Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 13:50

General

  • Target

    2a413fc28008906ff64b62daf1ea0ea7_JaffaCakes118.exe

  • Size

    909KB

  • MD5

    2a413fc28008906ff64b62daf1ea0ea7

  • SHA1

    efcf0308d29f9a821b32cb4e538b06a54d59b018

  • SHA256

    3a81dde4b638df30022d899c14177578688b06744f9bfbfc07071d653986e476

  • SHA512

    808a88389e51e3acb333890c5c260946efc99600cc123c142a63c706958444426b07adb5ec40c0443584ed20934df6c9be3e98b190166841758248fa1fb89d4f

  • SSDEEP

    24576:ZMMpXS0hN0V0HSSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Nw:Kwi0L0qnTv

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a413fc28008906ff64b62daf1ea0ea7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2a413fc28008906ff64b62daf1ea0ea7_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4540
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe

    Filesize

    909KB

    MD5

    058c009001afc5cb343a50530cef3dd5

    SHA1

    1dea7e656c25315a9fae52c70296574c749ab21b

    SHA256

    4dfed769b4fa4a2233d6f1092cb4dd3baf5f780b1d5595d465b84a75bc8f0aed

    SHA512

    94eebeed40b33eee051d86db75c0ab660c847506aecd9db4fd24ac2ebc2d4c3d6de0813736ee2aac135c29655781c8c5a44cf0109f211dc6bb24d2dbc64c5a99

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a9384e82d945275d3fc26ab20e2c2c82

    SHA1

    413e041a7798dfca3ea56a4ad679eda7f44d922e

    SHA256

    c77847e71db98461cef1299167a309f5df21851d2eec2cb1001e146151ff68b2

    SHA512

    b64df78b0e83fa733e5514ce864627146a142c20a1ec592215bc31896047b5b25ff43a505b4beb43c2001f148b4753fe287b9e56fa252a6210abaf4c83a41e3a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    08d12805d5d896e4fc9136df03acbdd3

    SHA1

    131f44d279d409b9961d23c8fdf0513ef6a82195

    SHA256

    1b9d702d317fc92b296dc0d0ffb31ef181bac760701a321d32a0053a36a4669f

    SHA512

    ffeecd3aa1ab8f4ed8b838d244daa6cf6ab67fac58dd5323f101d4f42dc2089096e777173ecd2405e746d735b8b682daa8f0b11571b8c9c589724dbbc81693f7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f2b024a2cb2ea7a396991a58bce96a8d

    SHA1

    ffcc32cffb11f40cea61478097ee3464fa144151

    SHA256

    299a19229f358028488214b6cb09de95801a14a730f87cdb3489b24b64f84963

    SHA512

    8d7ea58ca2102c0a052c4f3b34ae974ff2ddf8a45393313a433d09290aee65a4c1ea4dd4c75fa3bc7ee7e779b1e0ba267a4ab74c60502ff7db3b1a44f327b248

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e777f7812451b5064422344ad123c12d

    SHA1

    cb8c60ea9ab910b4af86903f7b67f12a8ec8a800

    SHA256

    2de39af18ffaecf0a20cfedecaba86cfd5bfaec287c4bc086481ebe16bd95aeb

    SHA512

    b95ba4a6550196d75a0894bd53f5210b54e3346c33d7ac81ac7a66db8ff79714d784ff071e5500062a1061db7b0d0a75a0cabe9ea08c41b911fea0c96d946919

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6f80b2dd1c1a43114e04b03524cfac2c

    SHA1

    80c7953cd62d2cec3a9515212fdce586c4c4d2a3

    SHA256

    57fd9bfde6dd71cc38343e3f3fd11862257f14e5f13b8481796dd20d274e834c

    SHA512

    8ec922040e6da494710aa36f47369e263f923fd266b8e4246e48bcf76af4b5249d220841a3477070f9ce75c0baae2d48527d77359b634f70862068c5c3db735b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    876cce2f6558c2e532ef18286dffac66

    SHA1

    e8665a364604fc3940f26f5479570aa4d56eca2a

    SHA256

    1f718bb23c07a4c68131860b7192ed30d43ccbe00e0953ad4b0d0c1f5ebac56a

    SHA512

    78f8e50a314f08f311aa22fcbf7384282aaedd67fb65f9ac2f5693139c0d06c124cfe5980f37c6a98def03655c3329a9daf90bf1eb3a55e3039c8ec6e1d46d62

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    26d1e2c4136da0f1de5602a35964e427

    SHA1

    61a4ac276af1d7073e901539adcc0677f3d26db1

    SHA256

    ac3d223815ea3f6e2a17d385edfee81b45eb1037bdbc2fcf36b00e44e513ad26

    SHA512

    78aaf25b9893031e7979a99ca8450200c0480a7dd98f34381a042459f58764b3e7322921273348e5568ca88ffd2daabc680d64064cf9432d8f34b3f4410ca7ff

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f16b9116711f4515c563a039c2828e50

    SHA1

    8b23a4cdbc755ba05dd0721f672d67900ae7df6f

    SHA256

    0e8c89edd182a9c8fe7d16e52b7f44878ceb6049cecfa5985c4e344491488a6e

    SHA512

    c0b449e63b3c47db2ad57463aad234d108a8c4d64d28c6d6cabfe9f0db8cddb344b00a8f96caed9a7368ba11fa14327cadda827df7bba28bd964b57ee63525aa

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f214959c4e5e6e058ec02da6cddd2148

    SHA1

    5148e6030c18d4e77b35c5b79c9ac6feb2436137

    SHA256

    04953df955fd6a7230ae302e3544cd6b26ca980391604f984eedd706b41a2178

    SHA512

    4a4f190979465e5b26b32eda5046f5fb3ad423bf5f84e2a28b65ad6cdd702fdcf66db2c2f0a3bbd30fc41927194abb759f515268be4d42886b8e1d3a6370dd9c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5e7399c227805bfea8be0a87bfe43674

    SHA1

    ac41f3224009995129b0432922bf84b12efa64ae

    SHA256

    5aed5a87681ebd6a7a924245dde0284b97e208136d8be41e22879935c7e6f06c

    SHA512

    71ec4a5c9db542c807db5e406db6d1bc1f7dde36cb095937491c5b3a78c336426de58e5ce951985b34a4675ed540c71cac9b0886c762cb9de8e4fb56a50123d2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    89e3fda53f7e162834c0d47d62c0ed32

    SHA1

    2fbbd2acc0daa276f97a31d0b9fbdac65af1f64a

    SHA256

    80bab3018cb1a4a573a2f764083af3e7ed593bd75ddd93ee20a3ed8db19b679d

    SHA512

    509a211506137e064312353e16caff7bd53d4a92fb0c8dfc9a58f56eccaeeba089fe7afb21a04e53b35a1a03f46e19e531223ab421f6217d7cf75106362bf26b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    325f43e068e7ae44b68d21f5c1e38ce7

    SHA1

    35b0a2b37ff66b153ac7aa723edabb57e6d4cc27

    SHA256

    926ff3e7b1f1548ce953139b319213f549a0baf05882efd2a0b92290917c21c7

    SHA512

    d9aeb2e55da1240e65f71f17113828b64ab7a4c8225098730140dea8b5258addccbbf405ebd8c482e8f907f7882f2ded3613f1c901deede1a53d7e5b5060040f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0cc481604b532ecc90a9a49a7b1bc7d6

    SHA1

    318d5dd6f6271ee76b43b7ed262427e017013d1b

    SHA256

    9f4c2afc50944ddfc5fb9144fa498c0285e2ed99e462f3dac591ec1af6f0bfc3

    SHA512

    4af791e47e303b927916c1e3d47c82b50f5aa3ea512f8d6836ae9b4551a75e4c7bdfd4dfa0d292dc3814b27fe4362a9a05a9bde1a46cfc8e8c54ac23bdf4be69

