Sample File: MD5 hash: 2601895cfe5909f5f66e98524bcd2aaf SHA1 hash: c81a4306207d6aedd9d4ec5b6e4b828bca8e20ab SHA256 hash: 18f0b09725c3f4cea286aae7fceaec0cd6e49f90c9aa72dcc9c6d748bfe716cd SSDEEP hash: 768:JlRTCFe+9BdQBrZ4oq03yfXwfksidQpcjEAZrsbVzoFrROlK0GLxt7kzRM/dw/d8:Jl5CArZ4vI0dN+z0lI6L34uSy Filename(s): October_Invoiceb91a6edbc0ialmb3ce5ebc15abba7fe01fda93.accde Filetype: Microsoft Access Database Mutex IOCs: AuditNativeSnapIn Global\.net clr networking Global\_MSIExecute a403e9b3-6f76-41ac-ab55-e693040d1b8b Registry Key IOCs: HKEY_CLASSES_ROOT\Licenses HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 HKEY_CURRENT_USER HKEY_CURRENT_USER\Control Panel\Desktop HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure HKEY_CURRENT_USER\Control Panel\Mouse HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons HKEY_CURRENT_USER\Environment HKEY_CURRENT_USER\Environment\TEMP HKEY_CURRENT_USER\Environment\TMP HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\control.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance\First Counter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance\IsMultiInstance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance\Library HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance\CategoryOptions HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance\Counter Names HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance\FileMappingSize HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTTL HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109090090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109090090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109090090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109110000000000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109110000000000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109110000000000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051091A0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051091A0090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051091A0090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051091E0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051091E0090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051091E0090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051092E0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051092E0090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000051092E0090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109440090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109440090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109440090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109510090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109510090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109510090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109511090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109511090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109511090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109610090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109610090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109610090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109711090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109711090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109711090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109810090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109810090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109810090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109910090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109910090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109910090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109A10090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109A10090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109A10090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109AB0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109AB0090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109AB0090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109B10090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109B10090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109B10090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109B21090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109B21090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109B21090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109C20090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109C20090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109C20090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109E60090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109E60090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109E60090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F10090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F10090400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F10090400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F100A0C00000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F100A0C00000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F100A0C00000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F100C0400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F100C0400000000000F01FEC\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00005109F100C0400000000000F01FEC\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\1DB4C8E0922C7994F88F5CFD1713D191 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\2246038675C7F37388062DC64EABA251\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120754FF\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\838AE285991981530AC5BD9064F286CE\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C025571B2A687A53689168CD7369889B\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401 HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\InstanceType HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\PackageCode HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\BE14701CF213AA74FBBA8ACB900D664D HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Impersonation Level HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Namespace HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\InstallationType HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOwner HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Config.Msi\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109090090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109110000000000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\000051091A0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\000051091E0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\000051092E0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109440090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109510090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109511090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109610090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109711090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109810090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109910090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109A10090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109AB0090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109B10090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109B21090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109C20090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109E60090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109F10090400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109F100A0C00000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\00005109F100C0400000000000F01FEC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\1DB4C8E0922C7994F88F5CFD1713D191 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\2246038675C7F37388062DC64EABA251 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\4EA42A62D9304AC4784BF238120754FF HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\838AE285991981530AC5BD9064F286CE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\C025571B2A687A53689168CD7369889B HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\F60730A4A66673047777F5728467D401 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1276836803-1479805768-3330128443-1000\Installer\UpgradeCodes\BE14701CF213AA74FBBA8ACB900D664D HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts\C:\Config.Msi\a6d000.rbs HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts\C:\Config.Msi\a6d000.rbsLow HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts\Rollback HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts\Scripts HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1DB4C8E0922C7994F88F5CFD1713D191\InstallProperties HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOrganization HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\ComSpec HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\FP_NO_HOST_CHECK HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\NUMBER_OF_PROCESSORS HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\OS HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PATHEXT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_IDENTIFIER HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_LEVEL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_REVISION HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSModulePath HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\Path HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\TEMP HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\TMP HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\USERNAME HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\windir HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\windows_tracing_flags HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\windows_tracing_logfile HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\Installer HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109090090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109110000000000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\000051091A0090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\000051091E0090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\000051092E0090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109440090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109510090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109511090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109610090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109711090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109810090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109910090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109A10090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109AB0090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109B10090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109B21090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109C20090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109E60090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109F10090400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109F100A0C00000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\00005109F100C0400000000000F01FEC HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\1DB4C8E0922C7994F88F5CFD1713D191 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\21EE4A31AE32173319EEFE3BD6FDFFE3 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\2246038675C7F37388062DC64EABA251 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\4755C4440EB6E323B9DD29F2C6C3A440 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\4EA42A62D9304AC4784BF238120754FF HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\68AB67CA7DA7FFFFB744AA0000000010 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\6E815EB96CCE9A53884E7857C57002F0 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\838AE285991981530AC5BD9064F286CE HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\C025571B2A687A53689168CD7369889B HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\DC8A59DBF9D1DA5389A1E3975220E6BB HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\F60730A4A66673047777F5728467D401 HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Microsoft\Installer\UpgradeCodes\BE14701CF213AA74FBBA8ACB900D664D HKEY_USERS\S-1-5-21-1276836803-1479805768-3330128443-1000\Software\Policies\Microsoft\Windows\Installer Domain IOCs: 127.0.0.1 arrarnmku iptrackeronline.com jplymell.com linkadrum.nl www.iptrackeronline.com IP IOCs: 94.138.205.138 147.135.136.193 45.55.57.244 URL IOCs: HTTPS://jplymell.com/dmc/ImgFilePDF876356653680900897fXmfwICxiOWbsPLJpy.png File IOCs: Filenames: C: C:\Config.Msi C:\Config.Msi\MSI66C.tmp C:\Config.Msi\MSI6F9.tmp C:\Config.Msi\a6d000.rbs C:\MSI6cffe.tmp C:\Program Files\ C:\Users C:\Users\JPenUM C:\Users\JPenUM\AppData C:\Users\JPenUM\AppData\Local\Temp\MW-3cee3894-a0d4-4f50-a87c-21985e988377\ C:\Users\JPenUM\AppData\Local\Temp\MW-3cee3894-a0d4-4f50-a87c-21985e988377\files.cab C:\Users\JPenUM\AppData\Local\Temp\MW-3cee3894-a0d4-4f50-a87c-21985e988377\files\ C:\Users\JPenUM\AppData\Local\Temp\MW-3cee3894-a0d4-4f50-a87c-21985e988377\files\MsMpEng.exe C:\Users\JPenUM\AppData\Local\Temp\MW-3cee3894-a0d4-4f50-a87c-21985e988377\files\MsMpEng.exe:Zone.Identifier C:\Users\JPenUM\AppData\Local\Temp\b106484eb915e4ad6df697dc1442cbff-EDITED.jpg C:\Users\JPenUM\AppData\Roaming C:\Users\JPenUM\AppData\Roaming\Imminent C:\Users\JPenUM\AppData\Roaming\Imminent\Geo.dat C:\Users\JPenUM\AppData\Roaming\Imminent\Logs C:\Users\JPenUM\AppData\Roaming\Imminent\Logs\21-01-2019 C:\Users\JPenUM\AppData\Roaming\Imminent\Monitoring C:\Users\JPenUM\AppData\Roaming\Imminent\Monitoring\network.dat C:\Users\JPenUM\AppData\Roaming\Imminent\Monitoring\system.dat C:\Users\JPenUM\AppData\Roaming\appmgr C:\Users\JPenUM\AppData\Roaming\appmgr\RtlUpd64.exe C:\Users\JPenUM\AppData\Roaming\appmgr\RtlUpd64.exe:Zone.Identifier C:\Windows\ C:\Windows\Installer C:\Windows\Installer\ C:\Windows\Installer\$PatchCache$\Managed C:\Windows\Installer\$PatchCache$\Managed\00005109110000000000000000F01FEC\CacheSize.txt C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\CacheSize.txt C:\Windows\Installer\$PatchCache$\UnManaged C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-1276836803-1479805768-3330128443-1000\1DB4C8E0922C7994F88F5CFD1713D191 C:\Windows\Installer\MSI504.tmp C:\Windows\Installer\MSI81A0.tmp C:\Windows\Installer\MSID0F9.tmp C:\Windows\Installer\a6cfff.ipi C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.Config C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe:Zone.Identifier C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll C:\Windows\system32 C:\Windows\system32\MsiExec.exe C:\Windows\system32\sxs.DLL RtlUpd64.exe appmgr MD5 hashes: 2cb9315e533e3700bedf1a77bba374bc 5b9849e016ab5210cbc8e78a1fdd3671 5c968bf21646d66492c1dd12d0d1c641 74b7dba5f2d2c6ee0b33d3392da83d16 9ed4d3bc8a00a12c80f9e8d80423542a cfb868c2490e1007003f2733754bc878 d1b39760f6e1be7c44ebacf0908e5c11 d41d8cd98f00b204e9800998ecf8427e SHA1 hashes: 560091b2bdf518dd892016722da62fa613d5e958 5674380a700d3875400c0fb266a7e3a4b85e2b8f 71f88ba6cddc9fc7981593e9a1626fb38b31ebdd 7e0e34d3417b54dd8920e27ea20b977e51d0a17d b52ffc461844c1b5227caf30fbb39b3a270c71f1 c40c5eaf4227171ab007742d0af29bec01ee130c da39a3ee5e6b4b0d3255bfef95601890afd80709 db5de9eb47ba27964019961597062ee0f77e3797 SHA256 hashes: 76a430452cf0bbb0e429675afd0bf1ff9bb9391f6d41dc293afd6ef06abb7c15 a262de468045d279966577b6bae961c2f90650acbb91c7a4c88b380671d12281 a772d643043e9e4d10ce3cbefad39cd312cac38fd30f4f36edcead88df5fc6b5 aca0e5d3fca1c4ac504afe2f76c73d9f51bf9b84d94b5060e7648eeca81e9a16 be0cf0ee8c14bb4c83ba264c5249b5e4fa526eba52e2fddeb60fb86bceb8018f d67b6804cd05912270ca632da34e1d304fc65a5df87fd9856047ce90a5331bad e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ece76c8cfeec585ee9b2a1e4b183895d45be71cd5c3032bbd8a036607f300b99 SSDEEP hashes: 24576:iJeNNh5l9eiuUVJlVkw0P8LP5A90RT5x0tjNbhC86F:iJeNNTlpVJRfLPo0zx+hClF 3:: 3:RMQGgr4/d+C:rGD/ 3:cE627w:c0k 3:cE62oAttn:c0rttn 48:P2yTxnvIL7IswvgvaqahU53h7xjXR7L1s0ou1XR7L1s0ouq:P2avyIrgv9gEVx1psvut1psvuq 48:o0gcDHQbuaKOvlBuUJVHdASAp0uSicYOvAbdASsOvvrlpj:olCallBdJV+0WcBOxpj 49152:vhbvWxBj7Ba3DaMNtklBXTdVTPT0GStMCtijo:ZaBj7iJuNTXT70Gwtij