Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 09:57

General

  • Target

    296f056e253c378ff1be1af2b304b8fc_JaffaCakes118.exe

  • Size

    492KB

  • MD5

    296f056e253c378ff1be1af2b304b8fc

  • SHA1

    655f1860efae8d7b0d0c5120e90fc8905f67339b

  • SHA256

    311184ea9b8d4b0eeefa2bbb164a3e3f4dcd8b629981293eb65c2a9bc72ceadc

  • SHA512

    dac7448d3fa6be0e5a0ae5735c327d84cec386c1d2ff337f953c33d28336787a25acdd6375267a820de5bac77d1699c977e61c77c2ea8cf27575cf9a52428cba

  • SSDEEP

    12288:ZMMpXKb0hNGh1kG0HWnAMU866VU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHX:ZMMpXS0hN0V0HoSySGB2uJ2s4otqFCJB

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\296f056e253c378ff1be1af2b304b8fc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\296f056e253c378ff1be1af2b304b8fc_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      PID:4568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe

    Filesize

    493KB

    MD5

    e87a661bbe4558a5a9d4536e94c620e5

    SHA1

    cdf4a5b3a5a4728da57449b2f9d58efaafce502f

    SHA256

    206d4644d40d52065eb263a1a8a03d233b386ebd180fbb0d662953a1f071bd4b

    SHA512

    218fa22a65dcb9fcbd809b434291e3fcfb4c83e16f4073ec4104eeb58f2f46f226287c9b6df7e8fde653f9dea060b44c60633bc27b18e8075c4eb617d03a82e3

  • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe

    Filesize

    1.1MB

    MD5

    ae5599abf8cefc87dd26423f0445ea7d

    SHA1

    bfdd36af58f5c4512cb511322f7e309948da9f71

    SHA256

    03412c8360d639addb917d46d44a596fd3906f39d94058381cae7dcee55a858a

    SHA512

    c1a11adad44d283e19c09c899c2c4c8eda948f0aac3b7a458330e0d33a22e58270dd939fac8e0f01e32ffae746d63def998bca85c8989792832b1c59e81f8088

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    56463fba0030bff269e06e841e25f19c

    SHA1

    94087805ba85546cfbe68d055066e9076f41531b

    SHA256

    fde98c1cb62e9ae4035cb950779e2e4c4a139b3e4c0d870495710271858cb796

    SHA512

    e0172a0e1e39ce3a0c41309f5fbbd455b450d9abf9eb21fa1d236c24da3d9f451c04b10f525882bcddc60c7ab76873a2e87292976a3ecaa575a81f89d1b3a6db

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c183e790309cd6721f8eb8cf83881a23

    SHA1

    2751451c6f9fcfdf88893ae610e9f6fb442c4e1a

    SHA256

    19025f1f203559437cf82e189418288d0329d6352970bd361d910893ed62017f

    SHA512

    55812b30ab3d8097ff9dd5f2a0df65454e4fc4d8dcfd8c3c23f4679b292989b2488fccaf7043a0fb262dd440040a32645e45fe4546684f73b48379912fa842a3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4b2686eb978b893c0dc95f8039cd6ba1

    SHA1

    341d81cfa2185a02ab5332d75b138027e9b2ec90

    SHA256

    6966c082d20c19002c3eab8674e85720582d7181f2568036160bfe51b11e926f

    SHA512

    672138a965282a4f79913205bf06e9e50131053b4ed4bef79143ba08f5188b76c02a6bf5bbfb6d48ecfb65ef070fa01f98a0cd12d111c66f0d4e791e175d5c07

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2b1257c1409bafde2d56fce8e036d980

    SHA1

    6cceeae665e7c525c53a3bdb7256a8d7e98dc2bc

    SHA256

    b10e999eaa80355e0183aa61c544861780e40c4a2fe1e4fb2930582c1dbdcceb

    SHA512

    cbbf1bb2fc9535c071513677b3db05f7b701b7d4e745b706a9cc3b0a496366af4555ae4b7313ec78c6b010ce3ea986c3d2dcc312c42096c01d45c711a69a9049

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5f3504dbf859710faeb32678be104391

