Sample File: MD5 hash: 2cc4534b0dd0e1c8d5b89644274a10c1 SHA1 hash: 735ee2c15c0b7172f65d39f0fd33b9186ee69653 SHA256 hash: 905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a SSDEEP hash: 3072:YbbuRdAcgqu4c61lVJLfrfYEV3g+5Up48:YbyRdlvTfLfrfYE3g+4 Filename(s): cMtPPElYjtIPF5hA.exe Filetype: Windows Exe (x86-32) Mutex IOCs: Global\MobileSqmservice Registry Key IOCs: HKEY_CLASSES_ROOT\interfacE\{b196b287-bab4-101a-b69c-00aa00341d07} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\Windows\TEMP\lck.log \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mpdev \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.garminwasted_info \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.garminwasted_info \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info C:\Windows\system32\Mpdev.exe \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.garminwasted_info \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.garminwasted \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.garminwasted_info \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info \\?\C:\BOOTSECT.BAK.garminwasted \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.garminwasted_info C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cMtPPElYjtIPF5hA.exe \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted_info \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.garminwasted \\?\C:\BOOTSECT.BAK.garminwasted_info MD5 hashes: ba747f5e22df8f2b63fa5e0fd627765c 9e5a4ec70c937a9e35b5d15d3a0fce33 09472d65fcd4a8f5d1e75fa2ba9bc846 36ae1e211b5a2b4f979d749769415fe7 998b7231a12ffd8eec2926fb51e9b7dd 3a138c495b79d83cedaf4222d3a83df4 a05752beeae602e18857eb4627584a71 98d0960c2f69c955d701e26a360d6cbb eb88b9acfd97c6e28cd0cc9c404aaea0 12ad69413fb2305d5a5253b658631daf 75d3c13ab061436b625dae3c0921ac74 e514cf7c3b817c21b18b5fede2308843 8e75b478bdb2053fb329e9255930b469 56abd6af75055e6999118e8279f9baf1 587570072f4307118d7bc1fac77b51d2 50f432c291790a33a96de4e3463b6731 2cc4534b0dd0e1c8d5b89644274a10c1 f69cde58f6a150f940513cc02a51bcc2 cf4d61ccbf565f83e919f4bef3f0e133 5dab54a4ab09ba4066b3530dbd92b85e e8da0d4f8f489f3f1e66224b734817ff 7f1662e7a9caf3e8cae31b1a49e6a10d afab344b7f79ccb0209922afbb52483c 5c89afb4e22ebfb429cd1a0384c43c3d c8a752525efbe9aa6a35217a3bfdd91f SHA1 hashes: 7e8cbd3f1f07d7fc2b93e31ccfd80c85f92ee576 c693fb7585bf974f2eb29b8bdfd83f6e4962fbc9 ce2fa61455e3fedb7d7ee39552d4986a2ade1e8c 2c05fca36b99a7bc3158ee981a27557166d75e2f 47ecb7399a22377a2a97f712d718f85c4c55ce2f a7730206b9df4205813501627bdd9dc515867e8a 78d7d85ad8fd1343a964b101512aeb12f79caeab 7c85cd8776cc66e2f8e25bb05ed7739acf751c1a 3027f96198feb8a9a5c85d2bb1d635b2117c793e ff021edacf8909ced0c5b6cf3b1c1f036ab55394 eac6580b373638c17e109e0eea11d53f5803a5ff 92b327a60e3a576b7c8900cccf6cd534261481dd fdadaebfd6d544c18d0277975c674c2c24e3526b 10a91eb0c531fd20f112aae5c5307bdcb7e5d58b be1039c6632051633253ac54758b05f1a8d12eb3 d4c06725521d55a9a12b97392450616820223f31 3c3b8fb8aadb1c9745332f648ca097360b7b894b 62eaa9cc84e94352ab7c9c211517030218a6b79f fe35f6b15eda928246c11638678852bf3d283ae4 9aa3efef547f7cf4f764aea7b9d1f61c98116d6e a588e53440ec0393b1cae408e73606f72e94face 4a5a7460f84a45937bfc6efb8c3d86dea3fff776 735ee2c15c0b7172f65d39f0fd33b9186ee69653 701c91dc27397c579ac90f3752c855f0ded263b8 e4b77a7771c8e8a4d810dd98a5921f19ac838b8b SHA256 hashes: 1403ae217e374a11b08c2a96b50248b39fb084d42958ba5845b24c7bef68c863 cb22a4e2fff951cbe96d88596ccf0a726c85f5f30ecb9bc25b5502589b284333 805d5a97b7256ca763e30f8cc1dea7ee4172d168d0e5d1499fdc981148d9a0e8 f8c49787bf46de01f95e08f0d5a79cb0647bce51f01b4ffb2f3485a028e91add 63e7769567eb61562d9b12a8e6b2dcfcad2f68ae37fcc5e923bc47e148c5fc33 03b6545bd1a54a9bc61148fc26df5ec54b7054118a7902b67692ffc6e200062f e15b71147e48db5567e8f166e7b8482686a00fe376a20619ea5dc430edd26171 2182e60aa5e1f2ebe1eb7796a49bdd7c4be843bae873332eb109514fe3e58b50 0145d5251522b7530b19f30318763732ace39d849fc1b2434d671cd26f5186dd 45ccedc9378fdfecd4b592663ec1edf21c968b8fc4655504065f05a286754be6 8c39893c3cb77243fe8a8e3b9c78a4284483996b68527d924e356e198bc1534a 905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a 4917d9d7d078c5aea45a228d1873272a159d158a7d7486642d7336cc01aded47 2479db39aa2065e9bc0ab7559a20cd6081e754b90e987d871922eb9d2c4386ab 5b277cda904ec17cbefe703fba9fa0d84ca3429a94d07e09f606e0f2f59c9d6a 1b327c71698991c205ea4199b772f15240efde60ab540ca6952adcf7b2ee2928 f4623e88e526d5812d7ab04511bde126041a184dde4a0a56bbc9c1a2dfbbf1ca 929a930d627998617ce3c73eaa6e9c265428313b0648b1e6c78729f971b17e7d d6f4017528c0a21eef982287dc529813f4c0adcad1fb463eeb458483522f14d1 3f5383b3a10eee08143fae4c8b7d26c777bbe40b3fbf8655ca69a5cfb7c99f69 4642fbf8a6873615125be5f57812e5d1248d5c54549ed631edbfdf993eae14da 75ff1b1836fd6d04c5ea4e17b4fad1163f8059dcaf2def13f1c79c69b061a464 f304984d7de9d1f06b540a3cd371bf727962d7f4c5882ed339bdfa77f0c99097 98b3d32d37b05dee52f6e4982816b74bfd7eb349e2ee4aa096a130875bc17ff7 5bdc1cd5e12812f407db23cfc82d9300ee96c9f51acb04648dfcd40b02218b74 SSDEEP hashes: 48:cjHpBfpx/+QSXxQ0Q16QkMfQnMfoQEMqQNQZBOQxweaeQPU2ekGkWCrAZc9Ch9QD:YJBxx/+TxPM6oBoZeeBORkq2k2Cr19C6 48:cjcZHRcWcQSXxQ0QakQtSQkfQ4nQ63Q1a4Ql/weaeQPU2KNGA9mIG2a3Dt2sgQz5:YcZxc/TxPbkmSBfTnL3KLtkqIJ/G7AU5 48:e4QhAtVo7ie/fPtET0mdUziX0I7KLtutEkjaALP1:e4GAtVpe/fJmKziyItBF1 3072:YbbuRdAcgqu4c61lVJLfrfYEV3g+5Up48:YbyRdlvTfLfrfYE3g+4 3:jmvCHzYQH:jmx4 48:ZiUvgg6t6K+/ZJjaOxtTVu5rIoYCzIisszHrD5eF2WlBbwiBKGF7rYWxEd:UEFqsJVGDH9NBC5wiB3BJU 48:e4nUg3/OM/A2kCWFGV4IA3Xh/85MgMlCFGzM1:e4nUgPOMbR92F3x052CFGzM1 48:e4ZBe+y/2lgW5ohFmy8k1uuokKLztcVLxb0l1:e4JUptF98SuuQzixxbM1 6144:wIvnpHZVDRCZWvw7vkLMSroKWfUkzaX9Sj/R:wS1zIziGfF 96:YNdiTxPFH0LN1+M+U+N+0+/yZfxuRNoGNpgd/2LtkqJte2sCyNdq:cdKxtcdxNLe2sjNdq 48:e4ALxJzUH91JzpFo0GuUudejqXvD5T6W4FQ1:e4AjC1N80GuNdemvxUFQ1 24:Q6zkdikbTUauNN2X01zqqBWmoK95uf5kVs4eYScHFv4PFQ0BVM/j9OtF9N5WY0eH:e4QSH/W5kG5iiFQ0BVMBYf5Gbhql1 48:e4JkPDz3AB9SAtF0paKaK71TrlnqpjUESdSbmj1:e4JkP/3EXtSp11opjUMmj1 48:cjfpPaDyf+QSXxQ0QlQiQNQDQ7fGyrzTuWQnVGqLq:Yhr+TxPMdmuc1PuWAGkq 48:e4sZ6Q+l9PNBNDSGOJ9LwlLdqvz3c5+Oh41:e4lQ0PNrDSxRwlLe1 96:vzDaidCuhFwDG+8A4PtbiW+uGGfz/+vWVrQUqDayFB3d4:7Oid3zwDGIOtbiW4q/+ZUgBN4 48:cjBEA+T1hXgXtWmGFGGmzTm1RYmh70mLtu5LQRagavm6im4hYmaqNdmCOuFYE/hP:YG/gg5nuwiqVCohzRSt5JbbJ+hDH 24:Q6zkdikbTUauNN2X01s0jSqSA6mHxI7uiQ6CklSk5yfT/gsStJrHfvAqD2O6v7Ml:e4a0jwA6LAas/gtJTHAqD2Ok73b4CNe1 48:cjlRIsCNt+IpgLkePjRagavYE/hC/A2vER4K5ifkNRhGGWaXc:YM9kItePPohGzsWf2M 48:cjwXAoyQ7agavBmYEpYE/hCTMfY5MfXKJFMtFFK59DtWGGTMaJMM:YHoZam/iohBYa6gbWDEp 24:2djDY7+WrhSoJB/6EBhhCgfUBF0CdqXF0Cd0F0CaBF0CKBHzSxSF0CaZMYjxZMZj:cjDYKWrrv6E/hC+C7CzCa8CK5WhCaz1s 48:e4VBIocClzoqM1din5WADxLK8+1ENnjiQuMgdoM1:e4VBFcCxoqUilLNFjcTqM1 48:cj3qmfD0fQSXxQ0QxLQFrQ7YGJH0CYrOzeQuZf3Lq:Y3qYITxPA+lwYGeRf7q 24:Q6zkdikbTUauNN2X01xptprtU2RftDFVZa6vlDEfQ7qoFK3S1Esv9KMZLbylrNwt:e4Tjpe2JtBba6vlDEfQ2YEOKMZL/3h1 24:2djH8RBuybOaoYB/6EBhhCRpH8T2uBF2uFdb8uKBHu6OKuOQFGIlH3IlHy:cjCuy0+6E/hCRh8VBzFdrK5u/OAGGZ