Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 04:20

General

  • Target

    2847aee524dcddbf33fade6a4dd12a45_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    2847aee524dcddbf33fade6a4dd12a45

  • SHA1

    e7e94fd76b1cd0dd40b40a7d14ea64db0e2ad016

  • SHA256

    2d0c69c0abbb080a635a97af58cfd710abf3eadf83dae363c7dcc62204b62171

  • SHA512

    7fa875101ee474b0a6ebd10cd3a886d30f9eaa61877fd629d8c187b5c5570b5a4e84ba648f12a8799d63f91d8e81a6ab2c9c6e2c38c1b0d2152332670820c173

  • SSDEEP

    24576:ZMMpXS0hN0V0HoSMMMpXS0hN0V0HoSTSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFS:Kwi0L0qlFwi0L0qlGP

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2847aee524dcddbf33fade6a4dd12a45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2847aee524dcddbf33fade6a4dd12a45_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:1636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe

    Filesize

    1.0MB

    MD5

    304eacf67c6a10dd8b9db9c9c33bd1ba

    SHA1

    49f1639204f4972555ae82be1b5cfd45a7777d8c

    SHA256

    84e8734c2f2426c83076063bd3f94911f3128b5d5d5a1a7fc6fd46023d10c08e

    SHA512

    cc99b7d5573fc4c2e42ec10308585126b217a139358001fa20e76adb30877c9c4b55d2de5d09e3c4c0a5cb3b44eb47ed909040a62d9ee90d3e67b642e7954168

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f143fe21aa446e98f7484709a8ae3178

    SHA1

    dd708b07df4101123789123308f38c40be81042f

    SHA256

    52cfa5f8836136865537db16fd9839ed3521fa17656968f164873e464df286dc

    SHA512

    de72a9f395e9b5cd5db4030f896b779a8048896e22fd12a2352fef23965a431b77b222ebae2c82ab31a5aa61af8b65b9653527b4c9bd03ddaca778f3246e94c5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f5fab851d3fac5285b675c5cec08f09b

    SHA1

    18f901eef4d2c9b733e00a97f7c907f1b66e2c48

    SHA256

    e0812376535487b7d894027e77427e8344331941a668c7a7053c5e3831522a2d

    SHA512

    270eb4c384fa64ac0e5c6757070c65242101a75416d619f9d3dadd505c662b86be896f4e6db4cd2c74bbda15ee320f88690cde96de097c511aa02f1cc901fd36

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8e99745657dccf52599300076a926f3e

    SHA1

    b30f455349d26d42ec5d71fccb3e019147c216f2

    SHA256

    6d9c0bc1dfee630b52a80966616170631e704c2126c6b30f2ffa64093b8f6019

    SHA512

    67bc16b0fafd86b03603fe0d9bde5ac376b88c6ac9598c675d79132f128cf85e26f5877cc2b2d483ff855395a9890203806806cc85b95b4796e575c9225d638d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    195fd9b9b83aa03bb7549d0d6ad2be4f

    SHA1

    5a39230390d5e041c8d67cce886c7bd776ac0f6a

    SHA256

    6bcc70fe35e791aa5c29b2109340a0135f9d2ad6b671a9f83b7c807cc0b8fa32

    SHA512

    fab0c2bde38de8271c0ddea2c7db2aa55e41002f4475709a0f818043f1f950a369c88c20a0d502e64971e9783bdeefb4f5d97a10eed7e7fc338321271289b025

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    eb499f079d36e90bd74af18b6cafa486

    SHA1

    47a22d052e3057f7d713870ffc1aeb9d634f7adb

    SHA256

    67a590544e8b712db53a1e0f677982a472453a51912dca70dd4bb6a5ae71890f

    SHA512

    7808a6d7e826e48e0091388d6226da8406c55a9d64a49dab18685a8aed8df70f0975c5c76fa0e2ab514b3a802995637fa25075ed91b35ee66609143132a87de8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    53d3c4f96843ce0c74418e98853578a4

    SHA1

    b7ff2cd16da40a7c1b6a34ff1ce14a548bdd3550

    SHA256

    d191bbc194f1a022c164cd168fefaafbdf75648224e086e69acc5bbdbb1a790d

    SHA512

    e61d801e261ddac4f0dc52ea28cedf6a07788d582372f80455ea3a75b40fb040718017bf2bf191ee00830c4127476331b48565ebcb3a4dd2c6450ff663713282

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    cf90807d489c443f02e352cd10ca4c4d

    SHA1

    d3fafa3470dd417fc4ef863cf872a6a0b91a9e13

    SHA256

    c4d39f29b7439d191758379b7c610b3291fc1fd1ac665f2e19e39f8c14f9d8b2

    SHA512

    d1db8c2d16b307fb7f4dfa519c0cbd6627c710a1c0b3bdff8dfc36473af1dec4a48003c607f9992a72f451a141785f656eebb087dfc2a24010f2007aeffbac75

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    07886f65bc3926ab5de065c01278461c

    SHA1

    31b2d2e012d4229fc77c5a15007a66306d3bd8d2

    SHA256

    a877e86555adce82caee16215bf3afed810a654014b5d72920edb74e599292f6

    SHA512

    94bb4c674eb8d03319a0c75ba88cbdae81a9c454ced2d7a413d0288464fbea3870c30515727a3d4e287be5a23b31f48a8363c1541be0406aea4e8d9ea451e1c2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4fa4fb5e86637e7be31dc877e65b6b3c

    SHA1

    05eb7ab56eb39f5b4467cb3d65d7a320efff9072

    SHA256

    943159ac531613a4c35b30e3f9f9c7c5ff8ad998fa69185d8a0a963265c37060

    SHA512

    cb26aa925172c626fca6f3a38de1b38ba51b14030608026a8908f5e55aba03537b588eac5716589249e6ec6ea45739b4fa73ee35599d3e017024093e78b61406

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5e413540aa90fa375bfd6ae988282830

    SHA1

    90996f52b52542e64e6f63e9f19841d1b27f7330

    SHA256

    bff47fdd98a028ebb495ba2b52119335f2508e3aa069436b137cc5f04ec0f921

    SHA512

    06c6fc35779c852396df1cc685de5492ac9ebc8075fef2af8637fe6aa63636f5e660d49dd348e031f1a0b5a48533224d1aa9d4ecb75345c41bfd76cd91d0aad5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ce321adba756d178cfe22cf122298fc7

    SHA1

    c9f4602f7e88281702a3a32df25844b6ba5e9dbd

    SHA256

    35a74401630492b67cdaceda812b7b55926e0d0fa18b488f33ae7d88b84a6de4

    SHA512

    7b2aec6adede65430054041c6a812ab892ca4b545ee990e03a63d852fd793f17f274d261671705a3de1a26820f34001f805021e89756cc1dc24262c7c7f1f528

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4fb46757dc705c608cfefd21749121b1

    SHA1

    369a41f03ab0e4ab0ec1231d770e6bd00ac1a414

    SHA256

    42579697025d54c3d465d1f18f2f0a761c6f32b3c5fac66c35bff3717a8fe8d8

    SHA512

    c5fe10fdc8c7ff8c0f074cf1e5184bd02371c92f272427cc01aa659a828444c040efa6b75cb8f20587fe2efcfe4abd857fbc1e05a8e8601efcc00b6a71d9c5ba

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    adc3ec388f42763856b4ea82bb1b11f5

    SHA1

    087d01f9e6a74a255db96380209b40abf055aa39

    SHA256

    676366c361c7fd6483d45a286ded1d49c74ab60dfeedc39a467df481faaf793c

    SHA512

    651897aabaa502beee267b57f42a55b1dd228af6e8fcd8b996f279b1da3c902ea67780b26d4b64ba5391e6eb5994baa8bef9805e7dcdb2792f5876f1863ffa26

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7e651f812b2e2dc7da987f7cf7e030ca

    SHA1

    aa2d05245bd89dd91ee665d7536dfe0c655a1781

    SHA256

    a52eb12c26f53da09e66ffe07b119ab843554ffb622cf2e5d108e3c5b00f3fab

    SHA512

    af380402f86ab0013636fadf91540f9580fdbee389298b85f36df371d7bc3007f88f3b393b6ef381ef4910569c8fdee66d25c60702c8be9eb2f11f85ca49e579

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1547cbf9f1f122a7d0c72c0be672d51b

    SHA1

    f5f06f564d399ba5f9cf878f5f4162046a3c3d6c

    SHA256

    8c75b5f5c6fcfbf4b00b17256f1282d9b2f8053dc30031675a477b0c01f3b61f

    SHA512

    e39b16012f5d611d67eb18616bb8f41568ae3fd5f66ecb9a6e1d34759d328f940cb6e7517081d163d02085de6a5d2b5ac6119d37ca87a44d201c5b1caae36492

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2212ea1986de21c567168ab3d299764c

    SHA1

    4ac7cced91e947e9e1e25141fa0cce3c985b5b37

    SHA256

    78bdae31220a529a7bed2dc3145e216dcb895cb99d17fb591044cc267860bbee

    SHA512

    c8443b3754bb2bf46b016fc2ee2742e2dc3f48452a8c2e12edc845bcfa94c9ba75932c786b31ff915dfd0b3ae95f6b6098a1c6514e3784f31c7fff6cae91c876

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    bd4121ac60de41af28589eba046d4852

    SHA1

    0fbd43144df34dd3578d845707147a101866c6b6

    SHA256

    eb01803cfcd5c51ced48bfc433942ceb0ec5ef374dd01c3c2f0bee43dcb0a194

    SHA512

    2b58bb14662d2b503d30e8da29ce3f04513987a57dea05b048758d8106c7a647791422c5e53fa7daf18b356e351438909a833aa71b683d78eab737a43ab4fac2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    78f8e97ddb880f59ac07ce3a350b67f8

    SHA1

    a77e403173628f9d6416334ccf63b616c91a91cd

    SHA256

    a555a4c62920ed01ba1510aad00d0fa192e59c3ed3b213e46526537134c7af05

    SHA512

    7bc6c62953080b0e1441ad1380e06d10ca46c7620648b5f9d95bef6ce8b7b71dcfbed1ec6b07f664644ccc0494adccf11e7b42d63a80e77aba654714dbbb9ce0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4a814477ccf1a322efab0f752dd82721

    SHA1

    ed1c620bcff81e96e63ac4ceb513a14a233dc527

    SHA256

    741f004717556ef8da15cb531c933026d607e8d239b656f54491595f4409562d

    SHA512

    2bc255b97d2d225b3066e4cd253ac9d97f092decc42046d87a9afdcd08282165be8ce38a6da4347ab2cf32deadd8cfe41008f2ddd4c215d9502196b618538253

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9f70a657e9ffe460c4d98a3640edb0df

    SHA1

    58d76048ebfb70fac322ba645d4182f3adcb747b

    SHA256

    932163dfc1695dace62f956596701374c11b994a096a68c8ec167725143c21dd

    SHA512

    0a9ddbe04d4a63904e33d2d5240d4554d9b799827f6f6905c1a513d987f32869f27475a1750ac7ffa1e0a3f103ec2476921c97517053c3c418b796b094615824

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ae493a5e30cf1c6fb7c5cefd069c65a2

    SHA1

    107c81f0ef72680f4f5518592cd652edf1d29531

    SHA256

    d2d8ffa8bbccd66f7f4216399b623f8d0ef737c72fd7cb753e5eaa77f910cc9a

    SHA512

    7e9beb52242183b944bbe2c4fa3899f0e0b9795d9318abb1dd03d69de591769595009e91e6c463ae1e1ec4693d69c0e198a5a46495cf65e085675ef4be6ff8f7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4c514fff5591edb8100fc45c6e68712c

    SHA1

    c042275786ef2db17d1ca79b259e6734c21a0e35

    SHA256

    73715de561a7efa2b64813376e66f4067548ce1dcfae1d1dcb9a9eec1617f55f

    SHA512

    74927b9a1f271c886ed59481ced7642df7cbe76e7acb488190592737920bca2987b4b4e81c3bc51425ef392177feb9fe50cd4eee0ed08d36d21a691106dac182

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    505487158783680726e874d6633b9f42

    SHA1

    88c4c4fec7d9231ddae5d55a9adfcc0dfb422948

    SHA256

    14749bcb013a783cc60054985e88e9a73ae9c9b4a4a4aade947747a906a0e495

    SHA512

    94449af6326c753eade942433b9b6dfa961c77a0c712daceadf46b8d839f3f2f99e17ea77caebdde62cbb90f6fe257afd8a5acfbb851832a1e9e1f8ce570b184

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c5b9fe59528a27f2c84f5dced50e7f33

    SHA1

    8a85d30552c0284953697fb28d8746adf1ef651d

    SHA256

    09ebdb10e9f01f4a3937dd5d05cfe29267d87df45fde4d215561905bd4bbdc7c

    SHA512

    26d087b6c15ecffbc3a3e8dd6074e648df5ec926325f4173e2ad7e3e2d8a0f8ab0b8baeead327281b13b9299851c39aff1c691d2781a03eb6339df95b59938cb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1dfe5f81e9ae72295498b4923b295f1b

    SHA1

    a409b7e543813f158edff9abcd59f06de6ada485

    SHA256

    8efd6a6749390c624edafc22b7d2cc4ca56996dd2713b984c0a66c3dab51f6bc

    SHA512

    3fc3eb983b9c9ebfde5a91bbc1cebb8645b97749d20bf87cab2c230dcf0f4900672341e539d30d0d6d6ffb88c04f8aca65f0429f16c2225380f2702c179c2449

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0f884636356fd1aaab0479c0850fe295

    SHA1

    b0c09f9f6cb598d323e440fb34edad0da4c760d1

    SHA256

    789f3c937fa95d108a344bbd48fb46f2c878000e162654fd67e900a2fb250a19

    SHA512

    0a5ad49be9404bb1141c0c0a32c3773b1a34a7492478af1d2af7876b75805ae4632318ca100166e9d626f7b7836d38142a64ed51e112ead275ece71378fb658d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d3329998cc14c81b48186726f3de7da1

    SHA1

    aa47f481da862b187c89374e867e88cd17a308db

    SHA256

    c5b9e723f0eebde259956bcd4a4cc83630754f9501948767618cbbf67fce0cab

    SHA512

    697d199afaaa23d18787181367f0a1184abf58e683c61e106f17b1f5dd44a348847fb07b9ea6bfaf3923ded4c59ed52fd996156e8febaab9834febd220971e13

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7f9621038f198890fa2dec9194ef5fa9

    SHA1

    acfcd1536591dd1b5da7f33947754460648f30d9

    SHA256

    0f86cbcc684b9dfbe26989cd44b0312e3eb14f82d8b71073e58892e22121dcb6

    SHA512

    c2ab06528c724cf2d894ab33b62e3331a8f52b2760628837430f0afc923963fd95004b53dd55cbb28c9510b7e3dab0f1832890d619ce84e8b242a681c0706d4f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2ee2522357dba57c47bb30107b83f9c4

    SHA1

    8866f1720806cbe9004429b1370e02e540c83359

    SHA256

    fcc64ed1ce04e3b46d4f44331ebd1b9caf8b9094bc4f1fd97f022203dd333070

    SHA512

    0bbe4248f4501e6462cd2d36d01a659c4143257455782ac60bbfcb4f13c6819997c7793d20404da9643dc8e907c75a25a0ca092ab82316ec2176440b089b9695

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9677ace953848eb17920147c65077ba0

    SHA1

    386caaf454f43bfaecf8c44e85aa5a3571fedace

    SHA256

    6c0a6560e354d4fd2440e9d79d55e3e7bbc62025c4b548636105cf30f087da75

    SHA512

    c67099444c2d562c8cf5f110c6979251fb468e125e06b51c7adc23eb04f4cfc4604f7619ad7a73edc459842e5bb33e5e51bfddd22bd7017b5e3e8bc091277a43

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    eac5abc6c3125e85729ab96c134ad167

    SHA1

    50c6a5c98896b00eb66cbed62f4f6aaa02fb8a3a

    SHA256

    2eb91ce45bc4d73ba8d664e2813461fc8cc9f0d2e74ffe0304cdd592dabe0fd6

    SHA512

    6fc1c73f66c783a80e43edfaa3862f97a68fc806a99c6a09de3b4593964180b7a6fa592cf62edbc8f7fdb19b2dff3d4f0165a25e160d2ea937acd0a137d4bc86

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    48e7fcf14fdaccdb741316ef1f46b8f8

    SHA1

    2251bbac645b3b846180a892affca29fce1430d7

    SHA256

    00a585da6fb221ef1fb27cc09b31e849a5c33055d054082979aebefe59c41df9

    SHA512

    f257fb9ea85f5f61b967bf848f7df365cab3ff9bd3e6cbbd894f4833477f89ec58263559344b9b6c90b1147339f0afe448d6f9d670d2fbb3d9a7c506516532d8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    12808e1e52847bf6ab01f4bf31585282

    SHA1

    2a66cdd24fe949b2b26e75d303d8f59b327f2549

    SHA256

    3e3afbe8a9434056b912d032dcfefc3f38d4982e8cb7d0f519ff9307fca9db1c

    SHA512

    3bf1d0fddb078d4c959265e790312481d868d3258d61c6739068e8fa36676aacf4082a0a526e5fc52184f5981a759d5631cf5d32398128ebd061e8c0cc67ee56

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5844e5dd57bd6bc232d2fa20f0939c33

    SHA1

    1353281406a4e37c6552157a63026111c2bf09d5

    SHA256

    c18a3cc4a608e724f530653c56e2add255f7ed03f0d9a8d0d08943ded4594176

    SHA512

    b5eebc4bebe822703b28641199acca02a1eb952bec4a6508dbbf8314e1c7bcaecfd79041e62996a9e89f001a0872f8571dbd670eb613fb45b19400486c2cfc2a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6b4d23402552ee1296644eb91a89c044

    SHA1

    ab5ddaf239e9955c306e955e26040088936cccae

    SHA256

    9cdfbc3362fbaf54b37a316e534ce36d8dc13d4090b92809f214b0023602286c

    SHA512

    7bcdb56eb12795a7069dcd6470e9e4a2b371a7f5c5aca5a8d645f07ca6f8ef9abc3100d1ee9df7fc75f76f048d80141373782138a296d4f9854ecc23bf49dde1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b80b7f379cf3146390fa2fc1e195de93

    SHA1

    629ab77abec5c0dfef505148340ddccfd2eb234a

    SHA256

    62a18fd24b142bef32ce99406b21d8b370f8562ab50c7dffe89f0e344bfe1691

    SHA512

    6da51749a9558aac288d864a0f91f16be0453b87b55a86939977b86f25c6df3d819313e0d196610309b8820d4e2536a37a9aef45737c3a2f4560dbd6200dfbf2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    067e07a43ec39ecb2454f48dfd9c385a

    SHA1

    992ae164cff28683615c7437cf845ce93f096ce8

    SHA256

    9e32ae293acf63d683d0d03c203cd44e093345af34d1917c6b0796b563eea6cd

    SHA512

    57c8f2225cf66b479c7d1ad2be865bea71df73e4907b217aee69ab7d8f7cd03898b56192a25e6d4944415df4fa3a1c9b93cd9d76d630f039fa8f3d5e8034ec8a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c5f7f7efa182fba7d187d074821d2b83

    SHA1

    e746ce21a924e8c850dd0573974db0312531e447

    SHA256

    d2a3ddcec304fce2ba2e8d71aefba6f4b1f9f70637e8a00644457a973a036ae4

    SHA512

    230aa6c2e3a1be57fdf517ac0ceb0d045a694205e12c320f2d4fd05607f78f082ea58cd91e825da83c1ad6a5ca5a25062b31d8c746c843fc2f408613f3172016

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    bda6accfc014472e54e15d023a4e8111

    SHA1

    a8e60d9179e8166aa3f2b1c5f54ae426b3faa71a

    SHA256

    27605cbbfcac26e72411d0517a82fd535cba0fb6df0824872da42363b98e6697

    SHA512

    54e07cb95793aaa342cfc57213d247a679ea1794a177edc88b40c69bbd5b21fd7d136228176da7004645777db6fd4cde725dd20b52033bee058e4317f39b37ff

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c6b2ea7a592388c9b9cae02bb31df2c2

    SHA1

    ba4bc2439a798739c132e002bc043767470d29bf

    SHA256

    5f87e5cae7046ff47b182eb141a73cb3ab3d98fab48fff2320a4d06c7f15a38b

    SHA512

    6905bd3e12e3407d408274cdd82432947ef2409d8c0e4775024fcd7b42a571b772628ca71bcbece282d736c12473d57af30d6f07460cc47ab00d849d6b340335

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    21fc03c819d0a396af6db528a0e55b81

    SHA1

    77cc4a5c9fd38dcf83180b7990b99a43f18a09a6

    SHA256

    9fc6eb40c42c5f41047fbc209644329bcbaa334b9654f6e107022e23a206f392

    SHA512

    923ef487b91c120d852ee632d3b3662f06fa5ec97f78b90440882045cd4beb482ea727bdbf81c4929addfd16f24bb45f4797a240b8544bd2f1d3c195a5e37c87

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    795c00e6c0c20278d32ff2a003c9d550

    SHA1

    7fc3ebdaaac17f26e5cc434d57a108f86da42dc6

    SHA256

    602d02c999dbd027a6c5c42b4723a96625b7153718c7044b82eb226c02497429

    SHA512

    b477e98d668d0299b71408bdbe53872e5e177adf33912ab5d79c605d029c3facea0eafa7d2338cf97b62f05555e7c8bbc457c87758f2e7500fe958b87f0c00b2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a14698ec075edd209f1ee9077c909523

    SHA1

    f6326b2298dbbb50e55187ab9fbc28bb8a73d9b5

    SHA256

    cf693caf5da6621aba52c4532b77924e52023c00ec4f57b63d94a022c75beb22

    SHA512

    31cdf88089b75b090edf415aae2292554081b834a0069d6a99ec46b8515c3ff7fa28741aa3226a1bed33232788aac0ae2974fc3df7249f3d72bb70f72988a643

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0818a9f8b45dcb3b8370bc285053eeb6

    SHA1

    b7deb2dbf2ab692f5d545bc2d513d4de2621e5fe

    SHA256

    b3202b181b31248d0c76a02b2152bf28b62be8b85b34168619edc2c0fa7a077c

    SHA512

    0f9a0cb5e70ca540ad0dcca3b084192d0c4e9097e52a56e88967174407f44c0f6ac08c5004e53fdb2cb8cc3a9881f353479ca01279a2dda5c6ededd6fa333c80

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    53c525a87bbc1fa91a746f8a0e360691

    SHA1

    f37ebfbd318d1794b0521a81f0c0562fcd9f3bcc

    SHA256

    30136adb78c633b0dd74fdee30c4e5a4dbadb48aad54237d87025d130e80fedb

    SHA512

    0038ceb007002e5072688e997f1cba17696da293429a2f9e24a5a7faf3ba3927ec4a1c5d6ceef25946c384bb50564fc4d1108db51eae11189e051a3ad51a3776

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ff72ecbd100a88aaaf9c386bcc23cdb2

    SHA1

    39b56e1984f860ecd77747c2b360595b7ec25ec4

    SHA256

    3e58a53ae6548e2fc9bc659f8fe93018e4a8cd4cf57ef2ae3508b401cf704c51

    SHA512

    64393b515369ac2184b83843cbe6f084c67cb1d2879ca7031c586ee8e106e7f5edd0c53d2658ef2cc67dbb7268a2263eba94ba919d6191023480cddf35e15c20

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c04426e4dbe0770da8bd4a2822735015

    SHA1

    3339ca8b55b3b96b6fbb7737711a2bb867517dfd

    SHA256

    d05e22c8de29d68523ad4625abb6dfe0f67312e6100bb78de534212b73e6ae87

    SHA512

    97c9f4452e28f797b541a954a4b366988a15b0671269b171fe82b7fe0a7d55f360c0f5caac9c3e72c081fa2a04cc503fc6abeb580ab453879646acc91a535b03

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    cd3120449f34cf7399ac0f3ba0d21bc7

    SHA1

    db228a7914a68b0cca00f985c46ba98b74c3083d

    SHA256

    952a1c0c85ff880f2a1f294a714ac2094dd82427c967d4ed4c3892fdb0c7c13e

    SHA512

    431320a8299159236abda2538524294ac3685f54c3b9427ee1dd5b5c1ea3376fd941d5d58fc34b809992645e55ea119b917d9161915e3a347b48b6fa95ff9cb3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    73ceb4e809f1b74aaaeb12dd7f3e0ae4

    SHA1

    f7bbec941f6d3cef58b3c46524a8fd1e2ed972aa

    SHA256

    ca204d93dd11eb4690b657d68c327cb8a52faf56cc540b94955990cc0818a1a1

    SHA512

    fa27d1049eebf9875ee598a390795ddf1cfb0ecf7e0852105ce84cb0717818b851de25bf98f23a880919b874537253e4187a4ae7a1e328f1555a0a3cc80a12e5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d8c48e5b8e964addb9ab3a1cbfcbad21

    SHA1

    ac362ac6289273c9e55bd9d52bdef9e1e0fc06dd

    SHA256

    5d890114f13c984f1472b2dd4e0b9127c4a5613d97a27ab89fac9f3be4f9ddbe

    SHA512

    2724ec153b9379c3510990019875d78325e8156a0d19f04bcf4183f937680fcbd1ea389c8bc02e4ca14ec274c52e49381cea1f3fb13632b4c8840d6d748afe0d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ccf7644928051735b6908207de5b5574

    SHA1

    afe54a06f95d4e80ffc18df2770159beb7816c01

    SHA256

    3828b742b8006e176003d3f0bc39dbadb5a5a46c4988beba4b9d006cff3f34d8

    SHA512

    3cdcecb7ce4ae516e1c582aa473b43c7b144ecc1dff559954c162b315ccfca6e74ce18489c74d831ce20af7e3a4e108f82d3bcdd0904b586289c81d112bb6206

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    af581148bf5d6bc894e13409e78ff484

    SHA1

    fbb31f3a3286397e5e8aa3adde8fc262e67b1a45

    SHA256

    5472e9483cfe92888d9cb88ae1b5013f7f456fa3003c6ce926a2d49ce2d2c69f

    SHA512

    d07ac55647ae92f17990aaaf31ef9c26a87d5fa5e5a5ead6d63471e25dd75f816bede7e5b80eecee5e1e5ece34402a071581a4d8de2fc48b92fa2039c8b9f5c1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    fe7f5010ada9e1b34197e3d245e225f3

    SHA1

    aae846fd5b6e0bd1acbacf05ea6b3e7a48fd518e

    SHA256

    bf2617e8c0735d1716cdf820d2244a3da3b736e971c4da2f92dd64b132e2f50c

    SHA512

    e693c1090e5172b5444e9ca15f28e8aceddaed5bc1d39869c8ff9c1cecf724d47633598aa903f95868315b91d351be07ffef789a35b6b93c149e5eae63cdc368

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1766352b26761681c29ee4994ea7977e

    SHA1

    21e742b90975eb20a87141dcbf1d55a6847f8fac

    SHA256

    3a28b1d34674f9f354cd973bc4c5d3327d507e84a8b6c9a439dfb2819b44473e

    SHA512

    23244c061012a4ac3b20a1f9c743db96e4dbe30b275674259e4d80327b36c9dd83c66e2b3cf85c2fee421cc269d6c97744e8821300ebe88492d46ae7133604f9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    04db235b76d44640d284fa527517f8aa

    SHA1

    f8a0b836bc501fa4638569fc0e20876573f0e2b1

    SHA256

    bef9b70311499899d18594e84ece841eacec50163d7078301a601ca81928579b

    SHA512

    39df5d3b923fe1027f4cb1109d447baad4f3a7609505a987c2bcd7e60e68bcff6b3affdac49b4bcb2fa5d9ae61ee249dd9440c4fe22b32330abf6bf5aa128fa0

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    866KB

    MD5

    c378c77f977bf63d6a1b6d6ea8247bd3

    SHA1

    73053ce4027e3f530979e4f23f82e547520bd442

    SHA256

    610250bec271b8072d9f6b6a1373f413022dcb5b687336d73f5f3559b4d1139d

    SHA512

    92da359260afe58a6455c50428e30248f9a6c2ed81c1d385898bb65a5f010fba1035e69d454a77106b741856f6f2bc40590b7686b324ae8ec6c80b446ddf6362

  • F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe

    Filesize

    1.0MB

    MD5

    c938d64c07d2d07c5c6df57d92038ab2

    SHA1

    8b20d6a91489044b799bf686cedfdb661b9a3069

    SHA256

    4ca7b372be2f408c429228e077888a706de0fde1a5bec1cce46a6cfdc4af457b

    SHA512

    89de91f54502325719c66d20eab1f98b023388a7687b879e79c76963c6f363e79087c77b07b6b7170b80d2863143036494b1560740aac5293f693f828e2a9871

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    1.0MB

    MD5

    2847aee524dcddbf33fade6a4dd12a45

    SHA1

    e7e94fd76b1cd0dd40b40a7d14ea64db0e2ad016

    SHA256

    2d0c69c0abbb080a635a97af58cfd710abf3eadf83dae363c7dcc62204b62171

    SHA512

    7fa875101ee474b0a6ebd10cd3a886d30f9eaa61877fd629d8c187b5c5570b5a4e84ba648f12a8799d63f91d8e81a6ab2c9c6e2c38c1b0d2152332670820c173

  • memory/1636-70-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-162-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-5-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

  • memory/1636-182-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-142-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-122-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-49-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-112-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-132-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-59-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-152-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-102-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-172-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-90-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/1636-78-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-111-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-101-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-89-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-77-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-0-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

  • memory/2332-69-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-171-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-161-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-151-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-60-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

  • memory/2332-58-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-121-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-181-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-141-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-48-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2332-131-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB