Sample File: MD5 hash: 51a292587a2d735306afb24d54002ba5 SHA1 hash: c22a6a4cefcd2fe4c06a4244dce0c13bcf63d269 SHA256 hash: 72cca77c38132f30a09c57d24815d52ec3d5bb48c19415f52b7a38190b92d17f SSDEEP hash: 12288:Y2fVnLF0eRwlTaOcJFCS7TPIIDZZAzR//JIcJa7KoJ7/zDaLdkH66lmv5G/++r6h:t5iav+STPlrAzR//JIcJkfzHzwURrO Filename(s): mFO4ED9hfrpsSO4O.exe Filetype: Windows Exe (x86-32) Mutex IOCs: dgykghSf 310A-4BA29U3JAIZ -6NBP70TX9468WZz S-1-5-21-1051304-1376254591059 Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0\Identifier HKEY_LOCAL_MACHINE\HARDWARE\Description\System HKEY_LOCAL_MACHINE\HARDWARE\Description\System\SystemBiosVersion HKEY_LOCAL_MACHINE\HARDWARE\Description\System\VideoBiosVersion HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\Settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\Settings\Device Description HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\WMIDisableCOMSecurity HKEY_PERFORMANCE_DATA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\ HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\00568502698af0439be8841b68034dfb HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\218578a43d628c44a10b99677e0ac26d HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\359319914d3d374fbfb59d68dc930dae HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\639e40e39678b140ba542215785646ac HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\82926373c8be9c41a6f55990abdb6a7a HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\c02ebc5353d9cd11975200aa004ae40e HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\db257a828627ae4aa57a2e41ad166870 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f7a20347e930b94fadcc6ece7cd55c43 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook_2016\ HKEY_USERS\S-1-5-21-1051304884-625712362-2192934891-1000\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\Storage2 HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\ HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird\ HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\WINDOWS\system32 \??\C:\Users\FD1HVy\AppData\Roaming\-6NBP70T\-6Nlog.ini \??\C:\Users\FD1HVy\AppData\Roaming\-6NBP70T\-6Nlogrc.ini \??\C:\Program Files (x86)\Mozilla Firefox\Firefox.exe \??\C:\Users\FD1HVy\AppData\Roaming\-6NBP70T\-6Nlogrv.ini \??\C:\Users\FD1HVy\AppData\Roaming\-6NBP70T\-6Nlogrg.ini \??\C:\Users\FD1HVy\Desktop\mFO4ED9hfrpsSO4O.exe C:\Users\FD1HVy\Desktop\mFO4ED9hfrpsSO4O.exe \??\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data C:\Users\FD1HVy\Desktop\mFO4ED9hfrpsSO4O.exe.config C:\Windows\SysWOW64\cmd.exe C:\Users\FD1HVy\AppData\Local\Temp\DB1 \??\C:\Program Files\Mozilla Firefox\Firefox.exe \??\C:\WINDOWS\SYSTEM32\ntdll.dll \??\C:\Users\FD1HVy\AppData\Roaming\Opera Software\Opera Stable\Login Data \??\C:\WINDOWS\System32\drivers\etc\hosts C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data \??\C:\Windows\SysWOW64\netsh.exe \??\C:\Users\FD1HVy\AppData\Roaming\-6NBP70T \??\C:\Users\FD1HVy\AppData\Roaming\-6NBP70T\-6Nlogri.ini MD5 hashes: 51a292587a2d735306afb24d54002ba5 5c2161fc7b16d12b45b3e53d56fad16a SHA1 hashes: 06a317f3d6519cf226db3ab029a212293d318a1b c22a6a4cefcd2fe4c06a4244dce0c13bcf63d269 SHA256 hashes: cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a 72cca77c38132f30a09c57d24815d52ec3d5bb48c19415f52b7a38190b92d17f SSDEEP hashes: 24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW 12288:Y2fVnLF0eRwlTaOcJFCS7TPIIDZZAzR//JIcJa7KoJ7/zDaLdkH66lmv5G/++r6h:t5iav+STPlrAzR//JIcJkfzHzwURrO