Extracted

• • Target

    f193bfc26d4a4bf50276a27a873fd0f7941b10b6306ee515bf1f786dce2a4d76.vbs

  • Size

    207KB

  • MD5

    73c5fd4481680b69e0ea300744e85e86

  • SHA1

    42eda1ad2cd18b0a34451951728d76b90c9f07b6

  • SHA256

    f193bfc26d4a4bf50276a27a873fd0f7941b10b6306ee515bf1f786dce2a4d76

  • SHA512

    f905e540102e6bc414a24121d03a279642f5cc54b4db4ca60a2f808864121efdb7e38d6e6b73f42211c4b31493bcec215b2ee82eefcba30d70500221320ada10

  • SSDEEP

    3072:uts8tNWXiaaEoI0YkeRIqkkJgt5pNGwz4LQqDlSEq+zVTcb6alYWdyx:Csmyiaas/SEqGk6aRyx

  Score

  10^/10

  execution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2