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b0c2cd9de103df59ab03826d6532fe95

    SHA1

    79a894d6e17ed1d4458bb055ad10ccfa15f17da2

    SHA256

    a7521d0cf43762d52fd6cc22a59697b861615d37ff9eeae8b374b22e95c234fc

    SHA512

    f9de5ff496ca53d86b6a7d09da6759021f499dd3d3573b524179310c8510b8add34462b910c50026147ba83af3b54d31ff5a674c1a839fd8b085ffb44eaf4f69

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7a48edc241716a4b5ade84ca8bee0759

    SHA1

    176d60e3a1e8be4495d48fd771520ea340fc46cb

    SHA256

    425b96b1f9ce2f9d4509cf0936faf66c7c2bab270488a516d3074791de27128b

    SHA512

    c7d57de9fa63ca90ee376b164993d1a92186c973f4ad17fcb307ce3dcaa09298f18ac72df208ea11a76b8432b0a57dd5b1f67e051868e0cbf9c6e8d5efbd5c82

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a4c7dccefd93d3ebe4ff96fe14f21e7e

    SHA1

    de6c484334a7e40067522c170a49f67dbc76ad23

    SHA256

    ef7fb162acbc1c09d74c30dc83ca3a6e88f6d822e531e2d3e18e14b76adb2457

    SHA512

    2dd6540ab422266442a72da26a01ee9a4b647630b1ced2d84a339ea3e5532a8308371eb09e61bf238bf54f59c92b132711b00652b7edd6787191d853c4de0634

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    797233886cfcbb09bb375b33bce15e54

    SHA1

    939c86bc401e5c2e30a0892ae562f51d070fe80c

    SHA256

    330f44f23871be2193b4bb1b1459126e8acf45e2c27c4262c8e81a74ac3101a2

    SHA512

    4946224992cf692b7bebe1af3a59f3b4c4704b6244863090104728abf7d37ced26822a718a75383d7f1187fada50b765dad5e400edfc1a3de6d7974602bb230b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    78872e24ca7ded3ba7ec75b9a94ff9ac

    SHA1

    8dc3c105dd86f80f311c15d3d9600abfa0fcc21a

    SHA256

    614bfa0a26be42d0ac4323a836219226be7f5cbe8d5727deb4a4286d712b8201

    SHA512

    ce36d0762560c2c86f3fb9444231595bfca5f28aabacc1faa0ab1e7d4e87e9bc03a3e65e2ffda5c4f234fd829936324159c0dffe0b574a603ddcb630cc67e430

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    296b2bf831bb87fccf5969471ff20fd6

    SHA1

    38872d0e434fc2e7d38c72116a0ea95ebf5a9554

    SHA256

    8a46e0316039234eca66264d5d4005aa44d673b68da0dfe3d3f304216d30fd3f

    SHA512

    48c0bb817f7fe29794f827e5c1226fdde0eb349276ce791e6a570fffe6aa501ec8e4ce8b8de31c9e760f8e58f2d1b07242dbd064c14dddf3365eb606f40f52a4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5a9809556cc2d77c8d625a86061f27bd

    SHA1

    b8467c9e3f84825074e02a06e39402e9b52c0677

    SHA256

    58789fd3449c77a8fa86e196eed20e2fcb274615109e3950001fc2bef3c46474

    SHA512

    2e7c0b4602bf4e86fce930fe4e6d55217a8086eaf11d48e3c2a9f41b66392cc73a3e977f24723b9cad23d9aac597d73ff374590c37dc394cf5347b2caea1c5fa

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e64b41918c3bd7ea76c6134d97bf673d

    SHA1

    0b19517ef7d6b62e8322fa62fa159e6f2460c326

    SHA256

    283a2a46ca09e44d5b8a0fc9f9afd371fa13113d5119e158e20e0732962dc5a7

    SHA512

    06958dc3dea81473f6fffe31345d11ead9cdd31950377b273e14b21a32c94a34edab5a43a90c8b5557e741dd65d413de450c8389c0bbf52add8a10c4aa975a59

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3bc95a10b91bdcbf7a9f00d6237ce781

    SHA1

    3398a5bf80ed13ba9b2f2dabdbfc8956c87e252f

    SHA256

    0ff93a8657f4c1fb075ea0994fd09744ff35681a0ee46d0dabb3936e2109ad67

    SHA512

    a1590c5c4ae11eb844f42bfc42d9ca239087969cc2b2b274e31ffacee9a043c8d4d88c65d2fd5028598a4200c243ef52d2abd91585c309e9c934b8e983658a2c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    04ce63389b2cffad0359d4be00ff2679

    SHA1

    d961e5e4dd477da202816429a43a2e1bc48209c4

    SHA256

    d0d887086d3df6e92a04c4aca428671631bd944c18cd72f167d212ce95413ece

    SHA512

    7cc1acf17fbcbd4dce1008bd206c272f80f9a13d5dde635232a4185c9cb9dda9e3a6997bde6a65448777b07742a92eb20f01d186639d44f48bdf57a68c5568ec

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f91cffe37a1906fc937e305d9bfcb977

    SHA1

    22b9984696d18aff41b826aa2ff3d9f9501b0332

    SHA256

    9727ae86aea64f29f835c47db8e5e19a0dd099db76efe14586d6c0062a14fcc7

    SHA512

    8daa27dac3e3873ea11f42f3b5f56354bbfbcc0559d5e2d958256aa417848a6f50ff38c7dda191e6cbb2033183bc48a6c362b146fa27c8cbc43edc0dae2bc36d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    58cbc9107baa8e6e7f77a8a44803906e

    SHA1

    dcf54dc08d7e19f7d95bec6fe0d42783e7d763b2

    SHA256

    c9381b896af2d85ddd32979ace038b7af01517e4b41812795771fd172ebd4713

    SHA512

    d9ee532aa6cf799e1e07f006bbfab1c03f3e20e2ee2f19032b6c8ae605d63cee4c7fa6e19fab7b4ef53a4665eb439d053828da8685ed4bc3f82f981043fc88d0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f8c36230fedf69230b035d07d781e28b

    SHA1

    05bcf9ae85b93f9b055c14ec202c789acc91a038

    SHA256

    b3fa3718f316af05d1b55fc9d81e31b2f3d4b0aab1f225661e57f46dad907bc8

    SHA512

    aca054b5b1a9a2a26414b5440a9e12ae48d4f71227e4a29a0bebf6b4e852b5a46ab1ec567d69c665de77640f55846d391283962c18f50cec978f88b050a22a11

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6c86f6f271214829981415e54fd3b91b

    SHA1

    2c96394180d0fec22394cdf89b49bb39baf7f66b

    SHA256

    7bff2448dbd1e0ae3013480a8694f8e7ecf3dd2a677b127a92844e46c4dcd545

    SHA512

    691b49da8376d39147faf45c57ea8ee865363d1c00588a5c121b7374f8566a4c6972dcace170da1a963a128e1a4f4006bedee9fb6cd37c63040db2c1aa77eab6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    dc62c736ef134455eaf08f37150c8fef

    SHA1

    f54d7a456e81917176f89a410a86e4e22e342396

    SHA256

    32bb738f1b3fda5f3987401971e5ff7ee02960819f956905ce2b10bd0418c55b

    SHA512

    fe865cadb30f3d41e1b6197d81ed299f0a7c1fd4b54de6a6e52b25153090267a7e3679bee21514abb3298a8cc22c0de634e0fa3227f417bb95e07332763957d1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    49d7cb258309044da87777cc23bcf162

    SHA1

    9099d3e5fd37a2d25215d11c23de929826898b7c

    SHA256

    a9a3baaee61502e5282cc3a6f791af69f1a7fdd838285dfa3f047584a0d89312

    SHA512

    ededf90929b10c8a988f66d678a7e1d3b1142544a443b6270fcf47a0c90e3798c02919019457ba4538c421e156338fc7a4aeb7cd622f8ff72d8a41a22d17d069

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    6fe9d9b4c5a5bdc985d4551301c59d5c

    SHA1

    be6da0c813b5b7bca8ca58bf67472943a140c23a

    SHA256

    33a3ee3e349ee62ac88c9e95edbcbdb85db941f0c6ec4e80bfa5901cd21937c3

    SHA512

    e5f6c3d7dd98600c0629178f3174c5aeca72b6405b43e7a95a320108408fd52cdfd14ac3e09175d38649b18264ded2fd489b3ff942ab6b1d1241b0e493911e06

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    89934841f13ff4829aac1c1a0018b5be

    SHA1

    f1d247b458e9f2a28b4b109410a01bf7339c425a

    SHA256

    cef3c2dc8aa6eb301bb4ac8869c9a677097522f385098eeaca179e2a3196d67a

    SHA512

    680a6ac8db9678151dbdd8b80e4c42716a7e8a64ed2d135ec9b2a33766de17642e51243c20a8a038ff5c350ffba55c4ef2955933eaf7b98e984e6d6867e98795

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    718200dcf51d947d8a342761e4226d5e

    SHA1

    d839a3a524a6f2a55abc95d18e3785b9230eb962

    SHA256

    8189ef4ec00a85b2f5f4dc378939a73dd1e387d169fc0752752aade049a9a950

    SHA512

    5f54d84543458e7cdfceb8d9f0e8c5b836480fd70dd91a75e0cdfb65ee73cb28c7276cb36dc14e4f5d89b0095272b873463e5947bfce6fa84d70818633575286

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    af4f21e657721048ada43a00c08b5632

    SHA1

    e79979b767c124364199a114ecc53d893f70598f

    SHA256

    357a60a71f67bf24c2a0ebbd5ef774d79f4ace617d853e84725e863ea2e4747e

    SHA512

    0a604d783365a4871f5544888baa4af62fe53fe221cdb1bb10852fa67e0f2c337188f31c04b3c217c8d02cea971931d921637991cc6bb7f33480e89590afa221

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0c088498d0ad9fafd3e622dce8d933aa

    SHA1

    e75791c52169527c70a7858371477f0e5393c300

    SHA256

    0cf73346416a5d0734dd5a26f2f5dcf256ac81f0230b8c6746241a293a113784

    SHA512

    e1687cdb122cc1b0e90ab364000ff61961cef8f25c28b91d675550b8eb2bb5f717c71f75ab433def431afe74ecbc655fc248432cb3c02435c6532d7b9e9f5ec8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a7e0a87fae78fda68d600c6a4b844778

    SHA1

    c2db22deddd02ac119bbfde007d40594bd1c843f

    SHA256

    962e5dbb3ab8653ee8a58da3c14b9c74daee91630c547f0712be60e22b9f9e03

    SHA512

    c3e8790698b8e81eb888cb579b51857983efb82a11456019cadd160e8b4b41a545886959b7d3d400098a733d1e3c916e68a1ad952c0398a39445c1ff5b5db362

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    859838b95dcf7ef1bcfe23d35bc0bd45

    SHA1

    9c76312714106c117d092780a52af0bcc7011b68

    SHA256

    09e0bb0ecea0e4745a47a0b315d7a050d7447745f2508ca2c36169d22ca7a658

    SHA512

    c6ef4140cf8f652acb3f83f395277bf8a67df74cd9bf94e22699a11536449ca3603a10c2bc9e664e005da554296f3948c575a7c743729967da2026f6ee26d125

