Sample File: MD5 hash: ed9a57e4d82488ffec4b0b09b0eef15c SHA1 hash: b0a6cd399b1b7dcc8c23ca8f35ef898fdc1b213c SHA256 hash: 86d4a2f22a0e0ecbef99769371c459c368e917d0e5efedbaa47d258ec331d320 SSDEEP hash: 12288:x3o0LKBTElEdd/fqFAoxABKI68mb1PPa/3msZ/tCP0Qw:x3ufqFJkm5na/WsZ/tc0Qw Filename(s): CreateCheckboxImageListTest.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\AmsiEnable Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\WINDOWS\SYSTEM32\ntdll.dll WMIC.exe C:\WINDOWS\System32\USER32.dll C:\WINDOWS\SysWOW64\net1.exe C:\WINDOWS\system32\wbem\\texttable.xsl C:\Users\FD1HVy\Desktop\CreateCheckboxImageListTest.exe C:\WINDOWS\System32\KERNEL32.DLL C:\Users\FD1HVy\Desktop C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32sppsvc.exe C:\Users\FD1HVy\Desktop\hAzbWFO.exe MD5 hashes: ed9a57e4d82488ffec4b0b09b0eef15c SHA1 hashes: b0a6cd399b1b7dcc8c23ca8f35ef898fdc1b213c SHA256 hashes: 86d4a2f22a0e0ecbef99769371c459c368e917d0e5efedbaa47d258ec331d320 SSDEEP hashes: 12288:x3o0LKBTElEdd/fqFAoxABKI68mb1PPa/3msZ/tCP0Qw:x3ufqFJkm5na/WsZ/tc0Qw