Sample File: MD5 hash: 9330544a69b499f9b2ea79fd5a57bccc SHA1 hash: 17cf9b71e0f8cf3068977c670499ed816e1b65ab SHA256 hash: 8805ce23c95a5049ca6d9678f419848b3ace3f1a0cdd36d3867d7d827ab5f4e8 SSDEEP hash: 24576:BoTrdf82VV8/JmlmKG5l+pdoEQXbpztsqxLU5yxl0L72M+mrGCeB9ijwEtqTM821:BoeT5lhEqxEIW7c67Mo8A8N4Gj Filename(s): l7APAbdp1QTgRjcl.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN\ServiceStackVersion HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine\ApplicationBase HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH HKEY_CURRENT_USER\Environment HKEY_CURRENT_USER\Environment\PSMODULEPATH HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\__PSLockdownPolicy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{816ebd75-f7ab-59c0-e2f0-bddfeed66ac2} HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\Install HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell HKEY_CURRENT_USER\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe\Debugger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkTransition C:\Users\FD1HVy\Documents\WindowsPowerShell\Modules C:\WINDOWS\System32\Wbem\powershell.exe.cmd C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PnpDevice C:\Users\FD1HVy C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCache.psd1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1 C:\WINDOWS\powershell.exe.wsf C:\WINDOWS\system32\net.exe C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll C:\WINDOWS\system32\vssadmin.exe C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.ni.dll C:\WINDOWS\System32\Wbem\powershell.exe.com C:\Program Files\WindowsPowerShell\Modules\Modules.ni.dll C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\en-US\PSReadline.psd1 C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.xaml C:\ProgramData\Oracle\Java\javapath\powershell.exe.cmd C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.ni.dll C:\WINDOWS\powershell.exe.js C:\WINDOWS\system32\powershell.exe.com C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Kds C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\PSGetModuleInfo.xml C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psd1 C:\WINDOWS\System32\WindowsPowerShell\v1.0\ C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\PSReadline.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement powershell.exe.jse C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.xaml C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psm1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetNat C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psm1 C:\ProgramData\Oracle\Java\javapath\powershell.exe.wsh C:\WINDOWS\system32\powershell.exe.wsf C:\Program Files (x86)\WindowsPowerShell\Modules C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetSecurity C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PrintManagement C:\WINDOWS\System32\Wbem\powershell.exe.vbe C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1 C:\WINDOWS\system32\powershell.exe.msc C:\WINDOWS\System32\Wbem\powershell.exe.wsh C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.cdxml C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\Microsoft.PowerShell.PSReadLine.dll C:\WINDOWS\system32\powershell.exe.bat C:\WINDOWS\powershell.exe.msc C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DnsClient C:\ProgramData\Oracle\Java\javapath\powershell.exe.bat C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en\Microsoft.PowerShell.Utility.psd1 C:\Program Files\WindowsPowerShell\Modules\PSReadline C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.cdxml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psd1 C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.xaml powershell.exe.js C:\Program Files\WindowsPowerShell\Modules\Modules.cdxml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics powershell.exe.exe C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets\CimCmdlets.psd1 C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psm1 C:\WINDOWS C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.psm1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.cdxml C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management C:\WINDOWS\system32 C:\Users\FD1HVy\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.ni.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MsDtc C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.ni.dll C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 C:\Program Files\WindowsPowerShell\Modules\PowerShellGet C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 C:\WINDOWS\system32\powershell.exe.jse powershell.exe.vbe C:\ProgramData\Oracle\Java\javapath\powershell.exe.js C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.xaml C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\PSReadLine.psm1 C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.cdxml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ISE C:\Program Files\WindowsPowerShell\Modules C:\ProgramData\Oracle\Java\javapath\powershell.exe.exe C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll C:\ProgramData\Oracle\Java\javapath\powershell.exe C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\VpnClient\VpnClient.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetQos CONOUT$ C:\WINDOWS\powershell.exe.cmd C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PnpDevice\PnpDevice.psd1 C:\Program Files\WindowsPowerShell\Modules\Pester C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MSMQ C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Appx C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.xaml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetLbfo C:\WINDOWS\System32\Wbem\powershell.exe C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.psm1 C:\Program Files (x86)\WindowsPowerShell\Modules\Pester C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 C:\WINDOWS\powershell.exe C:\WINDOWS\powershell.exe.exe C:\Program Files\WindowsPowerShell\Modules\PackageManagement C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture C:\WINDOWS\powershell.exe.vbe C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules powershell.exe C:\ProgramData\Oracle\Java\javapath\powershell.exe.com C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation C:\Users\FD1HVy\Desktop\l7APAbdp1QTgRjcl.exe C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.cdxml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\EventTracingManagement powershell.exe.msc C:\ProgramData\Oracle\Java\javapath\powershell.exe.wsf C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psd1 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll\Microsoft.PowerShell.Commands.Utility.dll C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\en\PSReadline.psd1 C:\WINDOWS\system32\reg.exe C:\WINDOWS\System32\Wbem\powershell.exe.jse C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.xaml C:\WINDOWS\system32\powershell.exe.js C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.psd1 C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psm1 C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psm1 C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1 C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.ni.dll C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.cdxml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetQos\NetQos.psd1 C:\WINDOWS\powershell.exe.jse C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.psm1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.ni.dll C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe.vbs C:\ProgramData\Oracle\Java\javapath\powershell.exe.vbe C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.dll C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config C:\WINDOWS\system32\powershell.exe C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.xaml C:\WINDOWS\powershell.exe.com C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PKI C:\WINDOWS\System32\Wbem\WMIC.exe C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1 C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.ni.dll C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1 powershell.exe.bat C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.xaml C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.ni.dll C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Storage\Storage.psd1 C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetConnection C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSScheduledJob.psd1 C:\WINDOWS\powershell.exe.bat C:\WINDOWS\System32\Wbem C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psd1 C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.cdxml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1 C:\WINDOWS\system32\powershell.exe.wsh C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BranchCache C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Dism C:\Program Files\WindowsPowerShell\Modules\Modules.psm1 C:\WINDOWS\System32\Wbem\powershell.exe.js C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\PSGetModuleInfo.xml powershell.exe.wsf C:\WINDOWS\System32\Wbem\powershell.exe.wsf C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\NetTCPIP.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MsDtc\MsDtc.psd1 C:\WINDOWS\System32\Wbem\powershell.exe.msc C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetAdapter C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.ni.dll C:\WINDOWS\System32\Wbem\powershell.exe.exe C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppvClient C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus C:\ProgramData\Oracle\Java\javapath C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.cdxml C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1 C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.psm1 C:\WINDOWS\System32\Wbem\powershell.exe.bat C:\WINDOWS\system32\powershell.exe.vbs C:\Users\FD1HVy\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.psd1 C:\Users\FD1HVy\Documents\WindowsPowerShell\profile.ps1 powershell.exe.cmd C:\Users\FD1HVy\Desktop C:\Users\FD1HVy\AppData\Local\Temp\ C:\Users C:\WINDOWS\powershell.exe.wsh C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.xaml C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.ni.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetAdapter\NetAdapter.psd1 C:\Program Files\WindowsPowerShell\Modules\Modules.psd1 C:\ProgramData\Oracle\Java\javapath\powershell.exe.jse C:\Program Files\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml powershell.exe.com C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_nwyzpfcp.v3b.ps1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer C:\WINDOWS\system32\powershell.exe.exe C:\WINDOWS\System32\Wbem\powershell.exe.vbs C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.cdxml C:\WINDOWS\powershell.exe.vbs C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDiagnostics C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\International C:\ProgramData\Oracle\Java\javapath\powershell.exe.vbs C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.dll C:\ProgramData\Oracle\Java\javapath\powershell.exe.msc C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1 C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\iSCSI C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets C:\ C:\WINDOWS\system32\wldp.dll C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psd1 C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.ni.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Modules.dll C:\Program Files\WindowsPowerShell\Modules\PSReadline\PSReadline.psd1 C:\Program Files\WindowsPowerShell\Modules\Modules.dll C:\WINDOWS\system32\powershell.exe.cmd C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AppLocker C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1 C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1 C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\Microsoft.PowerShell.Operation.Validation.dll C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1 powershell.exe.wsh C:\WINDOWS\system32\powershell.exe.vbe C:\Users\FD1HVy\AppData\Local\Microsoft\Windows\PowerShell C:\Program Files\WindowsPowerShell\Modules\Pester\Pester.dll C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1 C:\Program Files\WindowsPowerShell\Modules\Modules.xaml C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\en-US\Microsoft.PowerShell.Utility.psd1 MD5 hashes: c4ca4238a0b923820dcc509a6f75849b 9330544a69b499f9b2ea79fd5a57bccc SHA1 hashes: 17cf9b71e0f8cf3068977c670499ed816e1b65ab 356a192b7913b04c54574d18c28d46e6395428ab SHA256 hashes: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b 8805ce23c95a5049ca6d9678f419848b3ace3f1a0cdd36d3867d7d827ab5f4e8 SSDEEP hashes: 3:U:U 24576:BoTrdf82VV8/JmlmKG5l+pdoEQXbpztsqxLU5yxl0L72M+mrGCeB9ijwEtqTM821:BoeT5lhEqxEIW7c67Mo8A8N4Gj