb712d00ca9825 |
| SHA256 | 58f4d4641344555c61841e26fcca23d89cc23a8939177157388d59c4ca3cf77f |
| CRC32 | 0C01CC40 |
| ssdeep | 12:K4OLM9nzR37LvXOLMhcsmnPAE2xOLMhcshUKai31bIKIMBj6I5BFR5y:K+9nzd3BKsmnIE2nKsaKai31bIKIMl6v |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name |
e3b0c44298fc1c14_ejaz_hje.err
Empty file or file not found
|
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ejaz_hje.err |
| Size | 0.0B |
| Type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| ssdeep | 3:: |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e2e0ec372639d84_-5yxvqrz.pdb |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\-5yxvqrz.pdb |
| Size | 7.5KB |
| Processes | 2244 (csc.exe) 1508 (powershell.exe) |
| Type | MSVC program database ver 7.00, 512*15 bytes |
| MD5 | 6889b70fbed0f87476274d26c86f361c |
| SHA1 | 05fd34ae6fdae0e6b5313eabf372b646d156b12a |
| SHA256 | 2e2e0ec372639d84e2cc79ea0a61a40da02e2d945271443cf73fe77dc0cbc868 |
| CRC32 | 266C572F |
| ssdeep | 6:zz/BamfXllNS/wS8SAX31mllxrS/77715KZYXxGQu+e0KpYXnS8S2foGggksl/cI:zz/H1W/psXlSXS/pw2qZafRD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d9dfbb8b732f54f4_ejaz_hje.0.cs |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ejaz_hje.0.cs |
| Size | 261.0B |
| Processes | 1508 (powershell.exe) |
| Type | C++ source, UTF-8 Unicode (with BOM) text |
| MD5 | 9b6c82997db035ddd077b5960a13d19a |
| SHA1 | d780a10d4476c2c3692862bea6e6488bc68ecb74 |
| SHA256 | d9dfbb8b732f54f4e863de056cdc94f141b340690a7426fadcf972d9d045f925 |
| CRC32 | 46A36266 |
| ssdeep | 6:V/DsYLDS81zu1q/FMRSRNuhmwpS2TiW77y:V/DTLDfuY+mwphpy |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 616962c5f7c6c1b9_RESD32A.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RESD32A.tmp |
| Size | 1.2KB |
| Processes | 2288 (cvtres.exe) 2244 (csc.exe) |
| Type | Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols |
| MD5 | a7f166dd45e8906824f29510b3be4a9a |
| SHA1 | 548df3e8641718fb314f081be6568461eecf3061 |
| SHA256 | 616962c5f7c6c1b9229b596e806f80a420a36b6209a6c58e5e29156f2c08a4ca |
| CRC32 | 8F4FC0B0 |
| ssdeep | 24:HQJ9YernJDqmHDUnhKLI+ycuZhNcVakS3aPNnqjtd:hernkmQnhKL1ulcVa33WqjH |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 986229de4caea4cb_RESD156.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RESD156.tmp |
| Size | 1.2KB |
| Processes | 2200 (cvtres.exe) 2156 (csc.exe) |
| Type | Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols |
| MD5 | abbcaf7a0f4c844ae10c5163eb0adddb |
| SHA1 | a096126ec7ce0adcba48fb2509002e43925b83b3 |
| SHA256 | 986229de4caea4cb78d3c2ab6b237db5cc9fb9ba543a017accd75fedd0876498 |
| CRC32 | 958E8867 |
| ssdeep | 24:HQJ9YernxlxmHbUnhKLI+ycuZhNWxakSJ2PNnqjtd:hern/xmYnhKL1ulWxa3JKqjH |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF15da96d.TMP |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF15da96d.TMP |
| Size | 7.8KB |
| Type | data |
| MD5 | b0c9ff441742f3847ea27da9dee7f2cd |
| SHA1 | c42a1eb32ba953a0ce5d8635caabf71b5b281495 |
| SHA256 | a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4 |
| CRC32 | 0BBCAB1A |
| ssdeep | 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5cdd5479cdbb62dd_ejaz_hje.cmdline |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ejaz_hje.cmdline |
| Size | 311.0B |
| Processes | 1508 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators |
| MD5 | 66e8c1fe1f769f527aa3feea7f4d14fe |
| SHA1 | 1127f6931ad67209f3baf7369a19df6323a3920d |
| SHA256 | 5cdd5479cdbb62ddfabf6a1281b17fca3613d6d5ffe06bc9a202e4e219894253 |
| CRC32 | 8FF713CE |
| ssdeep | 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fdxQmGsSAE2NmQpcLJ23fdhGWH:p37LvXOLMknPAE2xOLMNH |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fbfbc0f19347559b_-5yxvqrz.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\-5yxvqrz.dll |
| Size | 3.5KB |
| Processes | 2244 (csc.exe) 1508 (powershell.exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | a812d581c1264864265fa0bf50cc3975 |
| SHA1 | 6a79afa6485ca2f7285f3825debac89a8f75e644 |
| SHA256 | fbfbc0f19347559b06bae5eec9afb870b434e359ae13f1aacccc9a7425c06140 |
| CRC32 | E9F64AB1 |
| ssdeep | 48:6uRfEd3a0/mpuJILNSzpoKO1ulcVa33Wq:1/eFtJ6VK3 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 439cbf26317e47fd_CSCD145.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\CSCD145.tmp |
| Size | 652.0B |
| Processes | 2156 (csc.exe) |
| Type | MSVC .res |
| MD5 | b2a33b34310c490697d7ccf51b517f4c |
| SHA1 | 0ac9d5591a84cb097947a484d069ddcddbc56ade |
| SHA256 | 439cbf26317e47fd6d32c8cd1a1f8d0a9093fb3a6adf414e3d8a5406d5077f57 |
| CRC32 | 8CB7D8AC |
| ssdeep | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry4RXak7YnqqJRAPN5Dlq5J:+RI+ycuZhNWxakSJ2PNnqX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 114e4cfa482c531b_ejaz_hje.pdb |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ejaz_hje.pdb |
| Size | 7.5KB |
| Processes | 2156 (csc.exe) 1508 (powershell.exe) |
| Type | MSVC program database ver 7.00, 512*15 bytes |
| MD5 | 2a17995637698f7d40fee656170e6c14 |
| SHA1 | 0f97e432bcb1d673e991bf4be3476228aa8bd605 |
| SHA256 | 114e4cfa482c531b8e086770231d3a7e3079aa48c7237ea49679215ccb1549ab |
| CRC32 | B934BD2B |
| ssdeep | 6:zz/BamfXllNS/wSMcdDT9Xn1mllxrS/77715KZYXxGQu+e0KpYXnSMcdDT91kMoa:zz/H1W/pddNX1SXS/pw2qZddNSMRD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 812728a41aaccdb9_-5yxvqrz.cmdline |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\-5yxvqrz.cmdline |
| Size | 311.0B |
| Processes | 1508 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators |
| MD5 | 0a87362d91374924818489c55dab5efd |
| SHA1 | 76eaec0a09ec8aff01f4da2f66ee54ec6c461608 |
| SHA256 | 812728a41aaccdb9f870f91f3e2e20870b5d97768cab737372a0c515fd3469d0 |
| CRC32 | 0E45D9A9 |
| ssdeep | 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f5csmmGsSAE2NmQpcLJ23f5cshx:p37LvXOLMhcsmnPAE2xOLMhcshx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1c5ec82d963ef879_CSCD329.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\CSCD329.tmp |
| Size | 652.0B |
| Processes | 2244 (csc.exe) |
| Type | MSVC .res |
| MD5 | ccdd0798d40e71d6e358ab8394098050 |
| SHA1 | fd2a7404da3c3f313cc09eeba517080cce701dfd |
| SHA256 | 1c5ec82d963ef879f5a28845d8352d13e8fadb89b27b746b76773c5b9ce3af76 |
| CRC32 | B7DD475A |
| ssdeep | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryulVak7YnqqNlaPN5Dlq5J:+RI+ycuZhNcVakS3aPNnqX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c5fc447a41d689c0_ejaz_hje.out |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ejaz_hje.out |
| Size | 607.0B |
| Processes | 1508 (powershell.exe) |
| Type | UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
| MD5 | 16d6122b9a22df64c3fac2714aeb7de3 |
| SHA1 | 683a3939aa1fbcf0dc1dbdd2ff62ba8aeb4b1d7e |
| SHA256 | c5fc447a41d689c0e7ee410b5d741ed09d850f1a146ccb97da14445930ec2beb |
| CRC32 | 37EE9FF3 |
| ssdeep | 12:K4OLM9nzR37LvXOLMknPAE2xOLMNOKai31bIKIMBj6I5BFR5y:K+9nzd3BknIE2nNOKai31bIKIMl6I5Da |
| Yara | None matched |
| VirusTotal | Search for analysis |