Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 06:43

General

  • Target

    28c423a0fa0a5094ff5f7054ef3b0ed2_JaffaCakes118.exe

  • Size

    783KB

  • MD5

    28c423a0fa0a5094ff5f7054ef3b0ed2

  • SHA1

    a9ad4e7f3da9004b98dcd264d444c07eb58a3067

  • SHA256

    7e862226f685439f0e33ebfd42a08e3f68298fd3ca4a29006be3401a09737124

  • SHA512

    bacebef1231ffd1db387995935c9ef86894c61cea37e87743bcbab2553edb4f0b578941e2cc0a32bbfd9ff391212720b370b59e1438bfa04dd26c096c161af10

  • SSDEEP

    24576:ZMMpXS0hN0V0HoSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NP:Kwi0L0qlJ8Z

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28c423a0fa0a5094ff5f7054ef3b0ed2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\28c423a0fa0a5094ff5f7054ef3b0ed2_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:4204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe

    Filesize

    784KB

    MD5

    a1f3f66e624c583f0f704311f7c14bf2

    SHA1

    6dc6eabfb04d553f8fd5820eae09d9106710edd8

    SHA256

    9e696a5564a71635a162febb6fe283ffb0e73e80f4ec160769511dcb6e266ab8

    SHA512

    45eb58fedef7bcf7c68910e2a9867f7e0e8e0231093c751983024de1a235534a62bf8a07d1ea5ca9766deb962829c6e802f50207dd2cd41801c62589261effae

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    779efd3f256fb13e0f20e30e711963f2

    SHA1

    223e6f9556654697fc43749365d6c5ba6b64617e

    SHA256

    882eee50d67b643fdaf972c3cface11610da52b01d5ba994014dd5b9545d97c6

    SHA512

    5597fbcb3c4fae07d43086a9b62245df061e4f3caeec75de3c013f55d083d6fc13bb126b239dbf156c1d1b7135f4769e37200a8c6ea9ac359ac4a87dc595cc49

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d33f362cb612fb6a1527e5f02fee5234

    SHA1

    ccd97312cead242a54b06bb9be96d4fab9e19f36

    SHA256

    3ad9424b3bb10237adae57bd55dda6fd5dd0d80cc781dfadaecd0a8aa3388d4c

    SHA512

    748fdb22d095c6fc73a9aa65831ef4fc97779055adfbe088ab5b2651c26e755b3f342d2840a22ee5d0a584290186e9877b2d3b0c8c3a0895306b9545f716b202

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a8e01ffe7df642e23446171a90111c12

    SHA1

    6623118e0869b82c33d11620bb5617bc29f2e4c4

    SHA256

    df30a038faff45e38f5bcb7f5b2b9788303702a3ca3f8170e06c8b1137b4ec44

    SHA512

    cd5559897a0133b81529a98705a75faab2e603c7f48436e395e76306d3788669268d6f6e8699ba1c36109838fb3f5374a316a9282ef46754687d479df51f7a52

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    051f842c493e0a574127c62d0896db47

    SHA1

    b5a4a9ff802f1e2ad888859db4fae12d9224ff72

    SHA256

    94f52dd7e8dcfb781b1fd393cd2e56392b0c2058474849d0edb63a2a57c8d5c2

    SHA512

    4e02ed1e1aa6b363ddac6929b8252e02b69e1209ef78e2d63594e848ee6decda6ac7d9f54f69f33d24bd1429c653725d35025e09a0afceaf6f8238d69f2c7078

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    aea035bd771787846ee5a8247322524d

    SHA1

    959ec4921c1720b97b9d8ec0f51c65bbe24b02c7

    SHA256

    a79c77d3825d8a89f519e9cac1a3726917f42ad63ca21af61fd8e29416cc737b

    SHA512

    7c731e734719974144b48ed09daa12893f6950a7a8997df314d77b18dcff37c0f754efaa4265ff5dbb2e340a1fdd13f33d03ab69049c5d25b7b541b2023da7e8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0aea875ffdb4ee57dda90714f4745bde

    SHA1

    fa67f08fd2f449d4820a02230c250937f5b76721

    SHA256

    7ca378f026bf769a752e08cb9c742d0e25c4adad94cb33b9c0ce6e4dfe14954b

    SHA512

    cb0a7ce341f233542e9048d2020f14422d5100fc7cbaec92dd3e459c5e96e96a22fecdf63dddbbb12f2c26a6c519506d79dba438340d749317f4e76530b37df3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    47bbe3d123b88586a50500c542add74b

    SHA1

    0f61e9fc178986e87fa4b38bf55b26ef11f45fbd

    SHA256

    ffc23ae50bf58fd1b971402bcc54b9cd8bcc609a7ec48d8237d862ce7f7b1d4e

    SHA512

    ed13fec6268b736395fe00f897fb567e11cc25d45967e4fc74d16473493a3b24acaf080d4728d2ba5b994463ed1605bae28bb89410ca1e1a50ccdf11bb832b52

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e03e4e0fcd0445d9710dc4acc4e3f1e8

    SHA1

    463fbcaf0616b2a9fa3ae3f341f1d19c9bb65e08

    SHA256

    af7d8bf0f1a8c889530a845cd8f60bd9dc07bc0be2b8b1a7583ea66e97c25aaf

    SHA512

    1a72a6cd3576f41368b41c52add63dcf7da118b186970e3793ec89bf5e15c1a7d3b1f814a143187e9b5a691f18d84086026d7ee921f721312fca2039e6988fa5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4eec9972c46460ec3bbf871070666ca9

    SHA1

    64fdb3fe0ca0180bf9094256a02225a3c2df6cb5

    SHA256

    c833a5293aa3b8bf20c6e937340fd87f27380b61c3c7de3061d7545d0d402b87

    SHA512

    495d7be521dfa9c003505bef05091018ffdbca6454169d50163a5f6512a267cc0396ce13f24d3d36d03a9c19651e6f39319ed9112699e837fffd74e46d2d22c7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2354bfa3f2fa4326f79395e071cdd236

    SHA1

    690817c5eb193b1da5cf598cb919031d8b47957e

    SHA256

    271a0ca2baf9ba50b10b256b34f586e00f742ad21a537189be527eef3da62c2c

    SHA512

    6dacaab626d7f0b29ba00ccd2b02f3b371a416b7bdb6554d44a66a46edc685c753627f8053aa2246c9ea31ed3afa0ca72357cd62039b8dd52124d1728a9eea4e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    14f28b26a9ccd29e1a6d8e24e3a98a55

    SHA1

    c8ba3b082b2779028994a95f1cded8656a8a9b6c

    SHA256

    759e1187eb6ec3acf33f30cdde4c1ea00d7590a86e001ca26d99b89c8a1cd40f

    SHA512

    9984893da7037c8014f10e14b48e7c638add0998b671791c6af019c5ae3dcb2c18e3bd3ee9973eae42e730165d27e06b7f62100a718c52557c3e5ec2a6683aa7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ccb53fc44032db12ba76ee1788526e1a

    SHA1

    c32810dc5c45f41947ba1e528ed1305c12e78de8

    SHA256

    b086f53fbe03667bc804e05e3d89ecdd795fafa4a13acc7c9f6ed6a63705799f

    SHA512

    b2a8c19a9a9479bfbfe90f352a1ebad26b05e83402d95fba0b29c2041542aa2549c8d645eef266991721fd3ca0630e4e54cb3e82c10df0e4e4da42c672092966

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b6af1aa3cc81439d94f518b6cef52fdc

    SHA1

    5ccbe323bd15e11ed6f665c1bf88094064014f53

    SHA256

    1ed81c8d42e6945e94cae7e0c1a00cecb59938c5091fbac1e31e800050a93ed2

    SHA512

    b3ce463108e0780152a73feb9d60a954cdef541654a389d845af6d3280949312b96e7c2a41e7d4d669ffecaaf03292899d71d5b3e26dd0fb90a89ad7980822c8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    70503c3c2a68a22a16c06c3c44a0db5e

    SHA1

    18db5c67b9ad02ca632517b0c43ae698638e8f7d

    SHA256

    81efcc7ac72f66acf842ea809d9423f617236285906bff2005bc4c29601d10fc

    SHA512

    e8eb2fb9cdf2bfa6d606b4e2c36f2edd94d9c0f120eaba17a0bc3d3cc9852f91c4db9085e80467251a6fae107faedb086647cd0334ec841157278b3093b8b0d8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    594d6455a6b22b6ab9b9d66dbe3b73bd

    SHA1

    03e66da0d6ecfd04f3bd87daf6f0d33950166087

    SHA256

    6c01ebf912a2eb54b968e4dabaee4931c5ce7993565ad980fe79f50db061eb7b

    SHA512

    2a3d34402e9a4c0052d696de060b716de546c171197cf4ce7a66790c87a487fdb15e01f7461c416d95c6b812eec838dc8e212aef7d9b682a71ccf648b943ee87

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    762c4a554f23ef020b2fa87fba05f760

    SHA1

    0fa9d7de182a8574bad823107569186abef2d93b

    SHA256

    2c87315bcf8650630e8361e7c5dc95d15448f6fb9db8ec3bc994f408741ecccd

    SHA512

    e57c61d64b8dc31477ab48bd901687358d554c7be79fb64c5be096739dfac8d78f860aef5012138ef1eae3660ac0ea3ecc01568415704446b906fb80b0888109

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7884c29d44d7a3d85b1200718099fec9

    SHA1

    75d1fd791d6cf5e2067695632903ff98e7ba26dd

    SHA256

    7dccd7d37c69ccc3bbc0e85d676c045e5f26231215cf7c54bf97190750c35a7b

    SHA512

    dc5ba28f6853f59959f8d91871e2bb8c285f32871f6b5043b8f034b9e6fc5275d3e241841a889f02c46dedc61988fe83770d59306f6df1dab19374df54f4484e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0aa44079ed84214fedacdff3bc88f64a

    SHA1

    473650a6abd5a7890b529205c96ada81d5176e27

    SHA256

    3107855ed311f56e61d0a38e630f9002718dbfd1dd0d48d42efddd1347d1b475

    SHA512

    4c52813fd78a5e67a9cb8f2493303ccf31a459ed47174ecc4db72cdc722ee18a1a3d3dbab1ad0a1ded6a9f1f4491e45380408605b76b029b080235cb0731c150

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    907f9119a907279764ccc552f015dc7f

    SHA1

    c327d244c8f53537da044b270039097a719df0e4

    SHA256

    ce459e4beeb0e90feb27fa1037a11c381fed6bd1a544d54cb29e31c2378cbe72

    SHA512

    93285975955cc32d4f97bc2c97f5fd8e72c61b4c3e9286a053e6d4248245eff3d57cfa298f1b3c30d3a474ef72a6dd12e08b665ffd6b5e529dc7857432578254

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2a4832511c838fe39ea96fd47aff1819

    SHA1

    77244ad7aed03cd2a8dd681bf08823343373bba4

    SHA256

    2eb2c982fc6087ac5cf65577d8863475e9a302b47e2d2c5b4bc4316b7620fdb0

    SHA512

    2f40feb7a268b90f985ae92863e057487f47bda750f51dc4214817968000df94d3f17146ce21810e74f081ff5bb76c2843553fc82833b6ff47157da28307eefd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    14b99498b7162d040e38554720a69328

    SHA1

    7343f7e2f75715b7f63bbf516952d7211bf92266

    SHA256

    48b8ce50aed1d1cfb3d0702e618e54c62506411b3a18032d2af06750f494605c

    SHA512

    ff2912e64c9acae4fe4b1b7147b7e359b8da7c32769dacf945526813dad2cad93deed31164450419c1046f7b83ca192f9f76a7eb27211fd588154207f9ad39cc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9774a09080bb725c40557be4aba78eea

    SHA1

    8624323964f66765155bffb6333f9821a0a2da8a

    SHA256

    7d243d25aa1492b9ab2d5fccc3adf6a21217f386e1cb845aa30e48532bd98d49

    SHA512

    824179992cf2b133b0e4ee955d515ed10af0d028317815c16957c8ccb9e717e7d60b6a20ddbd9f8146a67afa3ab01a8125d04de6fc8450de95606aab0eb680a3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a054b638a038191deb1fa1eb8170ef97

    SHA1

    e522e53b6207d15913150f0ad0525738841a9572

    SHA256

    957b99ba6e40ba365551d28741f178d9c53d362c85ef397aff66ddfa7545e16a

    SHA512

    b7686d310bb940fd3835bd2fe7efd374f2ddc162a648cd9ef24d2959aa2aeb3526d095584b3ee6c16e669c036f81f79a79e7dd0a2e4ccb5bc2f8d92f9ddbdb54

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    689d5511b620ff0c47042990add9864e

    SHA1

    9f08cdabfced40a31424f5f410ec0d065823a78e

    SHA256

    3066fc6a28f0de1b044f49a9231ba780b6faaf72ea4fd8c9d906dbb5df82f6e3

    SHA512

    0b0e88ac9b2cdea72664624de7f42123f33d2433f0a9a9eb888de36f0806e2d95820c35846040c80af735efef66337baf89e419bb6f43ed6d62fdb910c788487

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6c3094c83b714eaff9f9fd7b493cd6a4

    SHA1

    d6d2ab5a4e9524e736f15be5334cdc859c86304f

    SHA256

    ef763384d2befde470a5a28238c61bde60be7f4936aa3b79489ac8a906e5df50

    SHA512

    3a149508ff5fe9c313e0e4b30ff3801ef58c039c69a4377a13ac840d8879d782593423548ea4b90007a66ea535fecab75ae85d83d10492c966c27d0318bb5e20

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    6020cf12ee7d0f20be19c28eb26b297a

    SHA1

    78d67ceb708238a81ce906e0e0775cf38efad603

    SHA256

    e4cb7dcc486168b7cdcc4f6784515e1873859444993f86ddad3706443dc42b8f

    SHA512

    135f6693fa5af96d42c15e034392b329ab8abc0d9e0d7c1b864c720964cc9528b8b63a2742114d2c4c273a48d8b3d359efcb6f82f806b9e4e2c2750150884137

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    849b3167edcc5c060d24c0cd90481793

    SHA1

    2ea76c376cfe01883758b5a85993b5fb85db12c2

    SHA256

    a00275b302eb57857f2225ef7f815a5d1bfed1e8673c0b7516596e25bf752c64

    SHA512

    585140d3a7ae9e8ac9054d4bd070513cdb5abfe3d5d98d51a303015079da549a99294f999c7a49c6788e7d6fa6470fb97326612ad37e4a4e8ace56469160e6a2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    95c541de1d778c7248472abbde4eabc4

    SHA1

    a0a83cd7539300c7b35b0b7f5a54278306994893

    SHA256

    b9a09ab2e73418382ff1c5b0f8cead5de8e2bbf364feb3a4f4a6d205c929580b

    SHA512

    b0b539df3fd7003e0b5eb5ed16079401d891e8e531118dedd979a03b2c9d2495ff4ed958956204ba6b1ebe8439209e89a7af7c85c55e2cb6a7e9016ed2260ccd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4e92dffc9e257697fe36fa3bf6101417

    SHA1

    1b2c2d348b8cfc63c4a00da9c37bdb0758624292

    SHA256

    2a985a928e282f8e2aea7fc5f9141232086e1f02bbc57257b09d5d5e1da15003

    SHA512

    b4cff09f088b7fcafe6de04b51997251047f04563cdeabe25e431dd4d3f6d946c02e4df7c41cc78cfe30d7079c445608f27e479c7360dbc36891b503d4a35bc4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a1b1a27328ab156a78eeefee831fb0fe

    SHA1

    a956a35eb94689ecb8f9dc05a3c41a4336be7d9c

    SHA256

    b06ba3d32552937cab03f50cadbd301496e9b421134ef3544f3f336ecb5f00a2

    SHA512

    2b5573391b435e48b8673e3dfee3c23892297b758839123816ebe87697b01aadaf6fd7f416a707d3535ef98be80695d6bca600fc2956eaea671efc01820834c6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    53e02aebd8e4535c897a976c28698429

    SHA1

    d6c319cab13772fa9c96ab40c02edbebe0c3bc3f

    SHA256

    dd38e23562a43cac1124ff79f613bccf61e506ac842f000c831809f7d154662a

    SHA512

    f73b3cd982119f4ae2c849852698bd67ff635055aa69625946a1a91f007c5deb7db5a67cbe7c2a9d5c431652e49d81f0cbf4798e12f80eecb58f0c663206c599

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    51f05c8959e98435dd99b0b885857232

    SHA1

    2eefc996ca50d3fa0535a57fd6c5fcffdeba00bb

    SHA256

    45585d01fcffd8b01bebdbf35454d9aaefb8190c833fe864a2e1d48f276b10df

    SHA512

    80efa657e723834a4a0cf18afa39b37e5829af1f95d629e0d620b98e6f54a234b520b4f3147c637ef010eb940a53333a43ad2df1d4bd3ded781268a6bf73b523

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    41af321d0a9c322abe8d5953d246dab8

    SHA1

    fa55fb2eea6e5a959167d31e537dc67ab6c3ed45

    SHA256

    9db5ed05ac3bcfa8b39306c0c0e84c77fee3b620d419802c921cd851ccee67da

    SHA512

    de68abf76196115b284e13d51cefcc50808a05446587c8cdec776f0735562a103cdc52354b9cc19a516bd959952d1e0c8f20593ffcb7a0d60654b470547fcecd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    13445550166a066677e93b50144fe4d0

    SHA1

    bfc9dbb47a3590c32c6b3c386e6766a6646665d0

    SHA256

    ff125c59a471387aab34bb6b410e3ed20e5597573fed93a18d8df02e90c2bce8

    SHA512

    0531b94d4eb41978c418d0043b10ed302038e7857fd534a69393ae4b839b6eee1f079c296d834ce70c29db68fadde68a588b1c59bec7fd38d4eafa4db23abf61

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    24c8161d8cee302b0975e90a5f95b972

    SHA1

    a1f07296e4737c6b6c4b1c916b47911d4cf1a9f2

    SHA256

    656876177e9eb963e167e722312f4783b3c94069af8c918c94ca682988a87af7

    SHA512

    8b68774ecb91b50d55435880ed57d3b1e684ed0f4002629f54fd51cd3576da0b4954188a39dd61cb7ec461974a4ea9ba7efe21e7fdf20997b75d1ec16d4c3dba

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e83406b3c7705f33200dc815c91dfa8e

    SHA1

    6801b2acb9962113fe8122b11b9ad294a205342d

    SHA256

    fee4892e5504e5d4335849bb095bc69430f4088780abca9983eeba4654605209

    SHA512

    90e17e2c985f49c99fbcc418d37228d4f71ea8da808cd8f33d794f31cbf1724409b2f801fb5848e0a9c1ffbc3a44d9316ede2b4e946c52fb39a4e849e04492e0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0567b23b72494efa6822b8b53a070c95

    SHA1

    5c61e06a17ec8d84e68ef049680b08c307f5b1a8

    SHA256

    c6fb1991c97e0fcef3204fa2338920d34a66ca604688cc9ffcf617f48bde6fea

    SHA512

    99298cbb563c6beed5ad6ef49af979f55c5b752a51f05e554a482bb543629bd33ef6f7c3772bb0e6c4c0bbf7770d430292a2e0bb4f52a898a2d276e5376ae36f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6564f13ae0eb9e30b1a206adcbc5da5a

    SHA1

    8397d2784e290565eb335ca0ef43db06fbe6a8fc

    SHA256

    43fc8e2c17f58511a9b5f3b66023effa47e0aa33235d7cd24ede663d1fe889fa

    SHA512

    23c89de0f49b4011dc4ab632a182d7db8e251e34250543d40fdb6317862b16411ee4a6c74cf259eee7cdfa7057db7c289ee3df4e088a0cbf7d642614fd4a72bc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2e9e7409de08ba0f288a63629c8b0485

    SHA1

    9fb0f195e9d8311a918b58e0144bf319a9755687

    SHA256

    d06421b9924842b5723c3f1a95ced749e5d3cc72ca304bddcf7ab1a24d906c95

    SHA512

    be63d8c988cf7bc4b7e744519158213c0fb266c6b4c9edec545a7d7eacf13a3dab6e2a21a99260e9f5b1a5b1f213f5c22db12a5a68765b5ede2b8d58046b21a0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8c708958b2f6039b5c62e6a9541cd359

    SHA1

    cb3c80e27157ae20a5bf8ae821158bd197cc1dbb

    SHA256

    87d35734f2fa8e39078d3f9a6978f134d342af782c99fd53c9771b4947fc1fc4

    SHA512

    0f92f3445e6494a7451a124f6a3571e0353169ba363511d46bb77aa59d3b58e8773e8bc67acfbf96758d02334cc2984bca8415c8fc7e6c07b61e32623424b4ce

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e4c82e9c332143d1dde4080eb9bd18a3

    SHA1

    912c74415483ad62abf96916eb05e31f331a77b8

    SHA256

    c685b5f1ad49854b6a84ebe27e918d41298fb1dc7397402a82425bccc48e73fd

    SHA512

    569faa56d22a84b014dec8f144db80473bc86caecb81cfca927cb122be8bbcae34c0d1c46fd36380285c81172b2dc922e89ab3558eeab1e0489565e789a47ade

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2790164abf25dc58c8efe0134b98b4a1

    SHA1

    ee75b19be17db8c41c7dd61e78be59951573f223

    SHA256

    367c05983e0b4b144141eb5a8e36d94757c1d271eeeb368cb07e004eeef45c89

    SHA512

    e8db73d82fe4528d221ce751de8e81f4e55880339e44a5890b50ce5fd4f9779866d82e06766b5610b12bb14c09e21abe179e90d29ad7ffda1212b79bbba8ca69

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b753df19c41a940e601f1a62c8404c31

    SHA1

    488676d4744b574004e094def3f762a7c496fdf9

    SHA256

    0c68e68ea3d4fc335740956e408c641e10145f2f0455b12c4465bb60760f2ca9

    SHA512

    1d19622c66ff01b896930e33bc53b538ef8bca3d1eb77bbc13212091ca19b0f634a78caa6535c8b8ed57324021f57db8a0d7c6072e6909f74eca0c8539876e1f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    fca445e6cd6389bdebf984dba5ffcb90

    SHA1

    e548a6a7fc69f4bce1ffb6351e3ebd16f09734e7

    SHA256

    03b2930c31e6460b4cffc6c649867dcd44d0f57c9579fa6efffa503d7b42dd62

    SHA512

    5c44746a75edbe9e487ee40f452c42687bced2c482ee02172389ae981fb9ef61b2bf8b7486079e51d8773820da624a3d5274794ad8b8bb4498c6f5c686198918

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    760107a5939f36a01138a3a247410a4c

    SHA1

    607227507447046fc5901e5cb81a2e8b515b3a4d

    SHA256

    a28ca697ee742fc674dcab1a6593c09942c4032571d0d941511966e06ef102e1

    SHA512

    afebde9bd0765f633cc88d4deedb6fd2267fab93943f30ec0300ca734e3a825237e8021fcfdf63eec3570597425e439e0752ba7c800d3acfb89dd87fbbe14328

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d260dd8ec6b40b73a06dcab84f3ba749

    SHA1

    8b43ddc435da23f2ebacbe8e6ad0848b44d2e853

    SHA256

    97f4f83919b6324e52659988ab22c4f1965343f5d993950c089855f242b57162

    SHA512

    05652dbb6d2ef608b079f5c7f7fa6f2b08a38f162139e89029f56e10bf99098aea9abd4443444d9efd4d97c847460cea2386568ec675b3805951fceee917642e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    91c41b2d5332bff33f734cd3dfed290c

    SHA1

    9fd49063cd576601561508a7fded05b56faec498

    SHA256

    9144ac9de87467ed8b1bc58ddc32b52447c695188489a3224a232cbc94b288f5

    SHA512

    11043515146874178207c3b070aed459fd99363ac7fca4aea8ff94a6cd536fbfcc789c77113fa8753e2bbed93be143cef1466449c9d02ae5ec6da925be82ea3b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    94c4f8b2b1019f46f9c6c3e0c6c71b47

    SHA1

    37a4297b9695957e2b9023929d3dedaf4480cf6d

    SHA256

    0c54c82d89c781cee2a5c7940246d065e1691c69d7f8ed1d7cce4c90f0096749

    SHA512

    0db53de1ea068ca156373a4603da4131e9e46e8dbd571a8a4301c87f228a2d9d7850313f0bb7f2778114015132a27f1771bbb6c5b90bbaa19d80acea80af48e5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7b57ac16a36834cb62c0f64da22ed708

    SHA1

    ca76ba1b524653ca1336b804abea310d1587e3da

    SHA256

    9ce09aae5b37d10b9ff5914dc88e0ff500616bc02d7f317fba0753b7dcf5c8f1

    SHA512

    10046430ef61f775ba88a4acf633aec6645f17ceb03a22e08a2119df0a2d5782b7d9cc6d42aa68f00d653085de59ae4b08e2300044dbc6ba1ec638e4d06967d2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c0d8496f6345b1516dc30c14ca33ea07

    SHA1

    199a6a1049d2b09ba054ab516d37aed5d54b9b08

    SHA256

    5dd246d5dd595329ecd8ca06395a3d229fae8d8dfd60b6cd3837bd033fc2c29d

    SHA512

    eb3bdafea7da1383208586c18f7f73cacef8475cf707e1fc8006a51f2fa9baeb9d44620553fa208d788c8bfa2adc9c03a25516934504d6de4c3a0a8c4e8efa14

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ab5aaff6cb02c4f1be7af6ec6976d492

    SHA1

    f922f5a9c2eef633a45311d8b7dcf1b6df496845

    SHA256

    d3b40fbaf04b231e2267428fe62e399aa825737b6ce532685b55b9ab513f8ee6

    SHA512

    3096dbf91ab69b00451b85b6e70ea10fb9ac6a6f9b83bdf1d4728f94e26923fb7c05dc48d39cf295e0e552c60f21b1c76a34703cd9956f11d2b307fd4dce6019

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b62026363b27467a2f949111cd1bb6ba

    SHA1

    23c8a42142443be9a2f12750a9b69b9b9e825145

    SHA256

    fb0606a49ad64fd53f8d3de5203e1904d5447af301c7320b3e66eec589ebb568

    SHA512

    f981a52c95ea4906673973a3c4365c605bfa83346add900a1a8d1282d972d229a0403da82dfb822f574f094cd5aace4770eac18b9a3551741183a94f5b8c396e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ef2d4b7317bd7559d44945aa3a340f28

    SHA1

    c70621bff79d4ae634f405f8810cf44c62e265cb

    SHA256

    eb385150df78385135e8d269cdfec1df04efdc9b74f02d6a2db95a8abf8000ef

    SHA512

    726e25a19158caf04162e0480a0c46c6bd7d8a45da42dcce76ee61b6c35785bbb8eab45d04bb535e2c511cb8b00c05dfc9ebc77c7a901e028d01a5541302c376

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    782KB

    MD5

    5db8318f4243e393c6766c868f25099a

    SHA1

    857fe7a985036964f7ec0a2eff98b214c0c8195e

    SHA256

    2f0f1efbfb69aa0da870c175aa7ca1aface944a7f02f8cd613b1256305dbaf18

    SHA512

    2b0b55b88b5a591289fac86135ecc83fa3cdb48169d107316e4a3af51e8dc2177d1917704737b1411d5ca83e7ef304cbc52d16b66b8bb1b3d62143d7bde91e3a

  • F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe

    Filesize

    784KB

    MD5

    506d97b9bd8df688c370816cbf2f467e

    SHA1

    52dea659c55fa06786a51352b77d80ea3fa90e2b

    SHA256

    94c53c60e507a04e5e90a166e9d1dfa5bc45090dee394f96e05f450b2480b98b

    SHA512

    6c36f1882f8ebc387621837a1a61ca9ef11127cdb4b282afe86a4a6c2e91c8c84f971eda97ea3dc46e390741d3a2dffdb76482941a8fdd464d9e1b987f2da53e

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    783KB

    MD5

    28c423a0fa0a5094ff5f7054ef3b0ed2

    SHA1

    a9ad4e7f3da9004b98dcd264d444c07eb58a3067

    SHA256

    7e862226f685439f0e33ebfd42a08e3f68298fd3ca4a29006be3401a09737124

    SHA512

    bacebef1231ffd1db387995935c9ef86894c61cea37e87743bcbab2553edb4f0b578941e2cc0a32bbfd9ff391212720b370b59e1438bfa04dd26c096c161af10

  • memory/4204-143-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-163-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-61-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

  • memory/4204-5-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

  • memory/4204-183-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-71-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-123-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-103-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-91-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-59-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-173-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-153-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-81-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-49-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-113-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4204-133-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-112-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-152-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-122-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-58-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-60-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB

  • memory/4560-76-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-172-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-162-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-90-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-0-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB

  • memory/4560-48-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-70-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-182-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-142-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-102-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4560-132-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB