Sample File: MD5 hash: fb2dc7eccfa938149161caf3c7c16b58 SHA1 hash: 854c7ef9e0c541dce0df6a9aea7568207046511e SHA256 hash: 9ca0776e3c226e4ebb4c8c08ea750e6dbc22e447dea68e1e8795b5d5691472c0 SSDEEP hash: 12288:naaL/TQWJagCvpaUuRlVo8LPdWZ/59+TOUIHO1hm6a5dWVP1gND:aaTQskaRRlVf0/jm1hJidWxQ Filename(s): defrag.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size Domain IOCs: - None - IP IOCs: 192.168.0.1 192.168.0.0 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5 192.168.0.6 192.168.0.7 192.168.0.8 192.168.0.9 192.168.0.10 192.168.0.11 192.168.0.12 192.168.0.13 192.168.0.14 192.168.0.15 192.168.0.16 192.168.0.17 192.168.0.19 192.168.0.18 192.168.0.20 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.24 192.168.0.25 192.168.0.26 192.168.0.27 192.168.0.28 192.168.0.29 192.168.0.30 192.168.0.31 192.168.0.32 192.168.0.33 192.168.0.34 192.168.0.35 192.168.0.36 192.168.0.37 192.168.0.38 192.168.0.39 192.168.0.40 192.168.0.41 192.168.0.42 192.168.0.43 192.168.0.44 192.168.0.45 192.168.0.46 192.168.0.47 192.168.0.48 192.168.0.49 192.168.0.50 192.168.0.51 192.168.0.52 192.168.0.53 192.168.0.54 192.168.0.55 192.168.0.56 192.168.0.57 192.168.0.58 192.168.0.59 192.168.0.60 192.168.0.61 192.168.0.62 192.168.0.63 192.168.0.64 192.168.0.65 192.168.0.66 192.168.0.67 192.168.0.68 192.168.0.69 192.168.0.70 192.168.0.71 192.168.0.72 192.168.0.73 192.168.0.75 192.168.0.74 192.168.0.76 192.168.0.77 192.168.0.78 192.168.0.79 192.168.0.80 192.168.0.81 192.168.0.82 192.168.0.83 192.168.0.84 192.168.0.85 192.168.0.86 192.168.0.87 192.168.0.88 192.168.0.89 192.168.0.90 192.168.0.91 192.168.0.92 192.168.0.93 192.168.0.94 192.168.0.96 192.168.0.97 192.168.0.98 192.168.0.99 192.168.0.100 192.168.0.101 192.168.0.102 192.168.0.103 192.168.0.104 192.168.0.105 192.168.0.106 192.168.0.107 192.168.0.108 192.168.0.109 192.168.0.110 192.168.0.111 192.168.0.112 192.168.0.113 192.168.0.114 192.168.0.115 192.168.0.116 192.168.0.117 192.168.0.118 192.168.0.119 192.168.0.120 192.168.0.121 192.168.0.122 192.168.0.123 192.168.0.124 192.168.0.125 192.168.0.126 192.168.0.127 192.168.0.128 192.168.0.129 192.168.0.130 192.168.0.131 192.168.0.132 192.168.0.133 192.168.0.134 192.168.0.135 192.168.0.136 192.168.0.137 192.168.0.138 192.168.0.139 192.168.0.140 192.168.0.141 192.168.0.142 192.168.0.143 192.168.0.144 192.168.0.145 192.168.0.146 192.168.0.147 192.168.0.148 192.168.0.149 192.168.0.150 192.168.0.151 192.168.0.152 192.168.0.153 192.168.0.154 192.168.0.155 192.168.0.156 192.168.0.157 192.168.0.158 192.168.0.159 192.168.0.160 192.168.0.161 192.168.0.162 192.168.0.163 192.168.0.164 192.168.0.165 192.168.0.166 192.168.0.167 192.168.0.168 192.168.0.169 192.168.0.170 192.168.0.171 192.168.0.172 192.168.0.173 192.168.0.174 192.168.0.175 192.168.0.176 192.168.0.177 192.168.0.178 192.168.0.179 192.168.0.180 192.168.0.181 192.168.0.182 192.168.0.183 192.168.0.184 192.168.0.185 192.168.0.186 192.168.0.187 192.168.0.188 192.168.0.189 192.168.0.190 192.168.0.191 192.168.0.192 192.168.0.193 192.168.0.194 192.168.0.195 192.168.0.196 192.168.0.197 192.168.0.198 192.168.0.199 192.168.0.200 192.168.0.201 192.168.0.202 192.168.0.203 192.168.0.204 192.168.0.205 192.168.0.206 192.168.0.207 192.168.0.208 192.168.0.209 192.168.0.210 192.168.0.211 192.168.0.212 192.168.0.213 192.168.0.214 192.168.0.215 192.168.0.216 192.168.0.217 192.168.0.218 192.168.0.219 192.168.0.220 192.168.0.221 192.168.0.222 192.168.0.223 192.168.0.224 192.168.0.225 192.168.0.226 192.168.0.227 192.168.0.228 192.168.0.229 192.168.0.230 192.168.0.231 192.168.0.232 192.168.0.233 192.168.0.234 192.168.0.235 192.168.0.236 192.168.0.237 192.168.0.238 192.168.0.239 192.168.0.240 192.168.0.245 URL IOCs: - None - File IOCs: Filenames: \\?\c:\System Volume Information\{9adc1d8f-93a7-11e7-bfd7-e8daaaf0a0ed}{3808876b-c176-4e48-b7ae-04046e6cc752} \\?\c:\Program Files\Microsoft Office\root\Office16\MSOCRRES.ORP \\?\c:\teslarvng\tempkey.teslarvngkeys.old52930028 \\?\c:\Users\FD1HVy\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat 19122 C:\Users\FD1HVy\Desktop\defrag.exe \\?\c:\588bce7c90097ed212\netfx_Core.mzz \\.\c: \\?\c:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE \\?\c:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.67 \\?\c:ProgramData\datakeys \\?\c:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE \\?\c:\ProgramData\datakeys\pos.txt \\?\c:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm \\?\c:\ProgramData\Adobe\Extension Manager CC\Logs\fails.txt \\?\c:\ProgramData\datakeys\tempkey.teslarvngkeys.old52930028 \\?\c:\System Volume Information\{b062fd0a-a2b8-11e7-bfdb-e8daaaf0a0ed}{3808876b-c176-4e48-b7ae-04046e6cc752} \\?\c:\ProgramData\Adobe \\?\c:\ProgramData\Adobe\Extension Manager CC \\?\c:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm \\?\c:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.67 \\?\c:\Program Files\Java\jre1.8.0_144\lib\rt.jar \\?\c:\teslarvng\How To Recover.txt \\?\c:\users\fd1hvy\desktop\tsconfig.txt \\?\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDC1500720033_en_US.msi \\?\c:\588bce7c90097ed212\netfx_Extended.mzz \\?\c:\ProgramData\Adobe\Extension Manager CC\Logs\ \\?\c:\ProgramData\datakeys\tempkey.teslarvngkeys \\?\c:\ProgramData\datakeys \\?\c:\teslarvng \\.\PhysicalDrive0 c:\users\fd1hvy\desktop\ConsoleOutput249.txt MD5 hashes: 01f0f661bd6934069a138d18083e751b a5ef95cf66230c283130e7e64b2c01a9 372076cec62bca98d95256f8957b37d7 877aecf026c05f9cd97d44584d93fa02 9ceaba2c918ee7b16c325613e6e28907 805755dbbb5ad8ca68d12990ed01b89c 2bf6a53fd1405043647a7e0b35b921ba 257b2b49d6bec5f82ac8f1aeb62be0f5 d41d8cd98f00b204e9800998ecf8427e fb2dc7eccfa938149161caf3c7c16b58 7493d8cbb0315336e669479de9481bf9 SHA1 hashes: 14952ca10faf37b4ebd91a8c11c12baf2ee48315 268594807a366106a7b19c4140f3979b08aa4706 3f3f7d77bbfa05c903fe8194b980049df48ec12b 4e552ad713849f7588b307a2f1bce31b31b7c568 9ced670d36a8df49d471afc13b7827c3d012e8f3 35249ea385643b0e112bd3d2186257e675c65b8f 854c7ef9e0c541dce0df6a9aea7568207046511e da39a3ee5e6b4b0d3255bfef95601890afd80709 44ca3092b2acef86dbb1f7db2d184d77344c7d81 93bace466facd3cb2b87701e3529335f12925cab 20bd5d2d0f36474e434256eb6055d606e2d19123 SHA256 hashes: 045467a8279abdf2244f3e8cbba37b7c7e1eca18aab2b830ff45c0987c7bebfc e07d8a3f18b8123ab4cdfa942302523cb57b15a88767ba1a8f96f478b7bb3988 569c53a8a09dc70cbab59fe0bf7918f481fa7e1a293147595540c49e4bb63c7c 22280921edf840de011f762395b78c5a8b69a38f376cc17565825677e4f8d961 62ab04b6cce5517c51a61236d0e42238e83c8b6b3ae69e94d7e2955d060154c8 9ca0776e3c226e4ebb4c8c08ea750e6dbc22e447dea68e1e8795b5d5691472c0 de852cee74963fa2ff5e91620d3d142f88fe7d97348f995ea00325d9400a608c 5816dcf1c0c27af109535aec78ce160af63fca0448ce95f8943ab5699f0be3fe fc110e2f33bc5c6b436db2838ead813bcafc976df01eb319aeafb6a9cb75bd96 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 51ec3e2adbc38865d96f221aef0e6481443a17c2c71f248c6f7c2a7d2c72cd52 SSDEEP hashes: 3:un:un 196608:D3nv41VRucGBUWuV90T7L8JfRlQ1Xe/DzkZ5f5ZHeR77WWA8ZDEXiq:jvuucGBbQ0T7L8JfRoX4D4X7HwWr8qXF 196608:ItbVWQ/sBUW8H6byFu1PQhsGyW5g0i/EnpD2LsVty/e:Q9/ob8H6bhqhsPsg0i8npny/e 6:uRYbigy5TlTl7juYFjRBYN8FYoc+XlpVIVyGRYbi0uplgIl76FjRBYN8FYoc+Xlz:u6+b7j1F+oc+Ryd6+0uplgU6F+oc+RyY 196608:MwSiYAvqKdB7jVpMpbDBovRGIaqMaU9s9VN4g4ElHDJ074/VWeI:MbAvLdB7jVeBovHMaj1N0U/VY 24:0OI7xRyLzw6dChyjXExJan+NnMf/muiADEgb8XgKKVtSNAUTmeICEVB6bcAls:0JdILbsU0xJai17gb8wKhg5ib4 196608:K+loJLQ8dPayvvdjTeEvGezvcUM9h0d9GooP9eM3QDA1eNXXgUzg1Qp/wn:K+iVdCyvlD+N/PU0hz3uxvNe 196608:OurNvrY43cu7v6mbiVVz3lsLSUnP8VJWcrQPK8CW4Kzzk4tObIkmv:OCNvrZn7vDiVULStVNsdn4K/kxIkmv 12:+x6Rc+32OgblUF6ZkUo/q5oh87N86JmfTasgIn2i:hV2ZblUFoFwV4uTaVIn1 12288:naaL/TQWJagCvpaUuRlVo8LPdWZ/59+TOUIHO1hm6a5dWVP1gND:aaTQskaRRlVf0/jm1hJidWxQ 3::