|
Hash | Hash Value |
|---|---|
| MD5 | ad88c51e409c563ca0886c9913250978
|
| Sha1 | ff88268e3c48cedad7590af211b9f9e875b1f45c
|
| Sha256 | 1ae3af7517c66182b3ca64e025c4b9b74add830a7a2fc06c41914c6df17581f9
|
| Sha384 | 29703fbbc078d40ebca08906b45d4b032080da7ca82ee654ce79be35aa7c82a70711e1eb5a6a3d31f4fcc87734f0cde9
|
| Sha512 | 63f23ffc5c1a7f1caee6368e1904c328f5938bd827f27542da950774070bfc17a2397746e7acaac866e10a0a5592b299c83c82c29a4bc205e89cf21519c12335
|
| SSDeep | 192:X40np3Ih8ySzJWt6PFCHMzG3gyLiiKGw0DJGMLtg98:24JYsCHQWq8
|
| TLSH | B0F1EA29DA50929E4363327D08996C09B2DE812FC3612E54F51CB4F0AF8516DCFB4BF6
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU")))) |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU")))) |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW")))) |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW")))) |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU")))) Malicious |
ad88c51e409c563ca0886c9913250978 > [Base64-Block] |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU")))) Malicious |
ad88c51e409c563ca0886c9913250978 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW")))) Malicious |
ad88c51e409c563ca0886c9913250978 > [Base64-Block] |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW")))) Malicious |
ad88c51e409c563ca0886c9913250978 > [Base64-Block] > [Deobfuscated PS] |