Sample File: MD5 hash: b6832ec73ff529bad81ef91d50e37568 SHA1 hash: dce50975c42b9df4d5ab1ab21949a39c7af658fe SHA256 hash: a475511a2bbbd6b7a310fb3062aa5b42b76a73983f1da68febeda600ee6d20c8 SSDEEP hash: 49152:/QofUk3cAZSXErvQXN2jXtBMtOVjI2MkN8m75:dfF1g0UXNk/MtOFN Filename(s): [BEST SOFTWARE] EARN $1350 PER DAY.exe Filetype: Windows Exe (x86-64) Mutex IOCs: - None - Registry Key IOCs: HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine\ApplicationBase HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH HKEY_CURRENT_USER\Environment HKEY_CURRENT_USER\Environment\PSMODULEPATH HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB HKEY_PERFORMANCE_DATA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe\Debugger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\Windows\System32\WindowsPowerShell\v1.0 powershell.exe.com C:\Windows\system32\powershell.exe.msc C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml powershell.exe.cmd C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml C:\Windows\powershell.exe.jse C:\Windows\powershell.exe C:\Windows\powershell.exe.vbs C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 C:\Windows\system32\powershell.exe.vbs C:\Windows\System32\Wbem\powershell.exe C:\Windows\System32\Wbem\powershell.exe.wsh C:\Windows\System32\Wbem\powershell.exe.bat powershell.exe.vbe C:\Windows\system32\powershell.exe C:\Windows\System32\Wbem\powershell.exe.wsf C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 C:\Windows\system32\vssadmin.exe C:\Windows\system32\powershell.exe.jse C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml C:\ C:\Windows\system32\powershell.exe.exe powershell.exe.bat C:\Windows\System32\Wbem\powershell.exe.com C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll C:\Windows\system32\powershell.exe.cmd powershell.exe powershell.exe.wsh powershell.exe.vbs C:\Windows\powershell.exe.wsf C:\Windows\system32\powershell.exe.vbe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WindowsPowerShell\profile.ps1 C:\Windows\powershell.exe.wsh C:\Windows\powershell.exe.com C:\Windows\powershell.exe.vbe C:\Windows\System32\Wbem\powershell.exe.msc C:\Windows\system32\powershell.exe.wsh C:\Users\5p5NrGJn0jS HALPmcxz C:\Windows\system32\net.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\[BEST SOFTWARE] EARN $1350 PER DAY.exe powershell.exe.msc C:\Windows\system32\powershell.exe.com C:\Windows\System32\Wbem\powershell.exe.cmd C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml powershell.exe.wsf C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml C:\Windows\System32\Wbem\powershell.exe.vbe C:\Windows\System32\Wbem\powershell.exe.exe C:\Windows\powershell.exe.js C:\Windows\System32\Wbem\powershell.exe.jse C:\Windows\powershell.exe.exe C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml C:\Windows\system32\powershell.exe.bat C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml C:\Users C:\Windows\powershell.exe.bat powershell.exe.jse C:\Windows\system32\powershell.exe.js C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\Wbem\WMIC.exe powershell.exe.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop C:\Windows\system32\powershell.exe.wsf C:\Windows\system32\reg.exe powershell.exe.js C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 C:\Windows\powershell.exe.cmd C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml C:\Windows\powershell.exe.msc C:\Windows\System32\Wbem\powershell.exe.js C:\Windows\System32\Wbem\powershell.exe.vbs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config MD5 hashes: b6832ec73ff529bad81ef91d50e37568 SHA1 hashes: dce50975c42b9df4d5ab1ab21949a39c7af658fe SHA256 hashes: a475511a2bbbd6b7a310fb3062aa5b42b76a73983f1da68febeda600ee6d20c8 SSDEEP hashes: 49152:/QofUk3cAZSXErvQXN2jXtBMtOVjI2MkN8m75:dfF1g0UXNk/MtOFN