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    add8bbd628551007ba46cafbabacc019

    SHA1

    a22ed8059f7b83b01af240c175e6fe846497dfa5

    SHA256

    e8f8d5976339c8ef0dc7c726baf9f23acc20d53c73db4b755d881998044bfda0

    SHA512

    647e269028304f29bbd818845af15969d8d7b96ef5326b273599db76dcc62d5105d081252b5122080ed78efa93786a1104325bda297115e29348324807cbee2d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c5f21bb247aa8d0f490fdbbf6cd87c14

    SHA1

    63a51360002d43a457ae3d7663926833ee9a6412

    SHA256

    ea4fe7cd341a3d46d71f84a1712151f58be7d6a5b6e7c5ef78ce1a6d8524cdb8

    SHA512

    7e2ec0c6ef71bc2ae45e8f8ecd707ae4f24690e696522710a87bb632cae3735169978f3f20bb0471eda72fc9bdc8e1bd7e6fb994080c32e6bf1080be5cbee403

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    bf877e954f306cc45970db041e8d25f2

    SHA1

    6eaadd504de947c252be80b6832822845a18f541

    SHA256

    1b659ae4decc287678960c03bd1d30ea682e05ea73f5b6387dbbaf242f3cb784

    SHA512

    d7ec4c50c9db7d1b2b5255d392affc0c088d644173e2e420ddb32d987f81c9044dafadd5981839fbf29349519db3277989e53d48de312141acec45dd556e2d3f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    344440613ab8c9e20d526835b6907457

    SHA1

    f4a78de3425d11961b2f1c23d2522ae7eed0cde3

    SHA256

    ed99c0d83dd3eba25837f58f87661c4ddc7a431bc268c483a363668725f0e8fa

    SHA512

    b1909c7f02bdafab4f5a97363c38914bd9978b88a269d960cdc388597f88f11d9ff2d11797eb7c080c2a376a82886cb9e542de22d3e1b0eb888af90a5bf33d03

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    36e0b1c22d037873157631f5a841de61

    SHA1

    2c3afff885b3bfdb0b4cd1ad15e77ae0730ee284

    SHA256

    a6d3ebaafeb003788e4b8b06d25141cbbd131b0fc967a2cf54e8b71b51273987

    SHA512

    01ba722ee66e1707f90a2d0b7c0d7f276ecf231a5c4226c8cd5f8e217f8831bd77d8bacd0df827f64f2ae6ddc76992d19d2b83e15fa3642fa4470aafb231e53b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    093cb77032a5535da91eb6fe4872e36e

    SHA1

    abd5eb983d369c3184560277313c0c5b48df480f

    SHA256

    cfde322a86e8f82fdb0d5a53ac294aaeb3580994e4034d515f8bc98413909a5e

    SHA512

    e0c3ad2df7a5af1d8bd561f4e0193c968cb89d433e63259f63fd87121ecab9dcca946e2da0984dba5e1848548ddf9766142f6b05e49e30b25324ff856844498d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b5263c98c541b439888c4fe26df00c3d

    SHA1

    6b83d8fefa6b389de169c6f4725293c4958e7407

    SHA256

    0b6119b6046682f5245d08320f6921f509c2680c105b28da4093c2193b3c7f7e

    SHA512

    7becdeed5a8672afabdb2d2d90d4b5756e4931eebce835f5361dbd70535914b920e9a39a690c4d7dd1b7a7a3c54527fd6e0e527eddb3efe30881bb9b4639fd82

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5159ff4bfdd7c602c408b87c8d99b575

    SHA1

    2ba21820582b0ce86e66fdfb2af93464e164c832

    SHA256

    5f6fe65344f0503e5f6228c578e6c9fbfdc50909bee0ef6d130fea8850ebf142

    SHA512

    cbfd5e5651a272a4c6fa34de255ad8922ec301ee2ff510c74f2c756918177a70afa02a1f3eb671d82e4904d89d7c1d7cbac382c8a57513160eb1ca631e14bc2a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0e57786c0b57d2639cbffc35b9e715f1

    SHA1

    3f8a5582453835842804f64fd74896621894e66b

    SHA256

    b50fbd06536c147dd7739f06c7ea18267bb6f79b21fc169a472d02b7b65ec4ef

    SHA512

    c53b0c05cf32e9eb152eb0fe814d10821c2a1b5596d4e0e820d243a657ed47143397745dba944ff9e2411dc9c773dbc6240c2e40072724be923e974f4d4f9a7b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e0f7e5f1e3bf1bff31fed49fd2941c6d

    SHA1

    00c06c5e7224b603b1d49494baa200ba93e54423

    SHA256

    11580b24feace3b4236192e3f900d4862e2878928be5b58fabd49db32f9417e1

    SHA512

    f664620196246e7c2ce47ae62b31c8adfa6387a34ee414326ef11a7e0cbae444283d88dacedd38a6409e353f5114a139c9b369dbff1ffaeae5b99a437b9ddac9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    310eb62399704306e368cc5f49e3a5bc

    SHA1

    ac75cfc72354053f15e8c9dbc63d55b126450c21

    SHA256

    3a84cc7a9f0bab6ad7b8f4afbba571fc1ee155fe69b8ed87cb18ec18f4397766

    SHA512

    197da6c8414839d34904683c75057d9671f6274907328d5ec3686a19cd22c218883c3fa01c2b916ffc65ddf40543e1f155c14ec6b8d4505c1f091c4ca5628e95

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    152af77fdf0ac847cd0093e8d3f407bc

    SHA1

    2b300e934c63aa8bbfebd201e66869ec42463ea5

    SHA256

    cbc23aabc493dddbe398aec04428b07a6398259869517f524df7f310225c298c

    SHA512

    81d9ba86b384b7e0ebe7519e32f9e429369ecd61be923e00fd9c1c5b72bea3bba9ec0de97bb6f632404af6968bfb1aa404f7e9cf3e1c969c3abc249d4915f3a4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5d4e4390a7a0a77260c90d88a9693ce1

    SHA1

    3b5d1c28a53f31afdaee3020cc63d756d0bde457

    SHA256

    0cfb4998ad1d24a7a404f8d1db38ab6a4548e771122d3053d4efdf68af358c9e

    SHA512

    2e271db63c67794de4e250193631409743f0f2d254184e4b881090f7527eb9441a32e0345b006d9b0b87e3b9dc07d566ec9e60279d1b31e8ae793800fae59fb9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    fc61d107788ca84a55301643a2c873e9

    SHA1

    def0fd6884a67933f16e51e5ea8a4cb38fddadaf

    SHA256

    7465e0fa4cefb387cb03ed9d8bf5edeb47bab0c098cec9d63cbdf81e360415d6

    SHA512

    e4bc3822f586ddabb2eb8ec483ee21f5e0bbd269c89424a39d4a02738084d2e0e5a75c5c0e0eed1d7d4b3474f7c1005818572ab2e944414b25f24df54859a7e3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2b6c1a085b8842679529b92f35a30304

    SHA1

    58550d073ae28dcd68cae71a7566aa606b9a010e

    SHA256

    d816a1192dc7d80b118bdc73e93bfbd6a88dee2c72f3919fc9454956097659c9

    SHA512

    bfc59e74d97fe9fc568ce7cf43ecc745f0d7273b0486ab5b25ddd81ecc3fbcbfc0a9af7fba14e7c6281dc40c319f0096d0b2a2f7246cf45dcb33cfa6a9bbfedd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    71bed2d651c5a48a7c2428ea5b5cd546

    SHA1

    65af7333253f8b88f7bba59f29409f5f0841592e

    SHA256

    28d089743d3373b854f17226dc863ff0c6ee0649415f0e71bdd9f5670da9aa2d

    SHA512

    8d95ae6adf3f17c52b380ff7eec4b00e1a390435bab1fd40cc890652c7afda573b3b975adebd7503c5d4554c114534b3bcf2996c1a935c96e2d23a6e885a74e2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b590e83289d10896ca050e29954f30e7

    SHA1

    cf98f9a05bd936fe998dc384c1de5850eab202e7

    SHA256

    6a1038fbdf438a980f690dd0a29685c94849106c1502640a4d32d45069d9a78f

    SHA512

    cc0508aeb1652be67bf91a8170b4e39d66bac89658f64349facd3ca6dcb776a9e805b2dbc9c75d7339fb4c254f14180a4b8cf36c23d22ff42be91ca00b4e0485

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    30c1b8bd79e1429c79828f33815eba75

    SHA1

    3bdbf4408a8288adb546b0f191d92c71e048ddc7

    SHA256

    2339a10fa8c5a50e0454c009bdbdd464f65c5f4ab05d801a09d9f799b3b4d44b

    SHA512

    ac2ea93fab7669f7d1a0d7788a90596c66734585b4828ee3b41d76bce70c1c434b6b535a254fa250a4932e159e684e580fb5e49f7838982b17ac3c9b42055817

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9621e34efdc84fd77e5628a83b82b68f

    SHA1

    34ff5c73810391a4c477324b4e43447480e87a46

    SHA256

    2d8fe32db156c1ab96a3cebfecdaf75b4af95b785112d4a54a9f22f0a07edd82

    SHA512

    f3d16e63d2eb230eb52c9adbd120ebd65e4a40b5947c5fe0c6bd4d7309c31fd60a8fd14234675143dce10e8ea8cfbc34521ba4c72e6652fcbd71097e0fb91b36

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    750KB

    MD5

    0f4a11370c4bf46df2397042d445f84c

    SHA1

    b617773bc05ce671b21713028e77981d1c69601e

    SHA256

    4e4c9a72d72e1b9b6245c86e6cfa1d87547e186ffbc4e6c554262344baa1727d

    SHA512

    43f0f254ce46b7e26202c8cc484977b70ba44b03ca495ae22fe371862d03bb8262a6af9893e734150792e5a62f7411d058ec765605d7cc5c9d4ca2f571f2c102

  • F:\$RECYCLE.BIN\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.exe

    Filesize

    909KB

    MD5

    7cc3ee9f96aaf1919b72fe1dc98a59e7

    SHA1

    f0b8d56111d815ee18fc494a7ce5c06006c4dd80

    SHA256

    3a2803b9c78b610e570249e3bdec18ab75595b2a054c56d2a95c69b7cb4c97ef

    SHA512

    cbfb9936e2a3faaa2d9ae2a3792b3519c85c93888ebcb0240024da0b7d7f1867dfb083bed5561d4b76a25f57d54a40da0e7e4c067e89fe0de5264654630e6ee1

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    909KB

    MD5

    2a413fc28008906ff64b62daf1ea0ea7

    SHA1

    efcf0308d29f9a821b32cb4e538b06a54d59b018

    SHA256

    3a81dde4b638df30022d899c14177578688b06744f9bfbfc07071d653986e476

    SHA512

    808a88389e51e3acb333890c5c260946efc99600cc123c142a63c706958444426b07adb5ec40c0443584ed20934df6c9be3e98b190166841758248fa1fb89d4f

  • memory/2528-70-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-112-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-5-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

  • memory/2528-182-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-142-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-122-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-49-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-162-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-132-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-59-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-152-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-102-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-60-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

  • memory/2528-90-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-172-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2528-78-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-111-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-161-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-77-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-0-0x00000000020D0000-0x00000000020D1000-memory.dmp

    Filesize

    4KB

  • memory/4540-69-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-171-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-89-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-101-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-151-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-58-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-117-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-181-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-141-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-48-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/4540-131-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB