Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 14:48

General

  • Target

    e2c6e0fe3b1d2b33196db7c8910583db_JaffaCakes118.exe

  • Size

    756KB

  • MD5

    e2c6e0fe3b1d2b33196db7c8910583db

  • SHA1

    938e6ac51fb2693367694fc1777e9f2310073613

  • SHA256

    1eba046e573d6710293d85856769feebed1e6a27b4285b5d3fc1bb1dc3c2744c

  • SHA512

    7242201d1068bdbf079756c2b8337c782df32386fe40ba05f7787efe84f619fad068c7c5bc3d52b8ada9b1e941d9ee43fa86aebd439a068c46eaea9fd308c356

  • SSDEEP

    12288:Tp4pNfz3ymJnJ8QCFkxCaQTOlOb47MMpX:tEtl9mRda1rMMpX

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • Renames multiple (5570) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2c6e0fe3b1d2b33196db7c8910583db_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2c6e0fe3b1d2b33196db7c8910583db_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:3192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini.exe

    Filesize

    757KB

    MD5

    63a3ddf08b262a0cc11671e14b03b717

    SHA1

    ec844232eefac728ed134438608e97dae10a9790

    SHA256

    1a75c3004d36a8c0a2728940be7cc24f4cefb7d51a12f2e8b0ce99b1e3b4fec8

    SHA512

    75c81b5b0a6cca68f1e411bc8c2f34e720191e0dde4a8da206d5be418f71b5be4348d172fc4536df4f74d0c00bd92575cdee0f889731aad1640fb5681f73e8be

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    bf94a9cd04ea37c4fb65d27c91db360d

    SHA1

    8b2a0d74b66cad77def69745aa7fed919bc7e5cd

    SHA256

    838833beb61eac539dfd60afa09caa8c7f1d6a53ec1d77a5d1adb0c66d4359b0

    SHA512

    b86a1bb44885a44b002e9fa655642c2333852cd21d1f6a0852ba340d9e8b0acb2850026703d716de3cd97174e033d67b55970caeb66fd865c998ed1374b65e60

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    43b2ccaf0ba634649da2889a3999ec12

    SHA1

    99569435a84a5df8db8d66b7e2a2f0572cc3b286

    SHA256

    0b09d8b55e99fc749b04218b520d8f934067f0fce2f570e5852eb78e03c70e8e

    SHA512

    afd62b82cc951e86afe452bb16e99875dae9862cefb6ff04881168e7ce37f9d0b4838001f3208ca6e02838b9a7c95db5dfb664d62a8a560e10cb0e135f2d30f2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    35ed81713aa0c8c2981e28050a3dc004

    SHA1

    a250e2be79eb51ddcc3465c7408edf8dee125ed1

    SHA256

    68231e710504a327f4032bee40fb973a4767d4f5ec26afe0f44ad3348a0b4da1

    SHA512

    a3f8162912b7cd5569dad3c13ed1d4f9ff6d45262550a834071caaef86c024bc9c5238ba4e063abb4af95bb6a26052a9670c406762fe358f88c96aaa1dd6c33f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    199b25e2cc99b786504506b8b8dd1b0c

    SHA1

    7cfaa9caed075f6d26993cb319744765b981e6bd

    SHA256

    6165e0c9793694255d6bbab8fea199b97c6a2c6b7d8e3ca75f400d228e3eae93

    SHA512

    88c290c3d6e9db77440344ad46c59cf8b2d05cc4d849ab1730643a6d0fe41190fe08277d40199407b3458a17a6b9ac7595e95e654d00fe901393271ab9a48fe4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c5d25674978b0b31364b3ea6db1092df

    SHA1

    0842866bc1b3474543731109f923f1450884a1ea

    SHA256

    205bfcaa73a05496ee346c738eccee415461e98db5665fa41aa64732fbdc80b8

    SHA512

    5bdc5d185ee7df87b356aa8ce2da5a7f2097960b5d746bf69b47c17764cec5d0cda7267d418b071fc0958c549224253212432f3744ee47a79859ee6e002143a2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    417e87f78b5f5cb54ca7cbeeb8304bb1

    SHA1

    38aa21a11360b3986054bfb3c6eb99747e3e97b0

    SHA256

    1f071cb1632803ae4efd5c1f411d68e4ecc8a803734d7f1c99016ac01d63e594

    SHA512

    692a9558f3862935fe4f867b2ea9870d6753cc487fbd6b5e4bd664b46fd10d1720182792cf7a9fa743a3cba35c0d74eed664f3c466523b50ad04bf2432f1121a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    22b12c604000b4a2e9aa013024293a06

    SHA1

    dbce254267ec96c47e907106fd995b8e900ffbb8

    SHA256

    95c294dd49bbeb9e9302c16cf3a6d47b4227755f486173abb422bedce572c193

    SHA512

    77a597545d026dc778d8f0169fd99c2d8345d2ff07413a9eafae1404c7fcb50c02aec5c5d250eed4c13ce1a6ac524d7803cd103966133d626daa58421b533caf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    4968596b1366b95389285f1c64457f36

    SHA1

    c7e2e4c1eddb1ef417a979835215d7141cb09641

    SHA256

    b427aba05d43d08e33bdd16959779716840891ca783520df56cd42b5bd325eba

    SHA512

    4842f43774d345b962af5d3126639c41d1bb6f25ad0a38078dd57dfa981bc8d3f866900d3a1aa88e0a8ef22ed82e17312e0f21b3bb1d28c31a34bc50f974b212

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    dc8bc66a8c521e7f5c808831d5468d2d

    SHA1

    51943cc59108d539adeddcb486a27abc55ab538e

    SHA256

    a478dc6c47ccd65932956266a414a86255035cac85962408e2a41503e3cf0524

    SHA512

    19454edc1c344b29a5890170005fa806e4580679afb29198c4fd88b700b3ab28c7d991f52bfb1e70b68d90e93e7fa2d2aac4bf9a4da0e1d8155159348105aa27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e6ddc13273000d2e45376d9080b7f8f8

    SHA1

    228650466877436fe81bc187504e5f24cf6ff599

    SHA256

    2988ceafc85498967d70d7d9e0802ee716904c640688993f816d214c4832ca72

    SHA512

    de4494a371e2d83da9e5053d325055d7deb73c7021c9af5642c74792be6ab08c2005e523702ba4cfb505350bdfd57b4c919f33c376b386b56473da0454f919e7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3bb0349708c95b870a2e1e4caf1a0f33

    SHA1

    0df4e9ad79018d41833416588e74383f77daa3b2

    SHA256

    ad746d9f9bd0714d7b9f920bcc2ebe42995170e2147dbdfe28dea29a190a80e9

    SHA512

    505097f200a6d5a1f3eba36bf404dfa0d2bb28ca5078353ed00e1b9a4c6cc1acdc53e657d73aacbf9f42db728caf5aaf124b6952f01273d50aee481cf246240e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    59f72f445570c200f60d411c9655c387

    SHA1

    d4712c19201a51c3fdbfc8d6c8f6610322a66ec0

    SHA256

    b6ad3c4412f3ac5315a77afdc566badae34d5f0bac06868deb19faa81d2cfaba

    SHA512

    f5a220be94dad105290a2c4403acfbe3a7947efd585ad3f74b1de7b570ff8e00c2927825c56056738a33ffec52abf216eb090c8ab592b18ced503c41b749c8b6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a4356bacdd4895044bbf6f993fce3901

    SHA1

    312d60079412a7a440c648a0fe9cdd4770fd95d8

    SHA256

    9f584c415ced4a39a9d26eec2a19be8636f486ee1f538141133f13b4b64de284

    SHA512

    2d95b447d737cdfc538045e60535509ac44fcc92718487911db2779a2411228b1c375d646212256d69d1aa840e332f916c70a67605e4a10b53053468b39517d4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e93c61cd9bb715f40fe3eb77da85d755

    SHA1

    266d33cd753bf1b29aa921bba5c44af749fc31cb

    SHA256

    07347d64feb9c05553421de26da789dd00c196547b879226c2e6452b25a96a73

    SHA512

    bf9b595254c37926a794db886f258d1f77bb66d9162dd3fe14f3e4db75cec87837a8e0638ec24ccf7837469757cb527c4b14f1bca56e3fb5009e9d81a5e038e7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5736c9829f9d1fad6c5576969ca46b47

    SHA1

    c3d1255ecf9c22ca20a08ffbfe6a9e536aa1e3ef

    SHA256

    a42f65e61c909a9fde16b6b621830192461e1cd2b7d2d5b07eef6647de8d214b

    SHA512

    45a94b89d2e4c2015346fdf22787f1ca480ff797677c57f005f3eeba9e4fa6416734ea04640be0cd25e59ec7fc173d45399585b1ecbc32de04f2531237af46f6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    afb23357e321a39df176ee38741e921a

    SHA1

    0fb80b0df7a0d6dd13f6837137197370f6b9afb3

    SHA256

    2799857b6da771085f55206e0ca6c99273b151c154a1f1b0666a0cf9d6bff659

    SHA512

    77e40e84377e54c742fcc2de45bd3fe9293d256524c0e4f738434195dd9c3c8614ec0c7f15cfe60564025c52c060d3db3ebf0c0d8a3efc6cdfdfe3f58943f7fa

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5bbf01616596662a1e3e292d42a59b0f

    SHA1

    85f90353ace0786453fa59cb473b547d3d2ffb7e

    SHA256

    6e33b42b8e143eb4e2e375fbd3c5a4e1753cc437df306b1e7e294799c969910c

    SHA512

    5740de995bf9780d822f0c53422b725955120a5469931d4392a92ac1f4b678c4afd8ebf6727f21f8551aa731fc4baf8ac3ec23f769b48bd62f0c5095b9f94f1c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    fef8c359ac97f52ab5f7d5b9f53cd13a

    SHA1

    1fd1944bf6752358757a8f655395e5939b09b7a6

    SHA256

    bafdcfc857d111d30f75bbfd360a28d2e9fdafdf996be890011d7bbed86005d6

    SHA512

    8882eb21c906761f12419a3ee0ee9624f90edfcc74ce08f8f73c395e0abd0f0098069bb6355b4aa1b090123d578b75a82e8200dab751c7dbcf6bc1cbcbd1e9c9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    dcf1f7b4018ebf74545d77481db66a8b

    SHA1

    5b374ea11e14844e1221ab38595621f78d9ccbc6

    SHA256

    2a3b4094277b58b56bc6eeb97e61de531e9b429be7107e0647ea76831b0dfd89

    SHA512

    d61e4c833781030bb7d0007076a0e57a2ae69a33f6ceceeeb005abd99449ab168e2ccd5b08241e0fe100320fb4e3aa21875986ace333e8231214453b0ce100da

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    bd38cf88ee2b6abf57a75fd5e067624a

    SHA1

    0a58ef5bb9823a46d7241a546b56d2cb3a2fba6b

    SHA256

    f9afb3ce6c6c1b0b6af6061425ea816e393fa3305efc31aa761478f9649d23e6

    SHA512

    f3297bbd4210e1d9a027cadc342fb342011a11f15657907b4d57ac791d8210c4836b41764cf23a9764cd073ca147a4bc4489aa93ca7e4874aafcdfef001e4273

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    87e884cd33f7ca3ce17faa138287c5fe

    SHA1

    d83aa6c28dc74d74e56c0054d5441a1cbbec5a09

    SHA256

    2af90baa2243e1adbe4cfcb0a9e2263a0506426e7ac0680742da0b69a454ceaf

    SHA512

    bc81bebce533f155fb189053e6088e0bc77cbdb10e8362e364cb14c6b5549c1128e1b3178ecac2ac322630ee815ad29bcb4c5e0c02b27e8342386670a7dc0f34

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    476e3d02e0621f5af0947a88816834dd

    SHA1

    be8637530dc64e435e5856db94d201c46b095025

    SHA256

    7a76b8a100b69709de6f435225fa733d18ab70d53e070e6e84429fbc973bc48e

    SHA512

    2f2581c093a4ba45300094a247d9b935525c60003b4e00408b203ab90e0c902d75e727b6358ab4c364ffdc3ffd7c430bd531f48e06d797f0a85748fa123afbf4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    cd6b94d5eca8fa24f99b405562e4ec87

    SHA1

    bc3ff4d9157b318499daf3e636ef0f909c8e622b

    SHA256

    d634c885efe1c7df91fb48ac54f68a586588aacb420b21960968794b93df1407

    SHA512

    f0146505e34b113b79d929cbe511d910ce72025ca7786e07b590eb6238585108806191d990496760385dff5de02a11f019cae973d1ec1cd0db7f101d8f91cb57

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b0ae11bbf78b74ca53396c1d989422b2

    SHA1

    3d74b7fe5369224afdc036e9b62cca903273516d

    SHA256

    5c882a1e97ba8c68a6a58af86b6d8abdde377fc39ad4db15ea9766d274c1621d

    SHA512

    1651f5a6466d74d0d7a96c88f4e027c69351fa50212f9aa034e80f5d4bf9ee9c5c3851c13e09f389bbfec25c58d0a516ccfbf1a2557b8a538745a604d6585050

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    acf43ff08413900579f31edc8efa567c

    SHA1

    69bc5e1e5bf08408def3d1150fe5180619073304

    SHA256

    e9031e0472f2657ca7d5ea1ecc9ae20f921ae0c8fc119540538cbcff33ab5b68

    SHA512

    d1a3a0acf6049e4154a3a552e124a9c13a8442d4d6001020e0de38368e72746d1f34f352c38e732024f1dda8819b795faf1483be1a042a1f7b43f42777a71be0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    03bf83f5ca7bd01cb06f6870007db697

    SHA1

    95bf0f28b3a36008809df0604530da4750b7fe11

    SHA256

    f2bdfba7a76ec12bb9324f150cdaf5f3b34165f1d505d802d7bd0b287ee6b78c

    SHA512

    56dec6704011616f362d2e2aae258c463a6a7f5133d87de288171684d284972c709b2c8b4062c0072f4138ea8916bcaf0f78905797e27a6666920f9ec92b0f94

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    29c0460edfe1bb7707b2068829b24c2c

    SHA1

    3de2c99fbef3f5bc4b62aee3c174945ae7f77560

    SHA256

    7c6d2a3dc9943d151f587247c8e59a862bab4543ec7b3a77211fd61ae5584e26

    SHA512

    7e3f3a528b080d168c90766f5aa5904324e1e2404db9a71bd01f123feeea8b04aecbb25401a2adb4dbd582aeccb62f87122dcdd0525aee6cdb02c78098bdda3f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    5b87679adaa57481881f9350bd334529

    SHA1

    1f72b90453ab4c74bb2460714203a867d2712514

    SHA256

    f2a23e07970b06c5e3826e18fb1ebdb55523bab8d3164d88d7b82375cf9117bf

    SHA512

    5b854139b19d9c3d407899dfe80daa3121c8f5970d588ffaceab2d9fea015b732b2ef9e58e441318b33a8cfca7ffe37858f2faca3d4a60723ae2d9ff1293d14e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    012f07cea2f27ff1adfcefb5715f2736

    SHA1

    82fea8117fb8c136435b637bc65904358b4c5d15

    SHA256

    2fc06aa122fba1f539ce18a6cfd3e6437e7a18c47caf1cce94390b8b5125f2ab

    SHA512

    a368c2d88d7b9465e0f80c1a3c4d8ca4b599d6a4ddc4eb4cd2ad9237b6b2a946145ae25670aebce24aa1c6bb511890b1162eb86768fc4374b11196421e08ea03

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ab25fdc5a0d535cb279b369e85363779

    SHA1

    a8fad1909e7e238e5136682ef8d2c13dea01d45b

    SHA256

    6a17654a41d7082b1455848507a4914353725adf12b7b9c7972d18694bc2273d

    SHA512

    3c180e4b92826231efbd8e29e3043494f609f0b66483336de41204d3f681aa20bb9b2bdd9176cb11c39474891300771226e8f42814e762d88af28231e03abfb1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9a91829305f66184b410fc79cbd61235

    SHA1

    bcfede777a13475f76bbbf18a9cedc16ccaf20b6

    SHA256

    565fcc1311805d81fddb19032f8625279da162225f1e6c2f9152f127484281ac

    SHA512

    af5d30772810ff3ed6bbcb4e8cad75ee215915d9599f7acd50a066a90c1511b4fd52592b612bea5776927efb593a861fe61fb4aa3c78920979f3b11a227edf44

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0eced04c36ca3fcd1775eab35a60915f

    SHA1

    2cc997a180a952331ee5f205de3f9178297b95af

    SHA256

    cc0d284c62bc529e3963b68b094a9b4aabac73862b801a1f300f32e5ed37c58e

    SHA512

    ce43473ab083f427907a5efd6e52ef106f76d434c678ba67cfba339ae8a03726754e534cbd24e45892f05957843d6e95ea34b47e8a556ec1dc31a0697b4053fe

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b1dbb0ca0dcd0c7c32f8085a605a459d

    SHA1

    aa2b1ef98291dc916f16023b2e45879a673449f6

    SHA256

    15147991f41d64db095837c61dd36303a39478dba4d455c0e9e2fec82fb32a00

    SHA512

    2ced1c977f684d7165d08691f9b0fc9df4af0e1da1e48a494c0a1d893681c8beb98462cfff5e106ca53182453b921c8b62542b64f284750bd281da1928de974e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    adab0665d1ae0d924f54315cd88c93c7

    SHA1

    200bb5252af92a3f3bd957757ae716cddedd6fde

    SHA256

    6ee766998c54e8d8e4769170efcc0539c6ca6a4a402355a65996e68b2d0e31be

    SHA512

    619ffa23ecb52de0b7f582fb57ac4da61e7221c04b680980bf7a731367697065b1edbe30ac285f2084afefa6de9f5e472d7c480dae34cb79df2e250323e514d4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    839eed30ecf1f34b320159847602dcb9

    SHA1

    56e7695eb32a09dd478f9698135c1f92b9b7a13b

    SHA256

    60de059a57c6603214dc4c7158567e8eb00c74b7a92fb18e174b1f36384ae200

    SHA512

    29525b3f78261cbe7b02fb7e092e146cc35d25fada1af176143e9ace59f742a8434b12c44c1a6f1e03594a5321848fbd581d4793c1040c02774aea2565bb565a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    1d46a97553b1edd54618bf6a126b10be

    SHA1

    79d9687f609ed048f1fb252b7ddc4085e34f1774

    SHA256

    ee5d5dae586ce5990a1b78b6a93014338b40acdeca181742e33302c8ee39af6c

    SHA512

    e332c2aeab1ab9fe3c11ec5f8e60d91e63cf66781ac6680a35aa856cbcd402f61c2a52d7559e7f1e719b169768aa3ee69b5e07d2ecdc09fdc3bbb4ac0055eb14

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0b0f37509d5912113f062409d68b2d47

    SHA1

    f1e2af24f2ddc0d1ca040a706e79b6792275d149

    SHA256

    c16e3ef64d22cdb7af7dd47cd6921756f161ce6f2c106b4edc0db4ce0796dc9a

    SHA512

    a31a6f1635c4c6a20d0317630c553f97010e4e0938ba04caa0ab7b7cfa4660f2d5955aa7f5be8962a00699a4a0ffcf7385f7633115234d5aa8dd6618c0a24b28

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    c2ff576fd1efc93aa8f5ae909a87e196

    SHA1

    32b11bb0703de1fdfaa031a7d1a3810ed30dd6b3

    SHA256

    494e06ac55f4444b3a56368bdecfba36a574aace2b85d123a54334ae93463fde

    SHA512

    3def5b07a07cd85f94afe4dfcf0fb93dad427a9da5f637d8971665ed9125fd55f0b7222545b396caca4afec8925b9cbe6805046a4dd99bf4db35ff419cda4d75

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5102f20b866017a333029cbc680eb581

    SHA1

    1491454b6cc71f941d5d00c24095aa7d75e74f38

    SHA256

    db716ab76b8b6ad43733ed46d9964d8209ae671f97dd86daa0833790a427ac30

    SHA512

    29d2fac3714046169b744876eba9b2b5d5010ad241c46b93a2307ed46ee2afe4540427b9558daba3ec06ebd6db5c006ea8ada94aad85fd7157b3be7fe12fe0ab

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e0a7ae23c828441882637d5f15cf29c8

    SHA1

    5541805269d41f7feebe3b0f9a99a713d476158e

    SHA256

    4b2c20678777577cb9f505379bdae885a5411dda5a5462ede261bdbf3b2847c0

    SHA512

    47d6cdb7ee81452050ccdc23daf43666488a03dba82f1d6d767a080e4a8c474954b7e4282f6ed37fb54787acd528334e4be15157fdb49f42c008e0823ddc4752

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0ff54bb1d1772753596caf4f7cff15eb

    SHA1

    711b02cdcd2a632f2cbf24d24364b66e898f0efa

    SHA256

    4679939cf0361fcfb077d30b4c843c6b557dc21630c5d4a5658860a604a657bd

    SHA512

    803c40f9b863a0655620a9c2dff69115a4bb215dedd597f11a894f840844812953c101dac34d02b28f7a894c57900c0d38bf98fffa7aae4f03982df0c2bcc16a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b9f30bf6ff5cfd2bf9488b9f78ab1c73

    SHA1

    59687b26a719eb2be0f439d3032468312302f9fd

    SHA256

    687c89aa925dfea311e8042bf7d601069310bafa7027da21c2a4aee9b70cc8b6

    SHA512

    db3919f8dcc850cff9cb09ce2118d0ea10ed1c6882dd8cfa4f8eeb66581341d96289ef5c82d380eaac7cb00d9ab9aba886259de4d8d2ec42543fa46b11bb3ec6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    dfcf27c86a14ba3ee52153109de6d4bf

    SHA1

    e0382484dedac9d4a90c9b5ab72f5da6a31fdc7b

    SHA256

    3a3c77945fbea6ada6e30f802d4a3293675adef1d9e73a6dba147646a432bbab

    SHA512

    c8ad35aaffcf4de63f96feabdb9d3c92c857678c16fe9526d8523bca7bfdc1c07a18f2ea8c808b43dfed5ca6977d2f1d7c3af6d82780f33aeeb4e2f13564940f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    3619532967a84c99d3e874cb9da4a7bc

    SHA1

    6564f46a6068e5ee305f90385e72337ecbe153ed

    SHA256

    83d5c22b8cbb7e7443076b97d668f4f2f2668fd9fa56e3028b7c07a4cc347586

    SHA512

    b0925bba2a763130914e6b40057b3d6f05995dbdca0b739f600f6b008be64e16a184198d9eac282e7003838fcff6c17b68b754f1fa6d7ab4bb1c08407e34d03a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    076585bbefadc6cec68eaf883cb1f271

    SHA1

    10211e32e2118295e1bde72c937c319ab3117e94

    SHA256

    579b3d544c192b88bb9a074ddf0d2e75a8c66924270fc561a88819564627588e

    SHA512

    60ff4fb8416d923987eec4265c9e4a252f26f1f2c7994a4aa90b77e3c7839faace0141ee63b6c12f9accc8826beca1dcc9630a010d0747fbc7cb3a51d874b285

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0e3734d8ffb2433d2f40c83817efd7f4

    SHA1

    55a5e95af02dfd46347ddb3521df96828b29aea2

    SHA256

    2e6bd8e1930ce06b26525564a7b92555292c10854c39237f519db6e8752eb37d

    SHA512

    f03b01b958c3768fae899e20470d7a3a7f35a66e3d8cdd31c72f344ef0876a956da69a5ce176ebddfd8a56a3ce0eb994ecc3403061139cc0137b73ceecf2dd6b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1ba05bfa209facb87b74fb7b83e4b46e

    SHA1

    44dc384e53738ff310d1f1598d6bc9e05fad6c7b

    SHA256

    fc2bbaeaffb0b8af4da0ad9362452efa8483d741f29d581e82f894c24893b948

    SHA512

    c276336b2a5dc1667d2fdfc005e5701c13af7732cbd7b6f595990f0d7324ee44773f137edd665fc5ea9bae0165dc40aaef2048318ef61f9b95b1e51feaca973f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    842e687aabb45fc5a7b59d6bbf74155c

    SHA1

    2dca4cd126b6641ec976250cf84f62a36da1bc1f

    SHA256

    c8ffbdb3297d0ce390bf5cd35953a9fa3cfbb391d9918125e5026217c5d4ce63

    SHA512

    68b40822f71d58697fb1a1fb7f67768c7de2d25e9d5689cd3bfca90bc0a35dbbf8119caf5632226e80712ac08debfb709a9c58ded41d9148c0485df8b1e8e87b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6fdb8df645529839ee0de22e7720dd35

    SHA1

    23c5fb52190d00728a114156190b24b84cd0eaf3

    SHA256

    a7f3a65433f586e632f168ca78c19d0f3eb309cc9e53a29e18e2aeca0f7f589c

    SHA512

    aebb15fc5b6c623880506e0d304a85ca7da661bb4c5703ca1d4de7d3368e44804afcf75d4bfc2e6ceb97d8433c4ee1c4e88ea94a55431b8dc62b09f940113184

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    9dc5bf814532fdf54cee23d652adf07c

    SHA1

    97a81190f73ae9db6d3782323ad3742b1a1731a9

    SHA256

    47923c53714290f62ef885c6f6173fffd54f763116c37db147a1df0f109b52c5

    SHA512

    3066e46b3029effc5851bad47ea80307a254513711f6aea4c0d02506d28590341699133e5e95306818a3909f85fbdcd2f4bbf882094e57b8a4e40ed701e6e9c3

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    756KB

    MD5

    e54120ffa7565821f4ba0f91f0b68c76

    SHA1

    eaaa2f1fbdc5d1c6b6e7cd0f056393be18fc35e0

    SHA256

    ac0f3b521822a9e47ffa1150074d3ed5b9ee3c44d3aacb512bbe1ae22e84f696

    SHA512

    f4029c137e3ea7af3208ad4cd1e5a66e8b47b1f5a15ab5a0aefd087898e0b6c8a70662513248b63ec183aa2e2bdc754549ee944ae215e63eaa1f601f08f77ad6

  • F:\$RECYCLE.BIN\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini.exe

    Filesize

    757KB

    MD5

    a6a4f59a29f0a0fa9d813f3bc5f63daf

    SHA1

    6eea701e44978e772cd81778be4abf178fde835d

    SHA256

    c235db892aab5fe89c02b5cdf79dfb6fae18b786f394c3419ee96b7c8cb8ec22

    SHA512

    70670523e2bb24f45ca5486c86d0c242ca82dcbfe08cf986a2e69e779037481a4c51daa7f5136dc8df30cb9ccf31165c27d50905b5ce026a7a0ca974be2660d6

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    756KB

    MD5

    e2c6e0fe3b1d2b33196db7c8910583db

    SHA1

    938e6ac51fb2693367694fc1777e9f2310073613

    SHA256

    1eba046e573d6710293d85856769feebed1e6a27b4285b5d3fc1bb1dc3c2744c

    SHA512

    7242201d1068bdbf079756c2b8337c782df32386fe40ba05f7787efe84f619fad068c7c5bc3d52b8ada9b1e941d9ee43fa86aebd439a068c46eaea9fd308c356

  • memory/3192-5-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

  • memory/5008-8103-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

  • memory/5008-0-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB