General Info

URL

http://www.gvgdevelopers.com/K2DevGuide/zip/cs-script.zip

Full analysis
https://app.any.run/tasks/b222d3c9-9a7e-431b-a2a2-eeac69b3e969
Verdict
Malicious activity
Analysis date
7/18/2019, 10:33:32
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • csws.exe (PID: 932)
  • cswscript.exe (PID: 3548)
Loads dropped or rewritten executable
  • SearchProtocolHost.exe (PID: 2564)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 1072)
Manual execution by user
  • csws.exe (PID: 932)
  • cswscript.exe (PID: 3548)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3760)
  • iexplore.exe (PID: 3452)
Application launched itself
  • iexplore.exe (PID: 3760)
Changes internet zones settings
  • iexplore.exe (PID: 3760)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe winrar.exe searchprotocolhost.exe no specs cswscript.exe no specs csws.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2564
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\acppage.dll
c:\windows\system32\version.dll
c:\users\admin\desktop\cs-script\samples\swshell.dll
c:\users\admin\desktop\cs-script\samples\remoting\companylists.dll
c:\windows\system32\notepad.exe
c:\users\admin\desktop\cs-script\samples\msxml2.dll
c:\users\admin\desktop\cs-script\samples\hosting\referencing\vs2008 project\externalasm.dll
c:\users\admin\desktop\cs-script\samples\hosting\referencing\vs2008 project\csscriptlibrary.v3.5.dll
c:\users\admin\desktop\cs-script\samples\hosting\referencing\vs2008 project\csscriptlibrary.dll
c:\users\admin\desktop\cs-script\samples\hosting\referencing\vs2008 project\csscodeprovider.v3.5.dll
c:\users\admin\desktop\cs-script\samples\hosting\net v3.5\vs2008 project\csscriptlibrary.v3.5.dll
c:\users\admin\desktop\cs-script\lib\tools\wsdl.exe
c:\users\admin\desktop\cs-script\lib\tools\v2.0\tlbimp.exe
c:\users\admin\desktop\cs-script\lib\tools\v2.0\aximp.exe
c:\users\admin\desktop\cs-script\lib\tools\v1.1\tlbimp.exe
c:\users\admin\desktop\cs-script\lib\tools\soapsuds.exe
c:\users\admin\desktop\cs-script\lib\shellextensions\cs-script\shellext.cs.{25d84cb0-7345-11d3-a4a1-0080c8ecfed4}.dll
c:\windows\system32\msxml3r.dll
c:\users\admin\desktop\cs-script\lib\csscriptlibrary.v3.5.dll
c:\users\admin\desktop\cs-script\lib\csscriptlibrary.dll
c:\users\admin\desktop\cs-script\lib\csscodeprovider.v3.5.dll
c:\users\admin\desktop\cs-script\lib\csscodeprovider.dll
c:\users\admin\desktop\cs-script\cswscript.exe
c:\users\admin\desktop\cs-script\csws.exe
c:\users\admin\desktop\cs-script\css_config.exe
c:\users\admin\desktop\cs-script\css.exe
c:\users\admin\desktop\cs-script\cscscript.exe
c:\users\admin\desktop\cs-script\cscs.exe
c:\windows\system32\presentationhost.exe

PID
3760
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.gvgdevelopers.com/K2DevGuide/zip/cs-script.zip"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3452
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3760 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\winrar\winrar.exe

PID
1072
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\cs-script[1].zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3548
CMD
"C:\Users\admin\Desktop\cs-script\cswscript.exe"
Path
C:\Users\admin\Desktop\cs-script\cswscript.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Galos
Description
cswscript.exe
Version
2.1.0.0
Modules
Image
c:\users\admin\desktop\cs-script\cswscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\cryptbase.dll

PID
932
CMD
"C:\Users\admin\Desktop\cs-script\csws.exe"
Path
C:\Users\admin\Desktop\cs-script\csws.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Galos
Description
cswscript.exe
Version
2.1.0.0
Modules
Image
c:\users\admin\desktop\cs-script\csws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1433
Read events
1351
Write events
80
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2564
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2564
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\System32\acppage.dll,-6003
Windows Command Script
2564
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
2564
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\System32\acppage.dll,-6002
Windows Batch File
2564
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\System32\msxml3r.dll,-1
XML Document
2564
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\System32\PresentationHost.exe,-3300
Windows Markup File
3760
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{C2E1C0B9-A936-11E9-95C0-5254004A04AF}
0
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307070004001200080021003000B302
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307070004001200080021003000B302
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070700040012000800210030006E03
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
7
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070700040012000800210030007E03
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
32
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070700040012000800210030009D03
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
22
3760
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070700040012000800220000001D0100000000
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071820190719
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CachePrefix
:2019071820190719:
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CacheLimit
8192
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CacheOptions
11
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019071820190719
CacheRepair
0
3452
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3452
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071820190719
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071820190719
3452
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071820190719
CachePrefix
:2019071820190719:
3452
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071820190719
CacheLimit
8192
3452
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071820190719
CacheOptions
11
3452
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019071820190719
CacheRepair
0
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
1072
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\cs-script[1].zip
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
1072
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
0
C:\Users\admin\Desktop

Files activity

Executable files
25
Suspicious files
6
Text files
213
Unknown types
3

Dropped files

PID
Process
Filename
Type
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\cswscript.exe
executable
MD5: a6d646d53e311f59589789c22b0afdd1
SHA256: b28f509c8866667893fd0dd1f6d0549523afcda92aa40b6cfb61ad195fa4eee7
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\CSSCodeProvider.v3.5.dll
executable
MD5: 2422838fdf262612e06acce380e78082
SHA256: bf986ab4b203c18a2632fd942db3bef30744878639b6059e191c3c8b84ca4555
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\CSSCodeProvider.v3.5.dll
executable
MD5: 2422838fdf262612e06acce380e78082
SHA256: bf986ab4b203c18a2632fd942db3bef30744878639b6059e191c3c8b84ca4555
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\CSSCodeProvider.dll
executable
MD5: 2647398e97203fafef330bf6645f0fb1
SHA256: 6627e1e5c56b27fdaa657b220120602a2d121088c46ebc547d0d669f4640acdd
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\CSScriptLibrary.dll
executable
MD5: cc9cda4c4c9fe41a06b8e1c3f6cd985e
SHA256: 6eba33df2bba098586f8682acd74b690ea2a2b3070acbd6591779dc7cc893cc3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\csws.exe
executable
MD5: a6d646d53e311f59589789c22b0afdd1
SHA256: b28f509c8866667893fd0dd1f6d0549523afcda92aa40b6cfb61ad195fa4eee7
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\ExternalAsm.dll
executable
MD5: 4fff0fd297696b3590a6f605c45d78f6
SHA256: 8c8b7bf3525e8aefcdde97660bc0c95a8740ba451a8da5bc2babe209e5b0deaa
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\css_config.exe
executable
MD5: 2664e0e4b8632467dfa2ee368ebecf9f
SHA256: eb07c49a58fff0b5a0dc4587c1b78e82772df3f5087bb622296db7b5133a3d92
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\CSScriptLibrary.v3.5.dll
executable
MD5: 15e7444a3b436be534982b98c01e4e4c
SHA256: 537df466d44f1e200a15a49bb26f61aa96b816122931b63a2246c4fbce6af33f
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\cscs.exe
executable
MD5: 2b084e156509cb4241a90399defae48d
SHA256: 065d89f1cf4620da664a8449e876b57f9760cd90be8ad274194066825842aefc
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\CSScriptLibrary.v3.5.dll
executable
MD5: f042b12a4b7d6b63930514d5ec8126d1
SHA256: 67bbb5de9edbb640d4c97887b5e85ffe5c26771bc6f1c830b11b4a5e09d0617e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Msxml2.dll
executable
MD5: 48d745266a2dbe5534174cb09d95af22
SHA256: b66c3c71c62bea8af59acd64a86fd4e1bd21d8e8e70fdef9125e93f8af119bab
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\ShellExt.cs.{25D84CB0-7345-11D3-A4A1-0080C8ECFED4}.dll
executable
MD5: d574ee5e011f507ded51ded8acb505a5
SHA256: d428f65e421583a73ed4e1baf5d9cad57a97f42fc6ac1a5e6e783f4de4709a8b
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\cscscript.exe
executable
MD5: 2b084e156509cb4241a90399defae48d
SHA256: 065d89f1cf4620da664a8449e876b57f9760cd90be8ad274194066825842aefc
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\ShellExt64.cs.{25D84CB0-7345-11D3-A4A1-0080C8ECFED4}.dll
executable
MD5: 3a1891c96f6feabf4549af0aab56ed84
SHA256: 031af356c53260ae65eae22b8511573c9ff1eb384545fa93af74bc952af54260
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Remoting\CompanyLists.dll
executable
MD5: 6f3ee09915c3770c22cba8861c5bbc4d
SHA256: adf1191ef165e050590891dea8ee768636f81e9eb6bda3398030bcbfec047ca8
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\VS2008 project\CSScriptLibrary.v3.5.dll
executable
MD5: f042b12a4b7d6b63930514d5ec8126d1
SHA256: 67bbb5de9edbb640d4c97887b5e85ffe5c26771bc6f1c830b11b4a5e09d0617e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\css.exe
executable
MD5: 2677206643fcb3f1e1bcc5574800d787
SHA256: 96252b0c5dc35279b097ed9677dcf23ab3461a2c51f5fa7d7a7f583473c530d4
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Tools\wsdl.exe
executable
MD5: 5bc2fe860d9d9497b3295a2e1cab24f0
SHA256: 73df215b38e0998322e8c871b8b13ba9bea7e61ed413561d8157ab245fefc232
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\swshell.dll
executable
MD5: 77fcf5aa004d8e7e76a583e6310bd6c1
SHA256: 5d86d78c6c6436b3e8f7379584b9aa6a0f8dda5aa530d4cbfc444b38e139239a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Tools\v1.1\TlbImp.exe
executable
MD5: e6b96ea8ff7b6a4a56d13a8b15e9e2e4
SHA256: fc80921eb456b258efbf1c3b2d52589cb1d1bd5f71bf305a847fb0f28b94d73e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Tools\SoapSuds.exe
executable
MD5: ed6b677cfecd52072b93ab3be470a39a
SHA256: 11b17cc3ca54c26340c3337c09599b8736e6b49780628af3ebc79a918e156410
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Tools\v2.0\AxImp.exe
executable
MD5: c09d5142fdfafe1b78f816f9b05dab1b
SHA256: db1760a4b43744f4d583a0fa4e6b380a4bd5582afe6600be91037171071b85d9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Tools\v2.0\TlbImp.exe
executable
MD5: 477a84247145ad7437ea1db5dc609a22
SHA256: 2b358c4a5e288bd97074e5c90111ffe425dc60b07bebe5d063b20c105ba0c8c0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\CSScriptLibrary.dll
executable
MD5: cc9cda4c4c9fe41a06b8e1c3f6cd985e
SHA256: 6eba33df2bba098586f8682acd74b690ea2a2b3070acbd6591779dc7cc893cc3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\18.Configuration....cmd
text
MD5: 0b3f5963617183e6b146209cf0ac39af
SHA256: 39085b65467e9524564c637c72a77f6d462400268d30cd8d00d7986a85ecfc0e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WWF\MsgBoxActivity.cs
text
MD5: 53298bf663fb40fd8d65169deab7709e
SHA256: 6c42dbe31462e2813d175fbe7aecbf75f2134533e4d48a2892904a6ac1efbbb2
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\print.cs
text
MD5: 5b7084530243bb3d7ee8719bd9963f89
SHA256: b9e6c3b52b7726d2ee74436856f7e2704b3a915ca2f375137f2e6c6f5310e3be
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\printScreen.cs
text
MD5: bfeb86bea496b287352e702f280a6a1e
SHA256: 32e48626c55a3d514d54d82422bf1187d9df14626b412f0401ad7f7ff33e3ec1
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\msxml.cs
text
MD5: 3c60c98a52cd78e48262ab92f28a2745
SHA256: 5f7b076d37e7473644f2d7c892673d860a957a544359cd7b923878937f1dadbf
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Progressbar.cs
text
MD5: f3a56063270443153c3bd748509b85b1
SHA256: a62007f4aeadefb217bede92ed9247debbf960a51f69beb1e7b4f7afd7a6401c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\nkill.cs
text
MD5: ded8406ac20ad98d4a42b929009623af
SHA256: b734bbe46a8361daa9a477c447f7b962f1810ec00b7aa66afef6c0bced5b7f7e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WWF\HelloWorld.cs
text
MD5: 166635b4fb5cd1ca57087a4ccca19d23
SHA256: a1d0ce20d8f6ca323213df0e2624e6337afb9d849c0e48b7686734079043a6b0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Macros\precompile.cs
text
MD5: f3dbcaaca5ba49168ba89b6aee283b85
SHA256: 235e4a206115547c34ed8cd5852102fe83c13fd6c1652fefde7703016410a0ae
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Macros\script_simple.cs
text
MD5: c1474bed6c77896651403235e5304c91
SHA256: d6811b5f2ba317f6615cc0cb8b0d10dc60fe69dd4cc1627659511ed26d441b77
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Macros\script.cs
text
MD5: 97c92b6fd96899fdbd0d23f5137087dd
SHA256: b3512359ad5898dd05b2809dae0e404011c305208bfe2264d448c42e8463e69f
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\Host.sln
text
MD5: 14e4859fc125a9ec00007331b983daf1
SHA256: 18220490d893c45f42c3050ae6f4f40123cb52b97afef3ad0139c93aa53e3151
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\importData.cs
text
MD5: 9424aa0af729be780f1e292513212346
SHA256: f7056bf8031539b23797886e795f8f078cdaa39303747d8bfd34d293b246bfb4
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\Host.cs
text
MD5: 9ac95e7285a1588eb12588f3cff94cfe
SHA256: 1c6c0dc31360ce8cfcff093f4daef5ee754ef3c08df1c37d4a1809ab1cead32c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\Host.csproj
xml
MD5: 24297b95d27cc20a29f2b707a05375a4
SHA256: 0bac07505e0efeeba181f357af902435d9ebe76e14dc0d9acdbfebb0773740fb
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\importTickScript.cs
text
MD5: 1f250e60945ec9eb0a7ee17182ddc406
SHA256: 31512fced9e7cb1f50d4ac76fa6eed4c909c18cdb5cd3ec98d3414355c8f3872
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WPF\Hello.xaml
text
MD5: 053cf06565ff5198b2884043666c4f62
SHA256: 60a0642602d977615e3bd1c20d68732420b023f118f3ee5e943e4ea3ce15ce50
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WCF\client.cs
text
MD5: d4cd7d43cc861416ac235db421a90424
SHA256: 2c1c65f31a15c0dc83aab28c96155c4e65e2875d7681536edd5365234d120c56
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\Script.cs
text
MD5: 3d06662e0a68a2b36186eeec64fccea4
SHA256: 4d54bfbcd7bdfea3adbec2d262ce716fa7016eb7fa4a120a92c4cd8da9cf0d71
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\Host.csproj.user
text
MD5: ec062cf1b19adcc07963f1dcb28dfecf
SHA256: c9137f39b5cb357d6bcedc00a0b63c4dab19386e413699d2f204a0491252c4dd
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\runAsApp.cmd
text
MD5: 51cf07e25581a962e92fc6bc13e7a070
SHA256: 8e4065db2897023c5ce67d8e3da45e4cdfef3a7349da3a9b630ef065e558c08a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\readme.txt
text
MD5: 5ac120d0d3083d71ca81a0f2091e424e
SHA256: 529c168f2d7fef504dd902cb74751fb815fd869dc2f0c310c66746bae6d6a65d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WCF\service.cs.config
xml
MD5: 9494f211559bf47c05f03a3aa15361f2
SHA256: cea44d756f944f0fd38ff129bce10da8f2124b003ae89a42143247dac21621b9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\VS2008 project\AssemblyInfo.cs
text
MD5: 34b6a40aab1f520f2bb655cb52dc1744
SHA256: ccf1b1ed80b2f6b0078b8191fd764fc9b1d797cead611f4a6ce62c30224d3dbc
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\Host.cs
text
MD5: f2c1df3a4e131c0ddb72a5cc2e3e0b75
SHA256: 3a1608ce0878b76b91e2854c33ce0b87f106ae3e53d9feeda7fa4cbff743317c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WCF\service.cs
text
MD5: a8c1d3e3fa04af4eaaa23069a7cb758f
SHA256: 961e051d9a9b078d932f7eb6e78ab88c2a674e5c7f9b990218af09f99b19d96d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\runAsScript.cmd
text
MD5: 80cb1a70660a8a1c6250db12851875a6
SHA256: f5812682b611c774e6a5a72f5bce2a64a28714349a3d67cb673041685f522bf2
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\Script.cs
text
MD5: 3d06662e0a68a2b36186eeec64fccea4
SHA256: 4d54bfbcd7bdfea3adbec2d262ce716fa7016eb7fa4a120a92c4cd8da9cf0d71
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\VS2008 project\Host.sln
text
MD5: 14e4859fc125a9ec00007331b983daf1
SHA256: 18220490d893c45f42c3050ae6f4f40123cb52b97afef3ad0139c93aa53e3151
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WebService\Hosting CS-Script in WebService\WebService1.zip
compressed
MD5: d9ce3c2562eec5a40eaa79e1aca5ecc7
SHA256: ce25e518dd929e1d6397696846dd2a505df63dc360f544ffc200ce3ca42d0113
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Referencing\ExternalAsm.cs
text
MD5: ef9c77f2928cd47657b3d3a2fe7414f9
SHA256: ff98431352d8d596b102023cc9dd8acfe720e1fd072a5e269bfa30e240c674e4
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\VS2008 project\Host.cs
text
MD5: 6ef8b7d05b01db18e1d5cc0f32ca30e2
SHA256: ed199fc9143a64b17973dc87186f00ffd50449d4e4eaed07827c2389b5acb979
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\VS2008 project\Host.csproj
xml
MD5: 7ecbc5dd0935c74ee219fbdbec1a9c99
SHA256: bf5d47e089362a33c6d36fb5de2da93aabc84d41957fb32a92d14f038d80079c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\Script.cs
text
MD5: 2253c6203fb8e535f87384aa6915f274
SHA256: b677651c5d5679e21e9a2277bc8a234dbd0b3d3312ae5b7fd41327349030bf6b
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingWithInterfaces\runAsApp.cmd
text
MD5: 99b57f94026389defef0e2c20405577a
SHA256: c582198d01f5b8228d7a33fedd7caf2086376f3f4eed5318ffc5a068e7f3d177
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\VS2008 project\AssemblyInfo.cs
text
MD5: 34b6a40aab1f520f2bb655cb52dc1744
SHA256: ccf1b1ed80b2f6b0078b8191fd764fc9b1d797cead611f4a6ce62c30224d3dbc
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingWithInterfaces\readme.txt
text
MD5: 0cdd3c5053de0beff9ddd6b547d459f2
SHA256: 158b94879708d0399595bbdac46bdfa544972a6ca1cb45b742807ffc11bc19cc
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingWithInterfaces\Script.cs
text
MD5: a54d0770e8ad38ebe9d0a7e77b83253e
SHA256: 220ee4836ad43bfb52bd116e29bc98fdc090a2aa6fa1f4be7f9f773af518d1e1
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingWithInterfaces\runAsScript.cmd
text
MD5: 09a52ac69890828e1074e4c26e25378b
SHA256: 8cff3e172e7effadf77be97491f558de59b3cf1b1128b5a6e857e442cbb9ebe9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\runAsApp.cmd
text
MD5: 4d53c2313037e06da424743cdb1dd72d
SHA256: b423972c69a278ee461a0aacb2550e31994da793d528312dac16d536a2bfea65
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\runAsScript.cmd
text
MD5: 950556082cd83b0b25a344c79cd74cb9
SHA256: 9136bbacc344751bf94e4bb33685bd457fcfd87abcff5ac865a1c45625bd5e1b
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\Host.cs
text
MD5: b24f17f04963044c59ae8d854aaf9f62
SHA256: 8139616452b55a517d43c63a1229dd2fd2a6f0ee3e58187fab928cad707108ed
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\Net v3.5\readme.txt
text
MD5: 1afe9f728dfa4fb99e567b6b811a0985
SHA256: ec7c08428b8465cb39f9405bf601aa48dfdfa8bf11104371671e1e4582c9b196
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingSimplified\readme.txt
text
MD5: 686e6c98da109068c987cc3993de4339
SHA256: 45afdba1e1d082f149d74c0da02bff90cf2128897224f36ff7512393fa73d3e6
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingWithInterfaces\Host.cs
text
MD5: 268c8319d7fa46219a56823d0949bb66
SHA256: e50f5674507564244f858db0c0c42c11de009db9df8dd4a5f53ec35075d9165d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingSimplified\Script.cs
text
MD5: fa550348c98791c4249c905db1a1a423
SHA256: 6db5c22850ba55f791670e29e0e59173a546b05f28c99a64545118805e809547
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingSimplified\runAsScript.cmd
text
MD5: 09a52ac69890828e1074e4c26e25378b
SHA256: 8cff3e172e7effadf77be97491f558de59b3cf1b1128b5a6e857e442cbb9ebe9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingSimplified\Hello.cs
text
MD5: 9ab803a043502e629775bcbafd49f5eb
SHA256: 56817de0d8266423c8ebba3530500a4ae9667350aa3911e8ae44f7bb71407ca5
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingSimplified\Host.cs
text
MD5: 27e783e349c9e023b984f841b82425db
SHA256: 160b22b96be2a1872f99a37730ad342a0afe682a83f81a93b5e2f69c9b9658bc
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Hosting\HostingSimplified\runAsApp.cmd
text
MD5: 99b57f94026389defef0e2c20405577a
SHA256: c582198d01f5b8228d7a33fedd7caf2086376f3f4eed5318ffc5a068e7f3d177
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\GoogleSearchService.cs
text
MD5: d992ff2cadd93a558cde8b1b355d45ef
SHA256: 3d91d2bc22677cd515343c9447930b88e14612e5b8574cb8c87c48d1dc769a08
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\hello.cpp
text
MD5: 586a9357823c0383ffa964c1823e7668
SHA256: dfb328148c195adcc43a76b951e67cabf2d48a0be7e222049ecb8fd0bf32be2e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\getUrl.cs
text
MD5: 32074952d70c4fa28eb01ff06891319e
SHA256: 9822d1cde0519a02668b77725188818c3c13381789adeaaebfd6eebc6bf9c1a7
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\googleWebService.cs
text
MD5: 7cb54ad6c29f7c81ba689b967d212dc2
SHA256: 7d601bce539b56a938731a3a3dd361bb9f3a6ae7ed5a6a8c66d83ece8afef5c9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\GetOptusUsage.cs
text
MD5: 7af372510f465e922e4930c6669c5b0f
SHA256: f545950ccd276c103ea18041bbe0dba720b394bd1521f3b9cb9bd1fb3f01f0cf
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\google.cs
text
MD5: 5a2d34440140078ffb32cb243121766b
SHA256: f2181449d98d877357b0bd90bff6121ac70fa8fadfda1c9b222e00197510622c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\hello.cs
text
MD5: 880ec71ebfdebd68f0009a5cbff4d414
SHA256: 12366d909b1560c2f0d7e0f6f947f399521822e807db2b0b0dbb2e9ab9b5b96a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Code.cs
text
MD5: c1053094ea45c73e116487616f6a6869
SHA256: 0482a6cd41d77dd5de875af9aa6b1937a99f236e3cab512f279c9fd356891ee5
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\exportData.cs
text
MD5: b0324533a96399a6d12a6a6ceb4c34c0
SHA256: d8d19940ac687958f1a09c8164cecca494df71b83714f8134f33bacaea793c61
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\wpf.includes.cs
text
MD5: a9ee894ccae1db889068529fd95b36f2
SHA256: 0235a6a5c0754534ce11438aa0372757d4a17bc554812c5ea347e1401aaa64d0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\ReleaseNotes.txt
text
MD5: ea56624fdce638180e4175787896f13c
SHA256: 1b27aee2e5321da68c57bf673c7d0b854b0eb3ef53451fe80f4c0c9f103a5234
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\wsdl.cs
text
MD5: 2b8a58279c773b6ce760ecb7a976f704
SHA256: 894ad0a29c27e6943c629e974464ad52eb9c948a241fa1a4c9d313b8523092b2
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\wwf.includes.cs
text
MD5: 1ec19ffc9c40a8cc35f5737ec19c2d31
SHA256: 00f3a78689da6b879fa0f6ecd088c8030a23d0735d704a2aa2421de128d16c87
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\cutfile.cs
text
MD5: 74827be472e1557e036792b7f5b6a0e9
SHA256: 2dee31b6e9efd0da574484cf4b96cc520c8b8d0da29af169858d363f79796b90
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\readme.txt
text
MD5: 3145c718b9317adc4a1d6be38dbac128
SHA256: 47cd1ea311fbedf614f2f324779425f02be439138c1fd95b8925423d2fcd7f95
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\verify.cs
text
MD5: 369ce8cb2094e9dde8b854eefa241128
SHA256: 1f1aa200635d711be4b16a1f358d39610ae384058506cf30744fb1ab85fe6756
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\who.cs
text
MD5: a35fbb30b0a29c052c425201ddcc6c88
SHA256: 068f0cfe86a42fa32c71e94d4bcfbe39ed99114419fcea8f2a6682bfbbb739b0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ver.cs
text
MD5: c13db955e38ca474677653b7aadd403c
SHA256: cc4bbe4c8f6d6d02355a64347fff3c00a9274ecebb33a2107419e166f6a32101
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\WebScript.cs
text
MD5: ae851a277c223e147cd4bb9ab7cd1fe5
SHA256: f9c275948d496f23b29b928603d6a3f87d3f39dc7aa192a54c1d50e4d1020c25
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\vista.cs
text
MD5: 31d2f0cc88e8f5292a42c027eb7b5732
SHA256: 5a79741e74bbb12e28cad9f3bb75ae100395dbe2975a2398438792b072fd84df
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\which.cs
text
MD5: 80023bd81c523582177adb3ec41fa553
SHA256: 9431bd0cf5fcf9efdee13a768f37141e34e4e7ddf9c1679fc71b3381f0babc3b
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\VSAddIn.cs
text
MD5: 73f5cac07650d55a618d7c16f0ded075
SHA256: 8a627d84bee07cedd9704f5c3813b89e5d05d297ca8ff67b06f48fb38cdc4046
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\verify2.cs
text
MD5: e1d5124673f1b6c2cd163304afb84d7b
SHA256: df299542b5e8457e4890053cedef1ce5609defc66885c95338e5247c37ac22d3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\update.cs
text
MD5: 57c9ce06316af3b1f5a1b466153be221
SHA256: d42423734af23528e2ecea6e5ec4aff4d21f777aafb2ed36bfd86f651b2ea242
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\VSintegration.cs
text
MD5: 47354c9603af75764893102df1373362
SHA256: 3d1627b703b6b381f44e9aa8adb8524a6a9e6bc2175a453f557308a428310f04
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Vista\VistaUAC_code.cs
text
MD5: 49148e8b8a8526fce8bd8efeb043385d
SHA256: 47f5c6f332ffcb9a11de41af6ffd689a9a3dc7f624176e93fdbe6d7e76cd8196
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Vista\VistaUAC_command-line.cmd
text
MD5: c6f5d14d00a47f7fd61fa3e263fe8b6e
SHA256: 44cac7e33d83c7855c43afd6b01fc26fe54937ccf335c16df2de01dcc3019454
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Vista\VistaUAC_command-line.cs
text
MD5: 1be935b68cdf9d449d1cdd0ca04a29c8
SHA256: 5386bcfeee04d175d8b44ca76adc871a91de3c03690a7d51147cc811a336e67f
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\startElevated.cs
html
MD5: 7b878916eff9c6ffb11df9cd4685412c
SHA256: 25475e6cdb6b852aac3bf0cd30ee4a1e07482465ab95522f99fcdef0a9927dbd
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Vista\VistaUAC_pre-script.cs
text
MD5: 242e4ddd3aa26f659c9be0096d8c5bac
SHA256: e4a044c2c31a7cd2e14d1d7315b2f6ba2eacd1cb8d113cca919fd09e34e0cda0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\SetEV.cs
text
MD5: 3df6ca372181474f2d472f7b83e8443c
SHA256: 71ba655e160f5510fd332e060b2b3bb91d9fd5afe856a5612f3f896586f01822
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\soapsuds.cs
text
MD5: 13902f06aed7bdf2c4dd88a37a6f5e2a
SHA256: 223afc639643c49103f0ea2d14fddbefe578737bf59e7983f115f15e2921665c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\shortname.cs
text
MD5: 0b274b58e0cc6deb21e924b4fdc3e50c
SHA256: b87502524499421d67abdb97e7f1f13341a381dcd33297e7b8fccd8f021aeae2
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\install .bat
text
MD5: 12bef2e63bc620190fe0baf74f4b6658
SHA256: 578b1874e04ef236ad94aacf46290456b8e9155706b5048c7567800dd95d3ce5
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\runScript.cs
text
MD5: 246087a7cb269eabf688647f8451beae
SHA256: 1b15f3b9a2e8f17d4ddac24cb2e668111e0dfafdf920bb49e7455d73022211f3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\uninstall.bat
text
MD5: 51554f1274ce9a872878ae90ddc1a9b6
SHA256: e7027b937bf3778f4d45effc8b3c82920bb1d2723ad74f99cc7f55ea64ed1229
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\SimpleEncryption.cs
text
MD5: c007de3e2c967ce6f667fe1d35f489c6
SHA256: 86e4d20464c1339555ca48f99d624547bd85ecca44bf563cdad751371adba6bb
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\SMTPMailTo.cs
text
MD5: 50dd8e051ab5b4b3feb5bd813f00eca9
SHA256: 1f9ae8ae3bed76e822550194ee67e4a40667c652ea8b4b9be358dedfacf8bcbe
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\custom.png
image
MD5: e9b1b8b6c67bb41b4ba6bd550dad5aac
SHA256: eb1372e200e6936142623d233c3bd1d3867b0094e7575ada5e8f8f01f317c477
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\SMTPMailTo.cs
text
MD5: 7bc4f6630cbc88d10b50971186a198e6
SHA256: ed4ca8f9ecd060b66d46687f0eed6a1bed6666039c833561e0548a5d6c949dae
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\26.Compile to\10.DLL (debug).c.cmd
text
MD5: e3e6d823a3d9d58bb9363d2b16e5e8e5
SHA256: 8d1a42e66bb7b315e4b7716bb5edb72cfed298965c4a40c221c7ef20558378b0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\26.Compile to\08.EXE (debug).c.cmd
text
MD5: 7c9c6d527394b93f016bc0be8f3953c8
SHA256: 22c38682a9e67a2f558662939e44e4ac1c3a8f29c88d411735cd3fe656dc0bd6
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\26.Compile to\00.EXE.c.cmd
text
MD5: c080acf25124fea3bcb6aaf8343475ec
SHA256: a9ca109b2872160cd839c99837c7b76b2e6fe61fcbab3e37fb79df4991713855
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\26.Compile to\06.separator
text
MD5: a0f0bc95016c862498bbad29d1f4d9d4
SHA256: 080856f98d1eb14b814733d0c19b1af3161009c39e8e44ac79fe80a05b94f425
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\24.Convert to\06.Executable Shortcut.cmd
text
MD5: 546621f15fea6568060c45378fe9349f
SHA256: f49b8863a628240f85380f292378355686a2d0c37681a707225939fac73470ed
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\24.Convert to\04.VS2008 project.c.cmd
text
MD5: 5898ce9bf9e9fbb3995e1c4346ed6b85
SHA256: 9ff1733a8bd20957615dcb88993b5ccf24b042408c1171f214e525c699392a20
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\26.Compile to\02.EXE (console).c.cmd
text
MD5: d196dfa2f73d472331898ce8a15cdaa3
SHA256: 54f00fd462a98ec3065335fe0910a970fbe735e430a54d87f95b09cef8c40ad5
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\CS-Script.7z
compressed
MD5: a9e5cbbede27815a2d513a39915d8c43
SHA256: 1cf5d9012e6b949b460e0ae82687523651a4f6c95375d12f988b5849a42dc058
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\24.Convert to\08.Executable Shortcut (console).cmd
text
MD5: 27c936301784687b989da1f58df94aab
SHA256: 041b7ee2f15424ea09dea47020d1b85017f8bc98a4810eda3c3722d93e323852
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\26.Compile to\04.DLL.c.cmd
text
MD5: 231311007f5e217f924ef81dcf0f8d0e
SHA256: bedaf4ae62db538fe9fdd39e19d14ba0566a902dd6597de4fbf556136c2ced51
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\14.Verify.c.cmd
text
MD5: 106b712a0edfd78fcf1f4f3a4940feb2
SHA256: d245970990d2b73a73461e794c3697e81f588c9b0c066306233c83576c54e2f0
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\20.separator
text
MD5: 554dd1333a21d5df4bc7e7aa46514db6
SHA256: 343e87920d921ee70dbd629769dde1a67b88c8b33158d903241c03b8d0e9408a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\22.Advanced\02.New WinForm script.cmd
text
MD5: f68b515275226ad4dfe47d570165b548
SHA256: 52e24ff84e80d7381e39f884e0e555b7a5b80a3fd620b7184b05c79c7215fa8a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\16.separator
text
MD5: 554dd1333a21d5df4bc7e7aa46514db6
SHA256: 343e87920d921ee70dbd629769dde1a67b88c8b33158d903241c03b8d0e9408a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\24.Convert to\02.VS2005 project.c.cmd
text
MD5: 31560b649b32c66bed491d895920fe4c
SHA256: 204db69d56d6d3b242dd24a90768686421fcad179e66b62014f98273db3ca76d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\22.Advanced\00.Open cache directory.cmd
text
MD5: c1d40ae0566cca1b628cb21aae0224d9
SHA256: d4fdd65f5a5619f02b79f147d4fcb8a2bcc2287e281b29d621cdb077b634ed77
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\24.Convert to\00.VS2003 project.c.cmd
text
MD5: dd2cfc28642b110b41a9f6d9f5fa3236
SHA256: b7ec68b2118e98ce9efe7f4d6d1fc1f856aa9af38cbdf781c691c91032d736b9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\10.Debug Script.c.cmd
text
MD5: d108e43faeaa2fdd9491ea69af62a172
SHA256: c72674d040a3c9930f91620e63874ff68e95ee295675ee0268f59742fb180aea
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\02.Open with VS2005.cmd
text
MD5: 2acc4898995f42c7f6776ee46e7e066b
SHA256: 192fb461fcd93cb266843231bb75808887674813bb098433fb7ff2e37769cd39
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\06.Run.cmd
text
MD5: 954c204fb19c4c98410ef2b99f8edc92
SHA256: 90f70c347761404331e47cb7da359f472456ee5588805c5caee62a7b8430e33c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\00.Open with VS2008.cmd
text
MD5: 87ab69e21ef4a6b18847a1022a9a0a4a
SHA256: a2e0fb9f7cb4920c9bc7dade9acf0e5e4f306e078838ea34ea3eab573d37e1e0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\12.separator
text
MD5: 554dd1333a21d5df4bc7e7aa46514db6
SHA256: 343e87920d921ee70dbd629769dde1a67b88c8b33158d903241c03b8d0e9408a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\08.Run (console).c.cmd
text
MD5: 9e636d71591295105be73dc53e30b9db
SHA256: 037b7fe0b830527884369612eb828f264d56c7319f37e6f4effe46a9ccefc68b
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ShellExtensions\CS-Script\04.separator
text
MD5: 554dd1333a21d5df4bc7e7aa46514db6
SHA256: 343e87920d921ee70dbd629769dde1a67b88c8b33158d903241c03b8d0e9408a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\runas.cs
text
MD5: bfab6ed938c275710f3f7ad644e160d9
SHA256: ff1c54f56ce8c7c45be785138af96f4a01df3887b7f19d871f3e19601fd6d1a7
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\shellExt.net1.cs
text
MD5: 87005140e8370eeb43a591862367e5d9
SHA256: 7dbde170a04daba1f5e33b81db3e3620604d3482cb6d8522a378ab60f5ac9b67
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\resources.template
binary
MD5: d85fe5b9a2e22066b1d7dc89c16ee527
SHA256: a3237a994521c1904b0367691fdafc8b4b309371b845157bd149f27b53849d76
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\sample.cs
text
MD5: ceb43c0dd43afa315525bc8ef7664428
SHA256: b2190ffdd20133fc45065a2cbae94a652bc02f10ccd1767cd964738c2f9964a9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\shellExt.cs
text
MD5: ed0a39ac8682dddd8350474b742b8d6b
SHA256: 91264a738896e872afc12ba42f2c119616e111da53316e91248b3ee568edfb76
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\searchDirs.cs
text
MD5: 6495f1e9dbe98774b533d4d25f2031ff
SHA256: 901a8643f670329f9242f6d2a8eebd4c910919c081d18fcbc2753fdaeb9b0ca9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\scramble.cs
text
MD5: d2fb0b5d30995e646a3d93150ab5dc10
SHA256: 3d0c876bbf5d70dbf6579624df0ebb77bea6cf168777b4c1828840bd4a24cbe9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\precompile.default.cs
text
MD5: 913126a0a1e55bec0e064c4e4a09e907
SHA256: c9d92b573b31b3cb72f158104c46957dabe2b67ec1b24c2ef6124261ff539c48
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\precompile.part.cs
text
MD5: c05560a3fe91e452e3a66792f39f230c
SHA256: 6012c235b348ca4f9714e56857b9151c96249d96e8ab2c4595c5918b1df20f99
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\libhelp.cs
text
MD5: 8fa1ea0c2ecf84b806045bf5659bc086
SHA256: 10290548e34b2a7eaf9fb22d8f94766589fce58c9fef1682fff60d9cf6556cb3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\reflect.cs
text
MD5: 2d821f1f8729ebce0b5689d39f0c39fe
SHA256: fbb182c23816a704697f8e026eff39d681b3e03a75b76addfaa08b813d928fa3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\linq.includes.cs
text
MD5: 46ee8bfd1e3e8eed30db69221a5fa268
SHA256: 1c60bda6dcaaa91f81a9ac370f8263cc798a60736c70e4dffbf46888a6228377
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\print.cs
text
MD5: 0eec2e587d6ebdfe36c4a9907805d805
SHA256: 9d030128f0bbd2036bd061b42cd4fa2343e78c37244929269046108d42bab49c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\new_script.template
text
MD5: b4f5894c1bc1b452ed5cd9d766b27dc5
SHA256: f26696c67f8c0637ad49d8d953b647b24cc4fe7320067508ea69e55c9913946a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\refreshVSProj.cs
text
MD5: c365b976e35abaebfbadb50279ce2cce
SHA256: 6f6e2a9f866f5e76014521cd9e331f3989ec1c5d5d64419a66442645bafc26d0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\netpath.cs
text
MD5: 2d46a70b863c2de2de6cfd021f68e838
SHA256: 14e7afe9c747c1f14a4b8c39771553ff93d6cbe9ddf08ce6d66557d2f9221a5d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\res.cs
text
MD5: 1ef01c2a509ce537fa528f7f3ef0a077
SHA256: f251c5376533abd3618aa6631fd2bcba6033df62ff318477d56daac4df47c7a3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\nkill.cs
text
MD5: 69266261c3b75d03cb5fbc978c169d9b
SHA256: 0923a844f51d43f1f8b32e55d66a940e221b8874de6cb2d6c554f0047e1437b8
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\isolate.cs
text
MD5: ae2b2f292068558ececfedcf0218d53e
SHA256: fd6c420cf09fc33e75c49e63843b7f10dc09cad839f4bbb4b1c386f2293375cc
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Elevate.cs
text
MD5: 7c36e316c847dda9d1aed88770b3b04b
SHA256: 0f18db705be30bd40211fe6f623feda1a6dd7623f0dbc74dbe835d9b5e2fcf9c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\encrypt.cs
text
MD5: 808a75d0ea3088d9d571a162e26025fd
SHA256: bb2a4b861cb5928d9c6cb47272a0825c53ae5253428f92c1a017946ce87c92eb
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS9.0\wwf.layout
text
MD5: 98445220fe6cce753a3d75a3d7e92189
SHA256: f566d31ab12f8a8a012d3f2d603cb1a6871b8eb3f7e326fc41c404eec44f064b
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS9.0\Form1.resx
xml
MD5: 32a9f8db6987c2d0d6bb55fc487be5e8
SHA256: 031312dd30d0f17bd38db27eb7353672d378567347c872461d281ef158c70b5a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS9.0\DebugScript.sln
text
MD5: d7a7a53b3b2cb523e1ead95ce0710967
SHA256: 203c8ea5234353272ae09bb34c82b1c08b4103454464373d80280cfb1b18f325
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\help.cs
text
MD5: ece76cfefd0dfcd60d9b6833ebc33189
SHA256: 572f4a806407878fb67986e61ab2fe20f02f56d284bc28263fb09ac3b63abb18
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\feedback.cs
text
MD5: 746c134917de73b06812dd96e2fefeb1
SHA256: 07a6ba13d18ce36a8e5dd4477e5b9780ab4931b7f4fbff69504a15e8c70910ac
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\lib.cs
text
MD5: f6fa00df709d38c8c667e06f31a01d51
SHA256: 72771ae9ecdff71925ed71ea214d80b89ab112a41ab10834bc4815b5c5c92de0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS8.0\Form1.resx
xml
MD5: 32a9f8db6987c2d0d6bb55fc487be5e8
SHA256: 031312dd30d0f17bd38db27eb7353672d378567347c872461d281ef158c70b5a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS9.0\DebugScript.csproj
xml
MD5: d437db1813e1aeb27158c8543147d23e
SHA256: 9a2b5cfceaf07c608d6b2bfc398994b25d55f2afe0992f890cd4d6dcdb6a698d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS9.0\DebugScript.csproj.user
text
MD5: 655de1eea880be1d0fc4a73d2e96ce7d
SHA256: cd0861a891a3f81fa9dcf08d097c3213c25e12b3e0edc11c05f8bece038634d0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS8.0\wwf.layout
text
MD5: 98445220fe6cce753a3d75a3d7e92189
SHA256: f566d31ab12f8a8a012d3f2d603cb1a6871b8eb3f7e326fc41c404eec44f064b
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS9.0\AssemblyInfo.cs
text
MD5: 76d84f1ecdaab9f5978054501ef98c39
SHA256: 586f91e49370014d3e19cb465460bba3b07fff0ae386b11db1bc5b241cbc1897
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS8.0\DebugScript.sln
text
MD5: 102a7b2daf0146cb0f516caf1b2e0f8d
SHA256: 7608702a4f92a62d6e3b7d4ef62741eba37ad8a48910e02c7b907671e97a767d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS8.0\DebugScript.csproj
text
MD5: 8cf9bc8037ca648b18bae914190b7292
SHA256: 59a808fc11a2cf9ed613f77983c982f4c42e535a196ba8b865bfe7d1802fa2a8
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS8.0\DebugScript.csproj.user
text
MD5: a5278b4e0405513509e3166e0811f338
SHA256: 09eb69ccaf841a6aa3efbfd4107bc58e5306b643d84cb9339907d1aab5760ec7
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS7.1\DebugScript.csproj.user
text
MD5: ea70171ffaae5ac69299d68a4eee751b
SHA256: 09cb7569fccc14ec44ced9e3791b50bdfa134070772a0430c8d2514491580f91
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS7.1\DebugScript.csproj
text
MD5: 0603684ca4e57ecd4a382e4f98f59fb7
SHA256: b92647429e654aca4f931961df301a842a46659023f0bd36187790807bc9f3d3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS7.1\AssemblyInfo.cs
text
MD5: 30f13277ea8f426f9c2b8d3beee26096
SHA256: c7c52c31b58c42bdf054e9376720c34bde2295ab2591f1e2662a9fdde822f91e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS7.1\DebugScript.sln
text
MD5: 497acc01a5e127bc16c243367cace4fd
SHA256: e9a5be07e3d04dfd01007e13b1347b9ee1e2412f45d72face66bb1d0e05e212a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS8.0\AssemblyInfo.cs
text
MD5: 76d84f1ecdaab9f5978054501ef98c39
SHA256: 586f91e49370014d3e19cb465460bba3b07fff0ae386b11db1bc5b241cbc1897
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\Backup\Debug_01-08-06_06-16-48.zip
compressed
MD5: 76cdb2bad9582d23c1f6f4d868218d6c
SHA256: 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D\DebugScript.sln
text
MD5: ef7c38f8e778dfe2bed2760102700afb
SHA256: 1efedc97baa9b15673eb02a86d38fc2dc0f36c9a3c418a5462831e7bfe1a64f1
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\VS7.1\App.ico
image
MD5: a78a91ff7a8c59192edc05466a68bee5
SHA256: 382cd3997832491be248e19daf00e5881057c7a0818af23649341a2b97e12527
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D\DebugScript.prjx
text
MD5: fc3f186e52e4a639dbfbfc9993d8177f
SHA256: 567ec8ccd2bb3d06e85e2d1512de5640f12e60649380dcf8613fea05283a3dff
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D\DebugScript.cmbx
text
MD5: 37902b193c83364b4d282dfd5b214de6
SHA256: c718d88978e021eb2d17e26451c795a52c0db5bf3d67a3cef79a727d96b05176
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D\DebugScript.csproj
text
MD5: 98bbc9417b535544f2a3cfef96316bd0
SHA256: 372de26ecb0fba2a5e1130e2737e1c92dd153de8efb15c37eba6b6b8764a322f
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D\AssemblyInfo.cs
text
MD5: ef35eb49f7da87ca87d880df251dbac9
SHA256: a33d6130d5bbb99ec81faad954ba8bdedf9755928452d9e311e42f5c9ed5e0ea
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D1.1\AssemblyInfo.cs
text
MD5: ef35eb49f7da87ca87d880df251dbac9
SHA256: a33d6130d5bbb99ec81faad954ba8bdedf9755928452d9e311e42f5c9ed5e0ea
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D1.1\DebugScript.prjx
text
MD5: fc3f186e52e4a639dbfbfc9993d8177f
SHA256: 567ec8ccd2bb3d06e85e2d1512de5640f12e60649380dcf8613fea05283a3dff
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Debug\#D1.1\DebugScript.cmbx
text
MD5: 37902b193c83364b4d282dfd5b214de6
SHA256: c718d88978e021eb2d17e26451c795a52c0db5bf3d67a3cef79a727d96b05176
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\debugCLR.cs
text
MD5: efdcdf810553bc51ffe23ee35dcbf1fe
SHA256: eab1cb0f9f0e47c027eea547dc0af0041a3678871e575d6e3a0cdee6cc634db2
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\debugVS8.0.cs
text
MD5: 8051baed993b365fa18ec82e1d11c4b9
SHA256: 1139d60243247fd4a6ff286907333856a77053b1e2e4b3c7733313ca3ac03db1
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\debugVS7.1.cs
text
MD5: 207996fb238c7dcd30057fc189e7adf2
SHA256: b1be9e8fb796369027fbb124d436b8175a8e97fb20f18a84080fe125128143ef
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\debugVS9.0.cs
text
MD5: 56a0b2deedb9dabffaf923289fb2de08
SHA256: 7e1f56236da77ba2ed9a470abb0548a37a69c44f2759ac6ee7e5b0a00bce4798
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\debug#D_1.1.cs
text
MD5: d37651d2d4dbc95ae09bff5bdf62c304
SHA256: fcc4c15340f27e5769f5ddf0cdcf6fa9383ff0dccab8a16e4b456869e6e7d9dd
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\debug2005Precompiler.cs
text
MD5: 3bcb3e45889d2c351fb7117ec2d5f4ce
SHA256: a12bc44ca0cb91f1fe3b180a97296cd05c586d88c9a5b06d5b0df968a207c9e6
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\CSScriptLibrary.xml
xml
MD5: 7b87e652dd9067d28cee038a0d193fa9
SHA256: 4d19f443c8a73497c0a8d321a8534ab275aff0534d09c32dc10628670f2638df
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\debug#D.cs
text
MD5: 2014278991c1f3f87aab7d84f5c41989
SHA256: d34da4a80227f6d93bd515c89b1588a4f8afc3a629e8433d8d1cabee2e93dd18
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\cutfile.cs
text
MD5: 504027f25a77663366117c60afb7717e
SHA256: 0d6a1806f8dcc01dbf2595af86c18d7ad6961b0825598fc9f3370e16d92eb8ba
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WinForm.cs
text
MD5: 52916b59341c2d2d08e8185786334bea
SHA256: d7eb9c1ac7ae9fcb79a37bc796796f1a5026e671e16efa00025d4bc61e6eaf21
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\sysFindConfig.cs
text
MD5: 8876eb5bdc964243371d87db592838e9
SHA256: 5da46050b3403887c6e6b9320d0cc4ddc0710c91af45ae0d9e541e1ad4890375
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\CSScript-Toolbar.vssettings
text
MD5: 9588196cdaf938441be87cbfebc079be
SHA256: 1f305ac95ba019ec8d709513324f6cc5618a5df65d4abe30b3d9cbb3e0f4a41e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\ScriptEE.cs
text
MD5: 53c146f914fe6ade5bdc13bb5cd3d632
SHA256: 2d324e6d3b99dc83a19944558802ef1c3ac437a9977d7c88c26222efdb34dd34
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\credentials.cs
text
MD5: c80357f43339251f95530682914630d6
SHA256: 834073e8f4f507e9352654eeb07e972fc0b72b83918f58ddd56eac50b689cb2c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\css2ws.cs
text
MD5: 42102c6d97f105c754fbbceb4eac4404
SHA256: 4cc95e6daff35ddb145168fd2a70e64719e2fb880c5e5987a02cafb64d407611
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\tick.cs
text
MD5: ada22d3175ed5be9a0a1436712feaaea
SHA256: d7b06e84fe5499d23a0f993e73b5be849db0a88b58f6a2b1c832c9f0829bdce1
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\config.net2.cs
text
MD5: b541af832b925b41fa5d166535da7413
SHA256: 1e1b3d73e50b919a77d372035baa2ce0d4c437741175d4943daf8badc047c459
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\config.cs
text
MD5: 610dae5431622616cb44d22b81f3576f
SHA256: 2cc5d920e7f966dd96595d1de3d9a8306832b1784fe8f005950eb16112fdf53a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\configFile.cs
text
MD5: 160ce282f044280b9550423d1ba5f536
SHA256: 86f42f1e1d32014983bab40cc3363fdb49507fbd3eed1d1c0bd45037d31b5a2e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\code.cs
text
MD5: 628315aa681d0caacfbb81fe33bec58e
SHA256: 21f8b8128a1af06fdbe42bd589d9a49455dc41aefec56c45cf18eae20c99dd4a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\cpp.template
xml
MD5: d6f90c1d9d545c95664aafe722898b7d
SHA256: 911e81f9f6d4a9a4a15fe0c60ceb6bf075deb30237f44475353259ed940edfaa
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\com.cs
text
MD5: 6783868ce48a00c4e9be98287f066882
SHA256: 9fb16eed38d59076aaf3ee41ff9509b48f7c74fa12a3dc2b93e390ed9b63f150
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\config.net1.cs
text
MD5: 073581a3114e5d484f40e7ad4aa0ac78
SHA256: 7b8dd033321c01f0a03782e8fc4c9306785c67a50d11a6fbe089ef31c5c1c896
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\createShortcut.cs
text
MD5: 94005cde5c3f5a6db9a7c4e4fbfdc293
SHA256: e59053adc5419e55261a71bb981649ee537366b00f752195a2ad8007eac3ea99
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\import.snippet
xml
MD5: a8a1f257ec4ec71902398a9f23b8b3ca
SHA256: b368a9173481c476e2dea90de3e917664b5d909dc89e63f798718166b8d2d53f
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\AsmHelper1.snippet
xml
MD5: f3a94486d9f149b642e75af33049a55d
SHA256: 8d424957787af984435c6b33cabbb474bae87bdafae60fc16af8b7f3f1b46800
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\args.snippet
xml
MD5: 5616fd6c60370580f80a1c4ac177f851
SHA256: 4e411e375687f42863b2040ef185a49341f26afdcd13da580f8abdb208798e81
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\#if_CSS_PROJECT.snippet
xml
MD5: f2e489408df5b1c844bce53acf926768
SHA256: 5f6c34d4236c34466a42511810407ff75eccd042a789b18570cbd75a34a07e49
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\AsmHelper2 .snippet
xml
MD5: 1a1ea4ec41d0064bbc513675f857feaa
SHA256: 895e47c2ab0c4cf9a0e3b13218b4aaaebd599826c7bb68fb89463af7a8817a72
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\reference.snippet
xml
MD5: 3bb1bc9992e23f93adbf47a5a1e2bcc3
SHA256: bedb3607a143eec11fdb62fc5cc32aa66dacb5613219f62f4d10d144147f48e8
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\using_CSS.snippet
xml
MD5: 4f751ac184ec274e5bc8407e5e10ffe6
SHA256: 15c6d8a4bce77aa11fda6b7399b029b93ecd0c009d2fec7cf6a354e08ee7f079
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\include.snippet
xml
MD5: 5bdc10cc664273de7771a8db185b8353
SHA256: ca57caa4fddc1770bd39085a0fa575a20f10e05eb41ed6069b0b55e8174b79f9
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\debug.snippet
xml
MD5: 3d8a35649990270e17326e354ba15d8b
SHA256: d16339d9253ad5a87e84290daabb122107d678b5178987dbbbeffc04e127b49c
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\Code snippets\Visual C# (CS-Script)\is_cssruntime.snippet
xml
MD5: 0d1cd2f9268179407c25773f5003aac6
SHA256: 0016f44b72fd33dd72f01bfe2423e0f4fd109c9f05f53e8598f9a3c94c2bcb67
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\bug.cs
text
MD5: bd71d80e3372def05d58ce05f4777b87
SHA256: 082d82e11355717aec9991801fd75ac042e27c848471f45859b429ae72dd6524
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\clearcache.cs
text
MD5: 2acc9f1e7a3e3a81bf409cfd0d694786
SHA256: 450a4d8ee149e532becf0c6a38dcb88dcc5bd46d932bf30adbdd2c9d4d4e5695
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\cache.cs
text
MD5: ce62a4e745f7e2d7f797cd879f0d8e58
SHA256: 4fe874cddc29b035d61d7a8cb8f08a428f7063547129139d2d7b008aa82be46d
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ccscompiler.cs
text
MD5: b9cf21afe02bc8d69e919a6f9abbf4d8
SHA256: 812ab21ecd6c95e7b3e45c840f4e6bf37d8cf328c977a28ac4d7e0652287eaa5
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\ccs2cs.cs
text
MD5: 91dc584cb54317160883a6246a889b6a
SHA256: 392d2323062782df4c73ef36ed1b5f9067d7992cdcec87b528c1f4528d90120a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\clearTemp.cs
text
MD5: 8efe6f841d5d920354e3cf75e8dee98d
SHA256: a6d0ef114906969b4fce06a86b1a4494882025ffaafbf063899ff15a62dd012e
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\cfbuild.cs
text
MD5: 48ecf4104f4abf4acf2ab5d107e76d72
SHA256: 1a18683050f36098e7b3562d5d91172a4175ec400c66691b1acc6837ed388c87
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\asAdmin.cs
text
MD5: d78b986fc1b55e477328b636f708b9c1
SHA256: 97548ce3901867f619534d4cba303818cd8bcb0cb738a84a9df77918fe124363
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Lib\cmdShell.cs
text
MD5: 2d9962703d336ea3f718af9511c288f8
SHA256: 6086d16f40a25617f1f878b095236ae8fd9d23dca3bc828d34485bfd8d8849aa
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\synTime.cs
text
MD5: e277d716c2e7dd9694fef5e3c8416892
SHA256: e9a634ecc107a161180e9e9d543a88cb4f3ca4690966292f2c281a196cacacc3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\SetReadOnly.ccs
text
MD5: 77e391c6b49fe2a7b45b92104215f6e3
SHA256: 6405fde1808b47c220c3d444e606c14f60c6a954a915f3b2cc22aeb8f0a602f3
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Remoting\server.cs
text
MD5: cd521e9f5e69b9ea273a97b7abaa4523
SHA256: b14171ac6ef5568e6e3da15f9ec2a7b4648b1342771c64d4d75ce050659dfdf0
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Remoting\clientConsole.cs
text
MD5: 1b781f178e548bf6adf85f9b3ca02b92
SHA256: 30de9f023ed53a823dc131b552dbfa50301d4caee70de727911773e406e9f64a
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\readme.txt
text
MD5: 46f772408fc97fcbbae4ff5f83040c93
SHA256: aa4576706dbb01737f500d0826b48f87118512ef87085e48c6fc61ec45cd2fb8
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\Remoting\clientForm.cs
text
MD5: 5b462ef29a2e7c2bd9236126dce28018
SHA256: 950bad8da4031ef8fa3fee6f8a783d21b0ba56ba710423f261870ad970b7b492
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C2E1C0B9-A936-11E9-95C0-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF363219F1B756E699.TMP
––
MD5:  ––
SHA256:  ––
3452
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 50e13e61656b1ea63fdb1f1fb7273402
SHA256: 1f574a8db384e61e22269c87ca92a4246cdd88e4d40f7ddf5f5e9e8b0ed7d79d
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071820190719\index.dat
dat
MD5: 3d29c5f4771c193cc722d134fb859fef
SHA256: 30f55e1718c8b9273aee52b7896e32072e3c349f5d62014f731647827fc53d09
3452
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019071820190719\index.dat
dat
MD5: 55e4405691b7cbb043ca2e349643d673
SHA256: 8fdb0a6a75831519ad2d3ad2ceca5f1fa4acfc093b472665e200ac047b4d9b7f
3452
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 7e7145e388c6c94c81efef74fc28c028
SHA256: 1d406949b7be0b4e23de8765f8f3c0692904cbdca36112d42fac549d8197eeda
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\cs-script[1].zip:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3452
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW8CI0Y\cs-script[1].zip
compressed
MD5: 87b20420f394c093e04b2788bb16ddaf
SHA256: 59bb7eb8ac8197c63522ed11865ce8f474d6aeecefec5c4a50bf85604f9f541e
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C2E1C0BA-A936-11E9-95C0-5254004A04AF}.dat
binary
MD5: 76b24dc328d727e75481b89ae4fb5c31
SHA256: 2d5d0330e6dae6ca547dbd404778982780f1421438fc60cdb6c7832edfd2a63c
3760
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2333FB7900400E52.TMP
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3760
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1072
WinRAR.exe
C:\Users\admin\Desktop\cs-script\Samples\WPF\hello.xaml.cs
text
MD5: f631a5a27fdcf558458439ad360968b1
SHA256: 5af376d5994f1e2840cc2596460d0d7b7cc62f8256a3dbac27c286ad8d73d27f

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3452 iexplore.exe GET 200 69.30.23.135:80 http://www.gvgdevelopers.com/K2DevGuide/zip/cs-script.zip US
compressed
unknown
3760 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3452 iexplore.exe 69.30.23.135:80 EasyStreet Online Services, Inc. US unknown
3760 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
www.gvgdevelopers.com 69.30.23.135
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.