Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/04/2024, 18:19

General

  • Target

    e58fe7f6afccca5083bb1a0a47fee71d_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    e58fe7f6afccca5083bb1a0a47fee71d

  • SHA1

    894ec727c20fea7c21ae45f7ae836700af510c72

  • SHA256

    8f87e56e12dc78afb8895bb823e3edfd0fe757c3a0c88bc5e18bc5125e687fea

  • SHA512

    5bbf931a57aebdb4402175598d85151373b2af46584de5522b0b77df8973944603632b9ee8e8a3d65c2c98c277fa75b28a0069c6fb5d95820f4527cf2a98e38f

  • SSDEEP

    24576:8Etl9mRda1hSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvZ:PEs1c4+2NHm1P

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • Renames multiple (5579) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e58fe7f6afccca5083bb1a0a47fee71d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e58fe7f6afccca5083bb1a0a47fee71d_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini.exe

    Filesize

    1.0MB

    MD5

    feddccd5b7b3e6da9112ca644d797539

    SHA1

    9774626b383809b94afd01b490ea979f1cbef22e

    SHA256

    62e3679bfbb78d5b40169c96dd5834fed740c7de563353b4a4d787426bebdd4d

    SHA512

    489efd97b42b80b3c939126ca2d2d794644a3dade813b7f6bf55338b4cf4a6cb0994e922816498fd552c8c377adc31f77decabb9c366af283e190fe4dd05336f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    837a02471d402de8bbfaacd1f566983f

    SHA1

    4f7219cda8893b9f8bf0ab1a511d4159478c02b4

    SHA256

    22e693700552e90c9e07a68ea0d243f53d87d9d7b48a0003a7285c93261f29ae

    SHA512

    dce079a523e2874b5ed9d0710515fdc71719433785f1a255245e65c9496aa9b99ade62eeb946562b5096156508717fd526fdaf8b5ae08cd98d8a86aef20ceb5b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    7913721d4cc037bbbaed118d35ca0f1c

    SHA1

    9fc6e88578c0dcc717275a09a1bacc92259af85e

    SHA256

    c05420e56d0dfc93cacf2f58e7a20449d2734628a239309b31e2defd74577389

    SHA512

    02a408283feaa3abc8c1d9f8a1aa06d8bcca612d68a08b694f29e100e8c5a20712d35b01223decea071ef6e95625f83c3d10b5096573b4d7fb60325f5f046b59

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    282505d3ea01e4afe185a28be4fa4f3a

    SHA1

    10f2031c80a918241314ae7329f4563d7023afcd

    SHA256

    68f43a0741eb48021bdbe45d5e557c174c4ee813c963f9ec94dc7db9456c47b0

    SHA512

    76e0b99846f8fe4a0a007ffb5bf905af890d3424d3df123ba5f689cb7f8bdda189b70f5013e505203b7ef6a6b1c41d1ae7c9eecbfc9dc5a4c4375ea9c7311481

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    abcff2ef14a3f3193e71d8f1aef6671d

    SHA1

    de4eae5cb3dd44b7a609e084b50e8e3de60ecd2e

    SHA256

    2b685b8f500f996cec3303d5bced104688be51c2268f0bdf5a63eb4018efc373

    SHA512

    c09b3e15994974f9bc293bbc1a811884918baca802392dee36b00e85fee378cdf6ccad1800586f5d67dd0db64762c1a26b572c33d8f967dbb216551af05eefd1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4b4d719ee334a76f2dc7864fab808ba8

    SHA1

    f16123edb678ca7b3d118fda6418d8f153c4ecc5

    SHA256

    d37461a185b647cd697e3787b18d32d609365d6f66fd886e589701a144c802e1

    SHA512

    15d5b5c653bd235300ddcf66d306c4d86aef716aa4aaac3ee4a8ebcdee81830a8b21bb623c211c52f84783c0cf99456ed0e2dbd003fe757b18f6cd27eb2b7514

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    bfbcfc10bbed66ac8c34e5a88ea2b22e

    SHA1

    4ea3b694bda3ea0dc8800e31632d84c02e3ea886

    SHA256

    9faebaf7f3a0033afd10224447fc9c16e88c30838ccd2ae0cfccab11d35bd312

    SHA512

    24b8c49be486852de7892e988c5d32220fac9850843a98bed1564ce140c14179f815c9e3ff4a8d5cd290dc67a71c85a567087c520ffabb14ac25bc97b710e01c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    75d8abd3fad6e296b99ef658c6c81fbb

    SHA1

    c89d73bbdc1be5fb6804fbee56dc6df30e739483

    SHA256

    ca7acc8ac4c06e0e0e13f6aa12be4fafa49d7b730fa43a4287b9f05e69663aa0

    SHA512

    49d810eae6f71b79ea1fa599affea7e34894d6887d5500acad90de711a21c3b7f372f19abb5bc5fc5e75cb375b5bf9831fd69cf2baa0a0d7771c66fd74f45ef9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    d5d55f31bc3cf05160d43f584b5d33ce

    SHA1

    977622ccaff7632b48be6b25ccd46c8df5c0e959

    SHA256

    2cb3eb3ba75cae49e85151f55f8608561c1b7477d30bba048547809a55ff6c32

    SHA512

    c8512200533346d44ea9c3fb3b9bb00f925d7dc9a543052c98080b3db98cb4d946962b118b220bc54f73021acec9a67c1700a7ec1d41491cb9a43c3f7b1083ca

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    37332b17b698a3b05a060ba344adcb2b

    SHA1

    6323c6fc5eec3b1d2378a54e634d0094b9660543

    SHA256

    9091c64c8f7f191a7f0c3e44afa2e7678e98fd2f99dde62578c1b9401aa30d07

    SHA512

    71c231e94703957e35add5886f9823afb079dddb05495f66a0ad75c3c28ed00f3896df5deb1b6a1b336b4de4675f00992ed3c66b272db2790f38c6d5e9b2772b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    953190f472bda24ba63e45e9bb3416fb

    SHA1

    3e92994b77a31ecfbec57d551ed38e3242591f8d

    SHA256

    2ea7595b0cfd34dcdc181e3ae1f1eb28a9f93ee7686d2f16756d08c16bb6f153

    SHA512

    0b2235d582aef0bc486f4f900a6e3a77670de5cabeb02cb49134f246dd6b9e42651f4bed345a1a88fcb0cee9a5b75021c0d2917c95aed470cfb80e6c8dcc6321

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    3326ea400805e93c3fbd827e96b1d328

    SHA1

    87d705028d049dbd3fbedcb60481d41027291aaf

    SHA256

    3ee629a2e8ecd64558a5deb89c1b43bd2b61032417a01fc6113315a4396deb1f

    SHA512

    99b95fde1455af8e41e6dd2a33202a8baac7e2cb2b4fc4044ff96d9f16b88e02b0a26f1cb7cd2e3969a5d78dfe7e5ea270f6769c5854e88b19de170139bb9794

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0ab75f140c8b9a651d6442e99f48c0c7

    SHA1

    b6ff8355dbe2bf323f474e95c82bd484742b76d6

    SHA256

    6d96593f8a559a5e5019d2e4ebfe1934ca4f1db2a1e8642825d7d9411c51a430

    SHA512

    3186e89b9f1d9c400ca864aae8002bd035b9962a15033794694be9d1946a26dd2bf0a8f878693e69eb2344e0a80bac8e49ec44669cc702f511c612c4bd20f304

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a34365277b4a92e62cd84b228d0a3031

    SHA1

    af950cae61bb8d2f4c2324dadc26b3e96a598c56

    SHA256

    10f47a49e652ffe44e85d7dec7bb26f7573735698cf72186cf1261939dc419eb

    SHA512

    1de5eebe38634004309d3cf5e4c9541ecd24a693aba395d35257a458623eab46285a307e6dff0f6f8c6d3cc687aa3fc0eee129af140c523c47715a9d24305821

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    36cc6f4c9e8c507d008b6e595d28ee35

    SHA1

    90eb03ac3a38a4858a3e9ab6097fbf1cd4764105

    SHA256

    3e39e43d9d8b804bc10c627181bea662cfca553578dd9914795b0c5cdbc76e09

    SHA512

    a3cdb6ce34c16f84de4f296108039269925aa7f7f46688ccc5fabc5a35b98d216de921dcbbe9bb525c2cca982ed4d35c1ffcb10252c7566d302c0ca11c3d2e35

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    38a3eb8e07a8aabfde18591ee6453449

    SHA1

    f18613799904c1909a1d42dc8d947416982d9212

    SHA256

    767b63797bf76f9a57d5c34a13c591526480105d35c284676f17d2ecfa70513e

    SHA512

    82c6600759127884f610a72b84fad71665a8a79b1af4043b3bacf2b50e960917951677aa4933cd818f4fe56123ad52693c770d4761a83e99fb35c71966b972e1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    883bace18a3faf05b87bf0ad4025c80b

    SHA1

    6c643439acee205cae326234f3c79d88c086ee63

    SHA256

    ee2b026d13cf520e171b7296d410e225b983459ebe2824d18e76d178e51e18c5

    SHA512

    40b728a5b4dd1ad02f1f7f898c9f7ce8f3fcb5cf76de06d31a0f066aef0edebe1866fb6965ec1fb1756b0dd9fe0aa07f5b77bdc52b97ef82faa9d950572da12c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    4cbe1ab321187597d37c90b749914bcd

    SHA1

    9b778afb30138da373745883f0ee471f51fed9d4

    SHA256

    b509d6efc6ac9cd44c768c2e3ac82520e4a9258e6c424925384909e4b905a91b

    SHA512

    76ddc39718c826393f80e6e6d7ca4b6937b7abb65f38727e8925aa1a8d07bc5cce5fa89fbc27f18ea840e50a83ee907ebb7c6690018464aea76bfa936ab74f50

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9480cbc0dd57c5ce2e866aba933170b2

    SHA1

    03cbd91597db949042b9d7cadcfcdf60b0b093ca

    SHA256

    7b7ac14f9332e6a2dc3e8b5ee10cb8fb8c8cbb7537daefa47f67cb4eac9a9d25

    SHA512

    b0de2b8fde5aa081a92bc37d32d1297003d094d14f3f5f0570c5b711b50265904d765f6a6051802fd52d64d577ebd290a3079df1220d04bac0e8ac19300f714a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    87671cece9daaf69ade30a165676565a

    SHA1

    13868d3a66a61228eea831b7f8024ae961a18437

    SHA256

    041ab986e47fb79f689004a6401dbae946d27fbf7c71c93aee716353c680d840

    SHA512

    c5172231346d8701a59c87aa0580997a387215708fe151a058ddb911a2d247408c6ca8d7ad01f813753b4f0899248ccab52e95514f3a46584a7d12fa74b9c0ea

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8cf75b72206428f41f604c7c9f5ffaf5

    SHA1

    9e68c2577330c80caf7e03b7978ed21ab9657e1a

    SHA256

    75d1ee8f56f8e2f7be371f1f281aa1b3a21e2fd6cf1e1248664d2f9b68f526bc

    SHA512

    1e873f82d598018e74ca20f7d63de86255e48bf6eb8f0f5ab844335bfe7f6e3ef426d2171824152fc9d2884a9a8817b362d6685944424edb4efbe7c2ab19b081

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    d8ad64eba800633ed1d3f013d244c05a

    SHA1

    96d34faa39eae0712d1faf125601347c5a4a4b2f

    SHA256

    697f5a0adbd4576c84d65a34e2cdbe725716db3f87eef5e1b3253e4a2d80b10f

    SHA512

    b1029f706a4acc96fa0c2c450c13aab25a0697bbcd1680db2ad6341879dc93029dada5d9e9004a6d5c5b9de41d10bc772339bff1c468890448c7e527731c3425

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1a496d20b3d90353eef424bfff8b27f9

    SHA1

    843f3943abf10252ca4430e465339cdc063a7aca

    SHA256

    16cf8f40821ff50c3f456f441247b476af7826f8e6c060a88f9743d77f880aa2

    SHA512

    e90259aaebbd511f1e08f22cecd4f6fb106ea988b3db7fde4d1b28e0a8238c63ad52296f6c5ae63ba5cf9562ad8139a253e74242173df19d9b7fc872959683f5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ebbd4ca0db576d9d61c398323514acbf

    SHA1

    cd8d11f590c7a24f581e7745002372a9e03036f4

    SHA256

    7e9645f0a677cf1b5895f8226141d4f5e8e38350d591b2948b75f9e6a3761a93

    SHA512

    b57a86c59875f6333035ff357117740bbcc5c8d9182672fd983315e6b39a675a61c4128d8c1f4b285ba00cb13125a41fd21a4f3e80420779c274980233bca6d0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    cf1e88c9a8b7bc15e2feff3f0e56e71b

    SHA1

    d924f94d330db733e6ac0aff20ff375a6c8ed474

    SHA256

    b144061a6489ca77e7373c7499b68eb6c695e721acd5bdcc6fd8bec168bc62db

    SHA512

    0d2c3372506f4e9c4c8faa456be292e3724cd0aa0fda040ac9a4218692c46a6d06d3ca70465ad14b3294363b85bccfb1d926b4a6a85cf4323de1c74be3982c26

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e3de91429d48bd9562cfb8646ace564c

    SHA1

    1aff1e61fb96e159fd7ec8390bd773e84bb6ae4e

    SHA256

    ab3b26f03aceb58a6c292e5088af45df54370ded4b0e70e4a4e3a2c0fefd32f0

    SHA512

    0f362347c36ebd289eab2723ed9afc1a7d7790eac932d93582ad958b92ba817a8636fe807f7b0209721330d07ca7fb1f6e052631dac79fac387388692da20c7c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6511ebe4dbb4ae81c0390190480a4c49

    SHA1

    c061a33d315dbd16d23c7e856e5feb4405099545

    SHA256

    0f76d4800675ac38bc16b17b280951f05c49335b50b5c3b9c047238cf66af77d

    SHA512

    2405638f2de86d5059b1831d7a0401c4e5e9115eac1340cb34c3ada1c093ec11ac2c755a9366c9b37a8f79fc517d4ac5db3a257668abf754f1ccfe1e7cb6e9ce

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    84f9e23ea41d67bc678012d994cd3ab2

    SHA1

    d81302e080b27ffded38bee4292eee2df6133ea5

    SHA256

    eed8b2e037c0c4cde6b2918a3274280e06bbf416681ed6d1ffb0c4922420bbc8

    SHA512

    b9e65d15417516c80937949e2810e1351d11b5a1a0785c4324c1750c04c0ae95205524267e75d3c78d62a7eda10c95d3e52bc19a0aa7b080e618e13986de577e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    176a9c9483a30bc32431c975f830b46a

    SHA1

    2e11bc4c51331fec4ca8b0a8d22e5faa1c2c3db0

    SHA256

    456e154a00667e924507514e04b2519fbe1cb3ba053add078a1daf61a38bcb14

    SHA512

    4b53d104426010903dea1a1f6a9ce63b130096427a025907935d256572823557e44520ffa4893d7685c45a4451d086c736e1151fcc0cffd6560970e3203db324

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ced38d3ecb1d6bc0eef76dc805280096

    SHA1

    acb257cc379c3aa2eb7a412b29f7a999eff84e12

    SHA256

    81b60ffef7daeea8228810fc1a80924f0a12379a1898bc40a0849252c325d9ca

    SHA512

    771ab580872972bc94eb7d6420c61222c7bcb7783e016a3d59e833b219f3ccd86ef5a422f55df91a8fba452e8172df011d065cdecbe1072c26b1a5a42bdbaead

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    03cd7b009d4c31e23854e27ef51bc48a

    SHA1

    96d3e56b023a23f638d5196fda94d78eb3c826ae

    SHA256

    b2085dbc78668466e094d3dd4192e6758dea0c8ca1fd3fe11d27b709b118f230

    SHA512

    f1e194b36587514bbc7df818f36be15bbb4951a7eb3f55d2d9c4bfba716b95e7e59b7eb138af953ff1310d1fa979c8bdc35b9864a511f626424668d8b802316d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6ebe18442390b716ae46e46a9683d3a7

    SHA1

    5fc077be85f06a043323e4dac295e686c2133921

    SHA256

    0575d8bacb10df4def8f475da06ac063c576fab5215caa05dc6e0a234d43e4be

    SHA512

    ba119d011f1a6aef15cdf6b3e60404d98254e09a34f7b622dbc902c691c85e4dc44e11568f483031e2b782bc4d9a1760b2d63955a8fe7ced73db782c025bbb7e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    88c5da1d38f16be4ae178add35d4c209

    SHA1

    3a38870e78d02b78c4a7d1c044b77346abf4229a

    SHA256

    2f3fa49bd4d64f609ad1da174cfd89c9cdeb5291a416f806ab7b40ec38108ada

    SHA512

    d13be7bd5786aef35dbe1d96accb7cb31a8c1263f86d64479e7255d11e8d0fad5c1eb5efd7e102e77ba5f5d67638afc306dc37008a2ca2ab10e0b4aa8aad990f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    d744d46c5d8e161ec22e54c192b72f03

    SHA1

    b1c3ee9ad258e5861e9f3bce66ed728d2f21e037

    SHA256

    a55f615958b274145b2233e2014f7ab46687b052d335cf81b2984beb0b8c0f49

    SHA512

    ca5e9dfae721ad58776a8348f0cb96231cc75c2b20b6cfa4a0b583902b7e5a64d6638e8c559468860899af18c1583327f7dc66a5f853bba75e0bee8ab1caf5d3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1e5b4e8a007d9991003d4d4b6956d2c0

    SHA1

    6bda2b6994ea1d705b15b17465899afbea82896c

    SHA256

    4f3681f1f7221c0dd3ed25ff8b334ca5510953d1b00772d3a7a67ea7262d2af5

    SHA512

    fcdd129e817c7e29e3260c027fd2badcf64910f67234ba1e7dc52f7a7c9d4163d4dbf973964517a553ad140cdd696dd31df215b325f59f520d27d22a968a40a8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    49d9debf0f3cfc1c61bb03c53438f3a9

    SHA1

    75eb41377b1f3710887ea15269b27f03c50179b0

    SHA256

    61b5c5cfa02bf1157d8ad5054b76b831e3156bd17a0d28b80761354fc83a8942

    SHA512

    3e2c256ac0931df39f012aaa85d12dcf472f77fd2c2213de9dae1a27efc94fcc4f94a2159d8be6dac3635a0f488713a2209fd71c9785e2ea88b34a4692eb5083

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d95705f3bdf2dd3aa7701a315ccae94b

    SHA1

    d2307c01523a3851028548f37cf5b06b46a82542

    SHA256

    51f602b52b98fe8f132854f7cda435199a5f3d214714c124cd074ed691d41881

    SHA512

    eca4f800a3914f0a27c353735ac1e9bdd603d3c11ffef39eaf5adfd81c922abd5721ffcb7d4d96229af2cb850e5b7ac3d9a7b3b15163859a43610e6b43a997d3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b12bf42b5f6ac2c5675a10c8a105593b

    SHA1

    650fd8e55549074842cdb34aff50a96f0c58f7bd

    SHA256

    853bba6f3637f3f8db9c29c69c74920448ba280a0c9f62cf365a443876fdf590

    SHA512

    d170b38f2f21ac511faa2b5ca45403679cac27d5c40f74dd6c216657d974b4b3fa244e3239c89cfa73e717f060a6830c7d758bf1c74c667f4c3d67673013daad

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f438fd8797ca4f7a0c3fa2eb4cb852ef

    SHA1

    b3d5d734e460726698dc6b29f97e76ba54a9aed8

    SHA256

    cfb3b5008655bf83241df2c0a6148c88f45a8c21e9bf470af7363bcad370f49f

    SHA512

    dde9652d17ee57a4407060e1da3a564d1928b61492f6c40e1e8c2219907d6fbf20c70f00a5f7035d9bdad7ee4c227611bdbd5659c698ffd2607681b70c7fbcda

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    67c7ea753389f831418e9486941940cc

    SHA1

    8f606c1668fc5d6ae3bb9f5ebcfef448cffcc895

    SHA256

    98cc1b7f3c6d9d799db000808823cd6a6a67ed9501a139342c43f4fd4cb36b45

    SHA512

    da2f54b572c9fbcfca3d637535a030fe00bd710e09a379c22f3df1020030b954a84cfdc2da6779d21812c3e13449c654af181d286ffaa64b8b939da1bcd6a412

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    76f70654fcc617b62c9512fdd567cd76

    SHA1

    c98a3511ca02d12a78cd7d47bfa9d758ca918008

    SHA256

    cf206344a07db739651cbce1835629bb4d1f376e1453919df234aff3aaa95037

    SHA512

    2a3c68743bd2307ab1368b2ec4713f0f69e90f1182c396dc9eecba69708b053fc4a7d1fa0b3490c93a226faecb996518e83c8dbfcab5270bb03cb68f6ed92b38

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b2c254451a62adc1f33eec48f825dedd

    SHA1

    9180b5c00d085a42ff955e34b6ef7ec7c99aa309

    SHA256

    9d3cc429e70b05e846d2cac22858d5e00c3c5bfada95f4ba2e9f4920b691ed32

    SHA512

    c453e7ae6d45a861450c14d09376e68f7849c043c14d29e5e0edc34b7f6666996eb135ffbacef275f0056e96bb3a70b1fad9a258a89369e2c8f7c17a74637c68

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d09f32bf4fd77ca398ddf5f26b15c536

    SHA1

    6bf3d8d7527acc3b677afd58b9af188c41a64a49

    SHA256

    f7b28e48941153d0abb15964a76ce30ab15df45bca8cf3c27bcc4aeea882db24

    SHA512

    21c60df5b15476e5173159151a7908c8b7e60134386a307d6fa5160956497ed37a732789170323d8a7bb09f1eef2e3d2406ba4c57549afdd0f53d58e9a0bb9bb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b3affca48a52f73e4bf4731baf0917f2

    SHA1

    a837864e8e9053dca1bace7baac9bbc32b52197e

    SHA256

    d5d8b258c664ab80a2756664397b57f5624ff5663704812641758dbeefb8245b

    SHA512

    e237f19783370419c9b1540d588b33f68de6aefd8631f2e5f8c5d12a3b1caeb769a4896548c2617f8185e23e51d368c53ab1cac9528b2670c997e783040f174b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a747cdabe5a436e1d96cfb1cf52af734

    SHA1

    e9c63c94cabf6918e283c78b4b2c6e1134755ee5

    SHA256

    71c5ffa224632144a453c0053ea10478bba5f982264f428321430b43aa79b4d9

    SHA512

    dd3ea277e916a9a45c78334d3eef57b1951490aa4ecb6cc1f40231124ed9af0642061df65242a8d4b6bf90154a3fb252f7ab9e551d62492a98f76d2bce02508e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    399118ebb3cb7032d30f4183ece2d578

    SHA1

    b752bb98729caac1a116a4209beab51b42916e96

    SHA256

    1c6275ed0a089df28fd812412a5bf7255964123279580df9544d55cc1a6c1a0a

    SHA512

    3f3ed597fac30cbe3507f5ee4d69381dc14c7449af3244eab01a5cf22c0237ec648d7c7abb7ab39991168336f0cd20f9df94fbac66ca740ae79e0f2e8a51d730

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6b1a68677185c5a6a3a11b6d5d058c5f

    SHA1

    1b1fe43b7d5909d18fb9d5c0bc7fc95c2961b9d6

    SHA256

    c6bc36eb1c9d59dd439f648290a76ce003ded1a84276d29cdfa42bd935b7876d

    SHA512

    c37025f8459428319f2671cdd5392e633585434a3c308f8a2ad91563851dc94093037850db7dcbaf889fd654991c7f8bc7e0ed3cc2e5f359cf0258f0ef84028e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    17f3ea4630f5d28f189767bbe8d41633

    SHA1

    c4e4e0db196c567f18bbabf39dfc6180b77f8b1b

    SHA256

    234b480b0f75574b2083485b3231eded7649497679a02c172c2360d8591d5bd4

    SHA512

    a0e61706422d663964c924163fbcbe84a526cdaa587220e988be1e08b7eca86c329cdbb9b7430b286bfa5213bd82ee71adae72d462655961681d6351351911e0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    34ca5db973fe85ad1ea2ec641aca419f

    SHA1

    1c764ead59845502e3404b6cf71d602494a5a0ff

    SHA256

    fd999e6f38a591f014689e53bf6f167235f48892b9f63d36a160b8eb5e3d3151

    SHA512

    421f62a131a3b3b9d3dc9a51fad1a0f46f348bd6e7008abb87aa621b2b47ba4760eb87456ce64489ecdaf3ec2bead538d8dd00c26c3ac2e731c8761317ef0381

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a012a6b58f79fa1e90cbe7f8fe8e2d5f

    SHA1

    2882ecb990366d0fa2685652259b3171f5954af1

    SHA256

    d48251a363ad236bb38074c614e9afdf5bd05f287dd3ae62fc30bb9a3b35684b

    SHA512

    c72655652fb1e244559b0729984af89da6f6be4631a83f4a771cdb5ca13ac731e4eea7f2f67b58cdcd0fea3736d8ffe372361ab24b2916be2a596661a8fd6ba8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ece6021237d8bc241c00e87b7662fc86

    SHA1

    d85edcdd1a7867e8faf27e9dc2bafee026f3a4a5

    SHA256

    764a1d3918932319c8a40320a595c754ff06115ea0c33fcef25d1ad79f73b92f

    SHA512

    44715cab3bbfbedcd4bdd7ec33d37d7da69db8595f25b52f0d350b834da8a481c37d33aba348bab07e543b22c72b4af74518309d810b33ddb5e93fef12039aac

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ab2b771bf850742f9dbea929a9517918

    SHA1

    a08a23f0fc0827aed222fa2bc13e81266557b30c

    SHA256

    252a909a596b667fe31a6355696408b70fbdaae0f7c51db71c47e75b83940a26

    SHA512

    ca0657c2b9066d98fb9bfe7a80f1b9e80242251429e4fcb049ce18e977da6e97615521a0880aeaf261e453d27e0061e3ac67fc1ad2104f140119e8007a4ec387

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    8a3c27f883c8ddb9739be816ab628f96

    SHA1

    3c074f84906eee7eb92b7bec60363049d32230b1

    SHA256

    1d77f219d0a74b30c1868e1f2045b5bf8323df505ba3b57c83f9f987c9facda5

    SHA512

    3efe376b86be7696ea162695ffaea5933adca24889aa1b7df5ed1e600af969a44538e36fbae75ca0a83204c0d161be37bbdf1b8e6b6e2e315e0b0db0908621ff

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    804KB

    MD5

    d210d7910d11f1a1aee853b084735f73

    SHA1

    0027bd0b6eb64a04910a03540e0510273b9bd6e6

    SHA256

    13184bf257d572c80116c6242fff72ab1bf8ab3288024edf5e2e8e496bb26df7

    SHA512

    09780e520df519528d5c5fca3f2a2960da7f33e41aafadc91ad7a8e6de2bd1df5d3599e1e8b22903dab6c5a20bbe9a728a0f35d8a0ccc79f29199f157c307ffb

  • F:\$RECYCLE.BIN\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini.exe

    Filesize

    1.0MB

    MD5

    a34998caad06d0ff35837535dbb7c354

    SHA1

    297e435c78008814131909866296ca74ec1eda95

    SHA256

    d6a0e0d5d689a3c5afe3703fef8926d4f2a45229194e4ee0a74d267718e6a483

    SHA512

    ea8c3359c92e78b09c0f79c863eb3133ef006cff046a0f80687edcc2f8f4c18ac2778f3e39a95af7d04c378d83192060765f9d6fc163cbdd5c809640cc72108f

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    1.0MB

    MD5

    e58fe7f6afccca5083bb1a0a47fee71d

    SHA1

    894ec727c20fea7c21ae45f7ae836700af510c72

    SHA256

    8f87e56e12dc78afb8895bb823e3edfd0fe757c3a0c88bc5e18bc5125e687fea

    SHA512

    5bbf931a57aebdb4402175598d85151373b2af46584de5522b0b77df8973944603632b9ee8e8a3d65c2c98c277fa75b28a0069c6fb5d95820f4527cf2a98e38f

  • memory/2252-5-0x00000000020D0000-0x00000000020D1000-memory.dmp

    Filesize

    4KB

  • memory/2252-8380-0x00000000020D0000-0x00000000020D1000-memory.dmp

    Filesize

    4KB

  • memory/3480-0-0x00000000020C0000-0x00000000020C1000-memory.dmp

    Filesize

    4KB

  • memory/3480-7246-0x00000000020C0000-0x00000000020C1000-memory.dmp

    Filesize

    4KB