    SHA1

    f47889df4b95b2914d4e9811eaa75460dd40dcb6

    SHA256

    6fc00e5c69dc4528a20f70cbfdb9f77f716ba35dc2f88d7492e2d20bc26b727d

    SHA512

    bafb8546de68eddf06bf4620ea8a5a8e4b3c33e0c2106fdd23c20b723413851d6916b3fdb1a4d4904de94c13ec1685c74e93d0934d3d57cbbdedb48bd08e9dc5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    423e12bff1041fa98d91c1bd7ece837c

    SHA1

    4950d81ebc47a4cef9090a5c593ebb991b419902

    SHA256

    e0425c9e0b9652ebac14512b1f0e1da550ca6e988d755f37cd43af9922cfec37

    SHA512

    fb0031588be8478229fa89b867e722f4aaed8f2cfcdcb9b8f88fad791991e0c1ed893a1d8756cb237c805904b91383937aa202e317cf7d220b5f598bb994d0df

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    dd9c33c5d9198e569b06ff9c6114f63f

    SHA1

    39c128995436f29921f9da784ab2be33b83da35e

    SHA256

    792f92a5e005ed9e3eaf17c0c697aa52b5a29240cdf202b73410c6fd3d506a66

    SHA512

    426cb744a10120d638761387f575c5350c77568a7e56836f60d957f58c9951d8d03b8b3a73360f909eb6ed6c9e6987f17b6f8951aed22ac92279405e5d05d93d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0790297ffa215b0d1ee653895b9bded7

    SHA1

    03e978e298f618ba38bcd031e5d9bf355cebc8d5

    SHA256

    484c312f59fa07cefb5542b4d13ca6070baeef868175f60eb19a62bec176661e

    SHA512

    7679d80d3ba190839e92f79c723e9c2378dfb1c81a06dde05f017d095ce35a778504af7d7bf56e46568c90857f7027077500d26aec5ea7cf609f8291d181db35

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    542eda1a206b2c90a2e8cb5a55e4fe3a

    SHA1

    03cc15e07086352417d5868d02990f880a7c9696

    SHA256

    8f08ec55348258276b4789c24da1ef90dc54936d2047eb8a0f01c5f7212e4b29

    SHA512

    35bc4018b4ccf42f64a71865f0d8d5e58bd0515c226c01c798a00cc9b003959592ad0853448760466d04172e3bab21983f21b94d440ca13abdd210cc4d49e905

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0ad948d1b17ec9cf59483892efa52f50

    SHA1

    f38914aa133c0a2df6bf56423518a21d80f8809f

    SHA256

    b942c18c2425f41fd307adbe498442f9e34e2965d08f374f307e0f3921c0f7d9

    SHA512

    77b451b26fee941dcb6f0daa763bc575742e81003fde1be617e9bacec1270a14c7a6d9f96c73184765fc13a43ca0ff5fa31dff44ee1c5366550acba069cffa03

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    179bde3328b84e5505a77ba818a382e1

    SHA1

    0a026fb89339626af9545dd14542f439fb920bae

    SHA256

    68ef2db49359b7e1bb7d554d7390f4a58bfe7afd4051e9a2c28f97f2ed3c4c6a

    SHA512

    ad1fc316235bdbcfc2b95222d794d8f59b27a871856fb826fe0dfc50ffeb2da1ea1a58134bb24fa53e5c02f70901ab3d36ba7415dc87526713bfaf9bb7f57ddc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    90e752198c39897a54d35821bbf5e4f7

    SHA1

    f51c44eacdca6fb60e4e0433f1a2e9c264048d70

    SHA256

    4a2130139f5a8302fb15282b95111a6b8c2797b37f12dd1fff85d13fd9dc8f8e

    SHA512

    8ce32b4f064a1e250474a0186b86412f465932b99d1a11e45bed5c6b7944e8f580235e5e3037fb31f6f55d8e2195f88ae96654c667328ff3fa71e27e77ddb60d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c3e0f5be6d349adaf71591ef87eed600

    SHA1

    8570614f8f2e446cf87e6c75760b4b8ede24c7d8

    SHA256

    ab1d51dfcccffa52e5d395df973c97db4c11c996b8c829fefb115b9309b7e923

    SHA512

    a73e24af8f5c8a78fb9b9c22ce921ff847c95e6bf66c3257ef2ab31f620b26375b5b472acf81f8753703d6bdbf4f75dc766958c0faeda02904fee44327ca4745

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1545a53ffefc9e6b92e30ffaa7500f99

    SHA1

    b16891c596b5fec46629b8c7a8c80fc968fa7272

    SHA256

    95f80c218b45f01a06d25ddb421b6fcabe0268cccc3c3efc524551e62d693d8d

    SHA512

    1bcd53113120c06ef49cf5890c0dba8542a442fb564b1bb941c640c309061025cd98532632510e054325f90e53d1f9c707390108fe5fe1a393c30443d63508b3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d96a8cd7a60748a5d09d2730a770d882

    SHA1

    57e2737ccfbd2d2df7d4db0f76d99861e542c8c4

    SHA256

    7d8c51a043ac87a15fd4f5e42974f2435570a2b6b7f36d7607012f99ab5db388

    SHA512

    712681f8d5533db3f9a3a46aaf90184949d5168fe6b9e5cf974c3571f03428f3f73a4814bdc57c683b6932436ee0fa411a46041576889eb19774d85895ac8b43

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7fc36d921bddc4a0eb351d5584a887df

    SHA1

    e7a24d50bbc4986f319ec1e6b286d79d8984ef7a

    SHA256

    95dc27f2d5dd143dd949d950f6b711c788cc0795b40921049bbc86b212d8d228

    SHA512

    6f267110d828b4a21e598efd5dba32d3de2d1287218bc2eec082e3d4efaa75f45c7168878bb95205ba557d03fbb5c846ef3d02cdc5060c53c1ce83a128a9f037

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4e8b675a3884d65217ce3940359c151f

    SHA1

    4e7a06ae1458de61161a0f44e90bdb15af648b2b

    SHA256

    b04d201903ab69b55a751b01fffdf7d71b2462c137eeb50602653ec0418d9091

    SHA512

    1a683b82544df7ba15d26a19d1b04abc623626a7308c2dad405809f1bd96502d93af884a42818f3fcb9f932993179e10a9d6a310a75616fc45a11d65e470b90b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e36386f92f69636f5b7d1a49959a8a6d

    SHA1

    7aec9b4c47ef2c5749e6219276e0498c18389150

    SHA256

    906643d0f561c0397d51428ea736080b18362ef33e33ed56a72ea04a508ad7ca

    SHA512

    ca462b9e933c45fdf4f8e4140f9f032449456c1dd199e498d9b7f3e4d733dcf35b7806ed906eab40e9899b8aed977236d8ea08f702dc134f77c6d1c36125fbaf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5e0040b833d55a443db91e9264c768d9

    SHA1

    7917cb54423e22d4491f542b92b3e868c2af6cc2

    SHA256

    6fce5de8f94c7f83cfb51464b25983a085ddf42411f8d212aa47a5dc569357e5

    SHA512

    831019cd142349453ba8da8c6386f00b04701d6c8192fe592cb8db1c6c4dce2dc1ed26ff8dec69d4bead171b81c7cb90e612f7ef1bd2a869165951e46ba5bd37

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    92f4e6599acd00a88b86dbee6e8d85b8

    SHA1

    bc0b5384e18639d90b9074a07aa7e7a34c1eaf7a

    SHA256

    783b7505e8fc7655029df14af9cb21272f2c3837f72bedf80d63170b1590bef7

    SHA512

    626917323af6f77acfe43064057146cf171734ee0dcb36fec9a453aff72dc288f79df5f9720ef783e04d241df6659a53cbd36760b9b72093ddb8f7de3ae8507e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6ca8b97673fd68fe9e093153857bd17b

    SHA1

    238b95fdc099968a4736ecb7a1ecc9e86e14bb7b

    SHA256

    5aec22733be251a7738bc12b5e64faceb20a33841402fdedf309ece6ff2a9152

    SHA512

    d1c6f8ebd5a38b190fded4e9b72b17c0097951a9cfbbc994a854cb8e9550fb3f257b0ac2ebccaebcdee6366c12c2c1a5fd4c86ea88098acf66b7c58e5ea945a6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    bbca388282cde025b04f8e5575121199

    SHA1

    a1bf81493f1ac89b4d23c08174d0868ed1f28494

    SHA256

    e2de69504cc6e75d8262522bc189d4ff2ba0a5d78569e68f0c6b1edce4019988

    SHA512

    5d688be12c4abc52e6416db1c6391c45b500900af25e79fc8a5b95bf842efa7e029ba27df4f6947f4341d23f9da61187b31cc662b86738b6735bfff5eac4b67d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a0675e51efb6d54a62994b1077f3cfe6

    SHA1

    9602694af1f6078689bf4f91c45bf19dcb8092f8

    SHA256

    ff9f627c04bc37f9c345b414ecae73c37864e5b5ce208b93123faa685f9d2dfc

    SHA512

    89b914e951849743bd90b908b9661ffdb3b0e44bdc536d623ba3baf86a665e833e19dcf8f0a571f10a46c39141d34e5ef6162a50754cd86cb94048d646ba0beb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a3fc511a208c0f1a57c785b23e78519b

    SHA1

    a3f1683f7cd68354bbf26eec366bfd01ac8a30c6

    SHA256

    d54b8e8dfc815cf45621d5426c6e4cb38d14e2b75fa351e6aaae3dbe2f344157

    SHA512

    884502426bb7ca27862d80fb20f1eae67f446385182b480de5486118cf8447bea4b550bbc65fe34f010b1c294b69fce342a224b6c6a4876d7b918ef6a76e9f4f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b338ba55bf3980aba77f1503ad1d91ad

    SHA1

    cbe5d195941a5cdf874c2e143afc95b322596a5d

    SHA256

    5b51ed6682919e1f71e28b1a1d1e388349d1ec33e335a7e43e5763f8c7dda868

    SHA512

    1d88b28068f9687b0638e05f862605bd8c98cc51ae80d3674535a52cfea84fb113fc2214389a22c6743f21154d99e72562514c77c531be2a9f9a0836475441a4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    44e4d4a474cdeaccfe67208ea493ffa4

    SHA1

    5f156a0c44255572ce21888994b4543872ec85e9

    SHA256

    31f03a8669507740f3fb082e9454d6c54822e025bfeb6760b3185ac3de4e6492

    SHA512

    7ecab2daa6d09653034dd5f7282f608a60f2078178c0605a2dddc37fdd823321254c86f76141fd12b92211dc2039aa3ae28abacaa4957b4e903f3ad1e7042486

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8481ecb6601beb5e596109f3f773b682

    SHA1

    3d83cef667ad4f13c66166b82fa25c73ba8d272c

    SHA256

    ece611dca262a6f90f418f6340176cd7bcab6898e268b1658838e7339dcff554

    SHA512

    92c5360006d734fb6dab74b354685bdaf0386fc5ab6612e7928a0e265c27f31029aa0207fbb07b874427a3401232b8b0ce0dcba26156a4db8e87cd6cb198ab90

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f7745a057d9d2b2868d48d22177f559a

    SHA1

    57922853fd38418e4dc3e8c8158110be5bd07498

    SHA256

    ea660ba124e9dcefae5f9036a86df72ef415b4d4b5a90fc516f89d264d2a080e

    SHA512

    40c9d7db3ea981ea0a297879d298f715b8f07a6b1efe6dbc325c224b4bbbfd74eed5aa6f4478fc762ed1ae3444fcd1712255c4cd8561d2f0b2ab57ad6903474c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9ef7ba0aa67a9c337d6d7bd3dfd7eb61

    SHA1

    b55267deac0bbcc0307c4e1aca26c07d4f728159

    SHA256

    275ad50cca5417b4baf50859a3c672a3ac24aba20e39f9479cbed3068029be24

    SHA512

    86805e3c67a79b9905706671d79ccbd66021aa8e970ccc586f0d5d98b238cf97100f02ce9f33a4e397d9b835e0e70921b90cc467de70773c9b37062181f69110

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d744a8ed5c3020542171668d2c9a726b

    SHA1

    730e137d293b2f316d0bac12aee2601a5e70f9c6

    SHA256

    34bcb9a8b401e600b84c10ef32b6a7ce7a1e9a69d2471f69d741ca470ae27111

    SHA512

    4f50808bf65064250cdf977b92e005d49cbdadf301bcd06c5f00e7a6bd4911f2e42e9220aae2ec35803e5162b9f5f6570a5fed9f91326118d656a6a8c6ac35f9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2811650d8cf50e8db4e1630086f7282e

    SHA1

    5e82e20cba2619f22847e815667cee6ae43046ae

    SHA256

    bc55879fba2730813d479771baa511348c4f71646dd47b923037097c054f157f

    SHA512

    ee29bdc00a3fd67cf76f605ddf83053158f33abd471dd5cadb526994c373ff20154b998e64d7d19f8f04b9ac771511dc077e0416d25ed094f26f40211fead9b2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    06b554a0d831be7c72b4a6a8a17a44cf

    SHA1

    6bb4252449b4365290e8d838702b0b5ea43d23c7

    SHA256

    adb3e6d742515f781ac674aec1eb27a2bb786f4554deaa46f8745ce0520d906d

    SHA512

    273d262772837687bbc241bc7e67fe2eec182ac49b83a1fd4c6b802c6c9e50bdd7b53fea767589427587a911c35d6c0862241d31bb7196b63b4d18d52f54e432

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3923b77d78407c1de7eeadacc01b9712

    SHA1

    46539b25417f67ee106cc6c717c0ea86b5b844ae

    SHA256

    0c1a7bc108aaefbdf91869acb1f62b83f9f77dc4d7776f792fc2ee5c679d1bef

    SHA512

    e319c89657e1023ec9043300b222008fdeccf5d7b7a8cd193456d03df8b1d2cd61a94c32166e31e9e9a1044c358e1d89061d04a4674a4cb30788520c0f5cbcb8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f3a0dd6cd6649bb5c57f2ed709e38891

    SHA1

    9d063e4280f369f0abe517b4ff2d2ab878feb016

    SHA256

    7a36762f9529fdcd99e6034ed25a77ea3ef580702d7fed95bca2c9ca84a35535

    SHA512

    4fba5326d1ff188c73ec67593c61fcc862c708dffff01c16f7ea7ce66b7c8e1dd370005e34f2ac564240a54d44c781de727fcc26e02a46048cf6eb99bb2381a5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5e1111b286e5b9d6b02f9280c4068c55

    SHA1

    c64dcd8cbc8c787b3a57165a51ddc9023f9076c5

    SHA256

    3a20afa842c4343175d2507f0b479be9f6503f64259aa7fce4da4084a55958aa

    SHA512

    228adc7a6ef098c11c901506c469c775485e204f10494ba6bdd43381d5277e110cf5883706a84702cfbaa5a101c4968798ef2bcf2cf0aed32dd1ac15f8d6437d

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    300KB

    MD5

    fbdf1e8566377fd12bfb63cd81663159

    SHA1

    3eacd988672213cabd8046ce5155aa433cc073fd

    SHA256

    35e81ce70cb043f7692529030f89b1bc341778202546212212950ed7ce030400

    SHA512

    f90a1f001ef025148a24670733199e7edcbe3da4badf31bc5fd975831b824e9eddef4eca9e695cf72d63e702e1a2fbb63f5abc9d92f71046373344224725f65c

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    492KB

    MD5

    296f056e253c378ff1be1af2b304b8fc

    SHA1

    655f1860efae8d7b0d0c5120e90fc8905f67339b

    SHA256

    311184ea9b8d4b0eeefa2bbb164a3e3f4dcd8b629981293eb65c2a9bc72ceadc

    SHA512

    dac7448d3fa6be0e5a0ae5735c327d84cec386c1d2ff337f953c33d28336787a25acdd6375267a820de5bac77d1699c977e61c77c2ea8cf27575cf9a52428cba

  • memory/4568-123-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-82-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-114-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-5-0x0000000001F70000-0x0000000001F71000-memory.dmp

    Filesize

    4KB

  • memory/4568-94-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-169-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-150-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-178-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-74-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-104-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-131-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-159-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-53-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-141-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4568-64-0x0000000001F70000-0x0000000001F71000-memory.dmp

    Filesize

    4KB

  • memory/4568-63-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-140-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-149-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-62-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-0-0x00000000021D0000-0x00000000021D1000-memory.dmp

    Filesize

    4KB

  • memory/4912-158-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-73-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-52-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-130-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-168-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-81-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-118-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-93-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-177-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-113-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4912-103-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB