Sample File:

	MD5 hash:
		3e2f03caf12e820104a816bc347ffcc8

	SHA1 hash:
		bd823a6a4f9ca01eab64ddc95edec443cf096f64

	SHA256 hash:
		70a733c2d090e38aeeae220035fb6e388d05076435439062a2f184336ecac7bd

	SSDEEP hash:
		49152:sb+28ZIdH+8pmjHMAy4f525kPp/ZtNf8soLQApbz8pJfS/:wD+RMAPR25kBBtNfd/Apbwg

	Filename(s):
		setup.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		WindowsDefenderMonitorMutex


Registry Key IOCs:

		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender Monitor
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory


Domain IOCs:

		- None -


IP IOCs:

		192.168.0.1
		192.168.0.0
		192.168.0.3
		192.168.0.2
		192.168.0.4
		192.168.0.5
		192.168.0.6
		192.168.0.7
		192.168.0.8
		192.168.0.9
		192.168.0.10
		192.168.0.11
		192.168.0.12
		192.168.0.13
		192.168.0.14
		192.168.0.15
		192.168.0.16
		192.168.0.17
		192.168.0.18
		192.168.0.19
		192.168.0.20
		192.168.0.21
		192.168.0.22
		192.168.0.23
		192.168.0.24
		192.168.0.25
		192.168.0.26
		192.168.0.27
		192.168.0.28
		192.168.0.29
		192.168.0.30
		192.168.0.31
		192.168.0.32
		192.168.0.33
		192.168.0.34
		192.168.0.35
		192.168.0.36
		192.168.0.37
		192.168.0.38
		192.168.0.39
		192.168.0.40
		192.168.0.41
		192.168.0.42
		192.168.0.43
		192.168.0.44
		192.168.0.45
		192.168.0.46
		192.168.0.47
		192.168.0.48
		192.168.0.49
		192.168.0.50
		192.168.0.51
		192.168.0.52
		192.168.0.53
		192.168.0.54
		192.168.0.55
		192.168.0.56
		192.168.0.57
		192.168.0.58
		192.168.0.59
		192.168.0.60
		192.168.0.61
		192.168.0.62
		192.168.0.63
		192.168.0.64
		192.168.0.65
		192.168.0.66
		192.168.0.67
		192.168.0.68
		192.168.0.69
		192.168.0.70
		192.168.0.71
		192.168.0.72
		192.168.0.73
		192.168.0.74
		192.168.0.75
		192.168.0.76
		192.168.0.77
		192.168.0.78
		192.168.0.79
		192.168.0.80
		192.168.0.81
		192.168.0.82
		192.168.0.83
		192.168.0.84
		192.168.0.85
		192.168.0.86
		192.168.0.87
		192.168.0.88
		192.168.0.89
		192.168.0.90
		192.168.0.91
		192.168.0.92
		192.168.0.93
		192.168.0.94
		192.168.0.95
		192.168.0.96
		192.168.0.97
		192.168.0.98
		192.168.0.99
		192.168.0.100
		192.168.0.101
		192.168.0.102
		192.168.0.103
		192.168.0.104
		192.168.0.105
		192.168.0.106
		192.168.0.107
		192.168.0.108
		192.168.0.109
		192.168.0.110
		192.168.0.111
		192.168.0.112
		192.168.0.113
		192.168.0.114
		192.168.0.115
		192.168.0.116
		192.168.0.117
		192.168.0.118
		192.168.0.119
		192.168.0.120
		192.168.0.121
		192.168.0.122
		192.168.0.123
		192.168.0.124
		192.168.0.125
		192.168.0.126
		192.168.0.127
		192.168.0.128
		192.168.0.129
		192.168.0.130
		192.168.0.131
		192.168.0.132
		192.168.0.133
		192.168.0.134
		192.168.0.135
		192.168.0.136
		192.168.0.137
		192.168.0.138
		192.168.0.139
		192.168.0.140
		192.168.0.141
		192.168.0.142
		192.168.0.143
		192.168.0.144
		192.168.0.145
		192.168.0.146
		192.168.0.147
		192.168.0.148
		192.168.0.149
		192.168.0.150
		192.168.0.151
		192.168.0.152
		192.168.0.153
		192.168.0.154
		192.168.0.156
		192.168.0.157
		192.168.0.158
		192.168.0.159
		192.168.0.160
		192.168.0.161
		192.168.0.162
		192.168.0.163
		192.168.0.164
		192.168.0.165
		192.168.0.166
		192.168.0.167
		192.168.0.168
		192.168.0.169
		192.168.0.170
		192.168.0.171
		192.168.0.172
		192.168.0.173
		192.168.0.174
		192.168.0.175
		192.168.0.176
		192.168.0.177
		192.168.0.178
		192.168.0.179
		192.168.0.180
		192.168.0.181
		192.168.0.182
		192.168.0.183
		192.168.0.184
		192.168.0.185
		192.168.0.186
		192.168.0.187
		192.168.0.188
		192.168.0.189
		192.168.0.190
		192.168.0.191
		192.168.0.192
		192.168.0.193
		192.168.0.194
		192.168.0.195
		192.168.0.196
		192.168.0.197
		192.168.0.198
		192.168.0.199
		192.168.0.200
		192.168.0.201
		192.168.0.202
		192.168.0.203
		192.168.0.204
		192.168.0.205
		192.168.0.206
		192.168.0.207
		192.168.0.208
		192.168.0.209
		192.168.0.210
		192.168.0.211
		192.168.0.212
		192.168.0.213
		192.168.0.214
		192.168.0.215
		192.168.0.216
		192.168.0.217
		192.168.0.218
		192.168.0.219
		192.168.0.220
		192.168.0.221
		192.168.0.222
		192.168.0.223
		192.168.0.224
		192.168.0.225
		192.168.0.226
		192.168.0.227
		192.168.0.228
		192.168.0.229
		192.168.0.230
		192.168.0.231
		192.168.0.232
		192.168.0.233
		192.168.0.234
		192.168.0.235
		192.168.0.236
		192.168.0.237
		192.168.0.238
		192.168.0.239
		192.168.0.240
		192.168.0.241
		192.168.0.242
		192.168.0.243
		192.168.0.244
		192.168.0.245
		192.168.0.246
		192.168.0.247
		192.168.0.248
		192.168.0.249
		192.168.0.250
		192.168.0.251
		192.168.0.252
		192.168.0.253
		192.168.0.254
		192.168.0.255
		89.144.25.156


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\
		C:\Users
		C:\Users\5P5NRG~1
		C:\Users\5P5NRG~1\AppData
		C:\Users\5P5NRG~1\AppData\Local
		C:\Users\5P5NRG~1\AppData\Local\Temp\
		C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp
		C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\
		C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll
		C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini
		C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp
		C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp
		C:\Users\5P5NRG~1\AppData\Local\Temp\nsx8EA7.tmp
		C:\Users\5p5NrGJn0jS HALPmcxz
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libcrypto-1_1.dll
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libssl-1_1.dll
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\msvcr120.dll
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\uninst.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe

	MD5 hashes:

		034ccadc1c073e4216e9466b720f9849
		235beca4c331599e057f74a311fd0ecf
		2782ef9f5becfdd0c2cc3ed1860b8550
		3e2f03caf12e820104a816bc347ffcc8
		5d195f1ac9869c208f6c02a5bde6f9c1
		747e11e777340109feb7b353dbcd6b3d
		a7d446bfd57cbf4c55194a1972c8a49b
		b7b4e087300ffae020d305650f5a3a48
		c8abc19933a55dd118046b6b9fecaacd
		cbe40fd2b1ec96daedc65da172d90022
		d41d8cd98f00b204e9800998ecf8427e
		e9c9e8b1efd08b1a4b2812a3b1db1711

	SHA1 hashes:

		1465e36607f4809a0bc6e6b3302df730f0b6bd3d
		19faa5f3c02cccddd83d49b9261d596c1701e683
		366c216220aa4329dff6c485fd0e9b0f4f0a7944
		8dc6f785b7033aaec1f5d11aa03711b67a7e88bb
		a8ec993a12708572ca8ca3d1fcbdc25230bdaf10
		b2c575a9d605d37d00916cd08dcebb1f7da0ac78
		bd823a6a4f9ca01eab64ddc95edec443cf096f64
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		e24b059ac4634ba7a728ca60b623be27d36c6de7
		e7c8ec003993866cd780d6a43a98bbddbc656faf
		f0889a4321094cf6af2f4f3d7c615811ece2ca7b
		f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

	SHA256 hashes:

		0a1cab7c14fd5c203d180452d2596f07a4cf8eede5dd0152a4f0648fdd014736
		2ddfdf325449d31dce777c4ad8831c5893b1ccaaf79236dbd00b6b844873f8da
		3467fc2e914584aac8c79a1d610c48e8529572b0e88ef94f084c4d9e2f6e0559
		3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
		70a733c2d090e38aeeae220035fb6e388d05076435439062a2f184336ecac7bd
		78012f560bb917218435f4b3ef2e3491bab15647e11ccb90bc117731181134c4
		7dac6880bd7b94a63a2784bdd8dc8d7ea5c0d9cad0431d576468aa329f820d14
		860241aab98a7ea0ddb31d3a4f96aa4d209f8fafc69bf3223de13309f8194565
		86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
		bf821b9bc3aa246332615307d6ab8344bb5269d65995b1438999dd4c547aabe3
		dbb10daea806495506658ee45076b995f638281f3041dc5aef413779d28e5f5d
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

	SSDEEP hashes:

		12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
		12:TyxqDBvTN+jI2ZVgml9b7bhSFUcwA7SFUcwAyoYVA/4K/wg:ecVcc2Z+c9b7tSEESEi4UTb
		12:lOu8dfAgQRvAozcZlikh+g4gNhCz50cd4gNDhdIoiX4NckNzD6lrVf6QoJiXo:6kRvAozcZlvh+g1O+cd1Z3iXZkNHQVCL
		192:C4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjYK72dwF7dBOne:jn3T5KdHCMRD/R1cOnrjY+BO
		24576:iD3NaUUZJzWamFTvNI7NqhP3HMuZiwq3lrj:wYOTvNIxOEuJq3Vj
		24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
		3::
		49152:7smXGbuvQ/qpyr0kwCACq0vUuPxmxvGAnvGd1CPwDv3uFts5e8S0:7sm2buvQ/qpyr0kw5Cq4xFAnI1CPwDvv
		49152:sb+28ZIdH+8pmjHMAy4f525kPp/ZtNf8soLQApbz8pJfS/:wD+RMAPR25kBBtNfd/Apbwg
		6144:XI2Kfw3fm786OZn2xDvTNPql//9HYc/ZC8GLOQ1KaYN2eZlcJ3hBTX/ilnR+Ixgo:Xlv3fmw6OZ2xDvTNPql//9HYc/ZC8Gi7
		768:VnwXBvDMgy+tEfD4qhAJH9c8F0D39uMvmYdlcLYPqB:dwXxggDt6A19c8F0DSYTcLYP2
		98304:06Op2lsm2buvQ/qpyr0kw5Cq4xFAnI1CPwDv3uFtsFgRgyBDfsCNuI2:PAk4vAI1CPwDv3uFtsSRgyBDf14I2