Sample File: MD5 hash: e5c72950358cb38b8a36223ee60b4635 SHA1 hash: ca26736f25e38fdd30f35797124ac09b4a55a119 SHA256 hash: f39618fbdbb3788fa9444c84522a069b867e3237567ddd722f5e9a42838a4371 SSDEEP hash: 1536:6dEgS4vhBHVUCKYJhMRCunLjKbx1+II3OwZ1nxscjOhL:7gS4vhSYBeLOb59QXj Filename(s): 201810302482 (1).xls Filetype: Excel Document Mutex IOCs: - None - Registry Key IOCs: HKEY_CLASSES_ROOT\Licenses HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 HKEY_CLASSES_ROOT\TypeLib HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9 HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0 HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0\win64 HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\409 HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\9 HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackGroundCompile HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnAllErrors HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnServerErrors HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CompileOnDemand HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\NotifyUserBeforeStateLoss HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\RequireDeclaration HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\VbaCapability HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine\ApplicationBase HKEY_PERFORMANCE_DATA Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\Users\aETAdzjz\Desktop C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll MD5 hashes: SHA1 hashes: SHA256 hashes: SSDEEP hashes: