Analysis

  • max time kernel
    145s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 04:20

General

  • Target

    b6b8b4a3bc16c2f4b558ed1e4516c944_JaffaCakes118.exe

  • Size

    958KB

  • MD5

    b6b8b4a3bc16c2f4b558ed1e4516c944

  • SHA1

    9952e8cc06cc8509fa9b2b0d2708c46a7dcb5aa8

  • SHA256

    8741ccbf5c4054699732d5414e86346a851aeecf954900a1c9bf614f11af4230

  • SHA512

    0344cdf8cd666595a7fb16dee0bbf6dd80fd3e849d0bffaaa67b0ae43013598f920a1bd6916f05b56d07ab5a178c33606b488d03f91a3a611609bdf627a5d49b

  • SSDEEP

    24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvT:oEs1hV

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6b8b4a3bc16c2f4b558ed1e4516c944_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b6b8b4a3bc16c2f4b558ed1e4516c944_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:4772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe

    Filesize

    959KB

    MD5

    293ffa627ebd6227198a0510e773aa53

    SHA1

    dd0a202089965471392de5fa7e2868d04895f2bb

    SHA256

    6e88620daa7dfaf95852ecc3291970b4f2ba405000c12241fb2d422cb0101a71

    SHA512

    95174f532adc53eeebc69527eddc1804d14a1bbc4a4e152fb049ddfc743865b3f77e29fcbbc0108f7a81bee2dcbdfc98d5bbf9fb07b19ac44ec843c4776fc2eb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c6eb19fecc4b7d988cea7b93d4a9d1dd

    SHA1

    c1bc0b26d51755ba744dfbef005c1f6bcedcc9d1

    SHA256

    aaf4040791edc5281bacf53b2d4f1ca013c197bcd4a8cf16d173c0b57621978e

    SHA512

    e94320290a120ad7b9afee4085a5826c8fb123b5abefebd1bcf74b4b881a8c195dd02f54866813d5ef7ba1a0dfd2fe451ed235a6d3dc353d76289a44fa73a89a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a05fcdba5ffe6ed245fd70a93eb30486

    SHA1

    41c70b7cab2fbadb0a22bc875343eb4a5b030ae0

    SHA256

    83e32f9df9c4ecc83e37c713e8599a050046e59c8fbe3e15b902d17101a12a4e

    SHA512

    0064f74724976a236f267c7ef2c5ae6945169ac86c8dcede9a620a338884699bd7320038a12432502a5b298bbd118de9cea8c1aed861e283be5279f5898b05a8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    442a014c81c86cd8104a62a3cb86abe7

    SHA1

    d49980f6c07a8ca9d52884527d124c4dc2417122

    SHA256

    c381c18f4ea0f88068fc2fc91ace465e5028e5c4b737740d093190ed4f8cfd28

    SHA512

    169f73b5ab8e5ba46b1e7ab8decca8635967b8aedde6ec537c88b2b09840fdba929bf51e67786cde44da2e3138bea66737c6b52654f3c0e353035ed359fb6ac4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a727f2d40d5411e5f32579069ddec899

    SHA1

    f56e9806928e41679476f5dcb0aff753579833e8

    SHA256

    cc8ceca7ccdfa4a38d5b276b08f155d6bfd9d5056bf526a3777e2fa14eadc4dc

    SHA512

    0b520898e2e78219e2c574b6a8e7de7141c72cc89b3f772460c546304cd4074f51abb1b9b885d0ad840d302cbb1f47a28105767a1047ac8324b102af61e0901a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    86c67ebec090ac9a80bf5489d9f1bc1f

    SHA1

    271b7a0e3f6dafc0c02ac4fc53471640a451de5a

    SHA256

    fd6e8336275d4c746187f2acbbba32c379e8b14a65c1605fd647226e06e711b9

    SHA512

    3d1b0e8d2819a3151af41225e3d6eda8d36fc5e0489ec5e14189e8436ddef3bb4c689cbbd8ac1e42a05b8909194e51b8550d89d48381a833b278e02e78c23ee5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3be06f04e0e6a87708c07fbefb72e4f9

    SHA1

    007057d16c05be504604139fbee30337b9dc822f

    SHA256

    e8b8b1bc4b9b5ae91afbe9faa7eb56f0aa3a9dd2e4c392a2c6e3648b76fec616

    SHA512

    f7010a80934edbfcaf1c305530b53b8b7b5e1c47655d3e620a2fbc855f04b98b14df703ccb31390f60e697ec667bfbbce070852133de0f9b49ca2833c197a1df

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b0ae5ee7796a8b93973717231579873f

    SHA1

    8bcdf24deac05482c428f86c883d41180dbde33e

    SHA256

    0158fd27e83182a762514ec8663f2430a65e33f4bab16f1a16cd8415af2481b4

    SHA512

    c0c87f012aa5f6428178f5f83c8a66cf09912cafd80f325a8bcd89e50176c5954884efeda5b2e131efb0d42dcd3ce9a5687cf1caf883ee5d8a8e9aa4be7e46e8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a7a289e6fe3d2cecbf7d8e68a42b00dd

    SHA1

    e0a4f70f44ea341fe5fc975d38b008a7c33e4410

    SHA256

    3b5ddde6976cfb0ada1bc37ba5e214295f124caf56a6fda80c3ca28c29d6a341

    SHA512

    eab998ee4f005631e309edfac3ff8beea125cd94880056e567dc32adfe24d62ec9f888954159a5f7aa6b1e089176e03ec47fca1d309d88d8a9f8f7d83e4ee3d0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6cd775155c839c93ba9453c20c6b11ce

    SHA1

    30573385ad74c40b4b146420c68476de14677bc3

    SHA256

    c54465b07aff78302048fc92a3e42bdb57a627446fe36b5edf33a13198be981a

    SHA512

    86b7ddb7ddf5f080fe972774d07b457c4e3dcfae8bd5d16172eca0ee51af05ed197b9c246194197dbc59348d3a5307f7e2f3c14b28d5325459543c71e9773809

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    211fbe4907f408cfec34a76bc7d25cd8

    SHA1

    57cc76d061d40afc86c6e281aee93a46d159cd06

    SHA256

    431e4ad1b2cdf3e0c00f77468e56db2f471c4544d4a5a960849c1d94e0cd42d8

    SHA512

    6f4aacf14ae573a96a474200b4bf1b22f6c09af80fb93728248a63149a06b237cf2bdd7fca962047ee3b0f612cff029e822bf076263a6cfae650a84ec9a9eaec

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    473f85a170ff42ac572024ed1c11c241

    SHA1

    916c885ae824c16c9fd9cbe229b65021d4dddbf0

    SHA256

    9e678077495b5be351509221445043be0eac88970d3136a5fb28505b70316010

    SHA512

    dd12b92b15df1140f109a67babfaed511a2f3383e630b597018686a98f5a53924f56e072555fc014863cbb94ea1128265d2241b5b801acf6993e6ba1048f4b49

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    de26944c4b2fe01ccc885249f3386b71

    SHA1

    56b48df0a62b1948389b35bbf1c3985ad0505108

    SHA256

    f1fda25c00e5f952dd9fb1a9e1f9bd19573c467445fe32afd4d69f8a24374ba5

    SHA512

    d36378de759a84a2a9a6fa71563df45b7f340a372ef1e70e7354efe6cb83d9f8caf8436395a0ce69dfb0058066e79c0b9042a4fced31c82bb98d016e924ce0c2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    151bce10b5b4359f921f12764bee5490

    SHA1

    b1c9538fdbde0acceca59bc9198b1c72b665c4df

    SHA256

    839627a358398bdb8a9d0a7a2f2649b8e74afa822c6d9ac860991bd2bd0b40a0

    SHA512

    90a97b5760d7433bcf8117f142c29c3873cb1313454aecf910ff5d91cd3d5b8aed5aefb4a3ac3d6628b06440cf6a7d4be0562bd2b1a32c4072d10f6e6d1861ec

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    51e8c7258b6ae87b1e50956b0d703540

    SHA1

    0bb05110e50b1fc0fb702af2c68b2667d0656fb1

    SHA256

    2871100a0cde5eaa325fde9698820c8dba3a0ff084200863e5fb20790408dbac

    SHA512

    a74536843aa02a9d967ae3e9776d03eae9a06d6a8cf27d958df13bc2e7190f0fdb57c015c116876cdaccae4003e4f5be0c9b817404b40e329902803b71addb09

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7756a7097308dac210de2040e6979ee7

    SHA1

    7550201d678c2f87d64d85884ef85071f5390573

    SHA256

    ac83d57147f5c331160e409620dccead4168105e4cd28f8b848a594c8c5ce96e

    SHA512

    484fbe5f6d6514725b5f66d7d5249ab1d570202be7411de8329d8d51c9700b756e19cbb279312eaaf389b27e87959f67699ff644d961411732079adaea4579f4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d42a28317a3b7fd1a6164ce86d7bd29f

    SHA1

    fe03740eb416087d4c732a6f9ac5355d6f77962e

    SHA256

    61611c44b7b75c761f6486e5c35d4273ab0be2d070357c4a73ce47770e61fc62

    SHA512

    44435522ba2b21ebe2ad22a4541b2b7ebc2b8b8e0edfd760610636d112cd000776d7f89f5290a88f04211338bb09204da24bd9d0c2643d7cb3c69ef50ea19e58

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    98383656e8c35123989bd696799560b6

    SHA1

    7e9f6d69f3fa26ce7f063e26454add83578b19de

    SHA256

    869ce585f7fb7e0775fed7a976138d1e1fcb8365c72a292ef1863814a72cb8b7

    SHA512

    f383e802d5e70cc3c58f3c12eeb2037aa7ccf7331d210d1a07fe547e74ecb65a9701657ca9447beb6f4ff4820b2ec9b19d70e78b3c50574d1e495f28448e2d41

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    37eef8d16fdae78f5def805cf278b423

    SHA1

    dce47fe4252baed8b831d09c1de3ff691a4f682e

    SHA256

    81f6ee5a378724754581eaa42fc04ffb16785d064bf2a1cd003c7c0213a71e8a

    SHA512

    3692db195b45b5037d9cb2fd17a9ca5450dae5d895c07f5997b2ce132cdeffe89736d7f24b96f8a3999922851980d96a4d789be3e913c0e6f3ab092d2c8a8947

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    da7b58118858b6bd1b7da255cd6d1c90

    SHA1

    028826fe9e3e039ab21adcbd1c1d89158b19af0f

    SHA256

    75ebbca35426db2f32794d890922d7c8c2f3cda389be856bf51699c62b12bc28

    SHA512

    b8591655abe2a4f02347cfd587570824628b9f288bb850fb05dd368d02a3c40f4f04b5815f6ab2f59ffd90ca9e676dcc17b070279fdd2d52723c18c9adaed955

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b066743eec939c5cdd7c027901e54209

    SHA1

    4676ff8fa77f4de540c947b75c0b148de77d8572

    SHA256

    934752872b7a917870d82fb442791c42e4b7de3ae0bdd727168fa06eb4c7ef3b

    SHA512

    9b62885036f6da95d42c8e63f18faf64b0c347f03f97975af3b6292f58a1b74dffbbe932a8101829bb4e386df92094afbb0123dc4c93d770031192bef0585afd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ae82f62694b0bd3a23e55744b892e125

    SHA1

    c87d14900a797bc01d5183c9735b761a2a84d9ad

    SHA256

    86d4a1b9bb6252943dc0e897bf74d90820aa146ec4c650ed98e770a131848a28

    SHA512

    65f3fa0ade268a0ebc6bc700c23f9a787d30914b9c0013907f4143b6bcff2c7c670d5a80ce30fe1f2b2a6fd48ba185a7fa2f8b10aa7b59a3eb7128284fca6e56

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e81f2a5bb6e80ad6e12e9b960eaea620

    SHA1

    23e28645162502d2cf3557a8089278bb55bdd969

    SHA256

    e3dabefcda9d1d2c348b077463766ee6c5ecb07ac63823f847cc986640691f85

    SHA512

    83e82a53be9fc9c381a7f740c619a66914d64624393965778ca059cd2f1295cbd64d728d637b7fb3ceaf0290a42328b82c628fbadfd5a427a65e70157e34f6d1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4c76a3b697c08093e4cfe3aa34c2d12a

    SHA1

    1ae47ec67394948abbfa3a5adf81fd39b4b0b545

    SHA256

    e54e02ba6b3f5bc52c661121bbb535288e98f651e8d509874ad7dffa4b4399f5

    SHA512

    7c27e6a147dd2ac0d83c4be0de5a04c0f4d36fc58dcaf102f7ac5f2551e4d6a37949adc311a183e26f5978c09870459747a7a9b880fda0ed0f8126165fa79c90

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    1886f01fd5ff4138bf677aeeba74f72e

    SHA1

    adfea33f87bae956dc980a2a51e34f541786d5d9

    SHA256

    ed43421359c0a9f310073a7feb18e572dee77718915a7966122495c9a08c20c3

    SHA512

    5ffca21713dd5f9d7488126cd0f7c268d5799f91c7bf4f6133a405286a03373186d048a7271618b35076aeead33a9fce73782c24936c9ec503c92423a1ee3608

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    576e7bdb66c7f2359464436c55057cb5

    SHA1

    ce789949e9c938f641f4315c26ad552e53837cb6

    SHA256

    243e30702a12aaabe7bafdab2bc2b15fdb58c73646ac288a41e3384569cc0475

    SHA512

    f8e71870677bfcae6aa6cebcd7c1905c5e323df279485c070db22345eff800af5f09a0dd35ed13bfd935eb0b59b2b36990f37f178bcd6ad1270a5d1c9274d23e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    83d6ac8089f5c66387dbbd265f7feb7f

    SHA1

    d8f30660362b54e7a2febae637c028a6c99d323e

    SHA256

    83ca4f51ddd71bda4157af7485f9a4dce88e3ad7d87c16c35fdc7c5006e770f5

    SHA512

    f331397b502417cc609eded2807fad8f576090e0ef074df7ea77c26c72abb6d715fc352562c9aa8bc1730787c13f948dcfaaac37f97710d703c92e51e6fbc7e3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    cfe40a34077f5cb10917fb4886f7d3b2

    SHA1

    298979025890ac5efbd7b905069389f373dfcc96

    SHA256

    a5d0278fc94a374fb017056e9930c83b583cdd39b55822b3d92d69a58cea193f

    SHA512

    c13c6b5fa9fac78056208d2e5656144b8f2ec171dc443810bb16fd960a919c68982b6829076075a17981b72d8e0d4efe4d25c558943dc5c72c570171414497ed

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5e0384ca2b4bd652fbd568ba55410baa

    SHA1

    127ccb2c072a2723115fe62165a777325ac995e1

    SHA256

    b3acbcde49a1c939c32e51d8cb7fa59b5739a4ff854bc02ca9df97ae85a9190c

    SHA512

    e305ab0dac7689bfd6d6d9a232cbb7d9092d38ad8d05a851bcc803cd1596b0a3d1fd679b86bde3767fd562d906f92084ee41797858e848abcbc7cb4e27c41df9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ed28b9b83dbcbaaee728c4e1a8efea3a

    SHA1

    47d9e11df2e0d38d64eddc170be02af7345f5c8a

    SHA256

    78a7200d1b0e118575d4e0429d223f81b18ff22ddb0d7182383e5577d6ae1fa3

    SHA512

    59398ab5cf8a1897f9336e577f2dd4aa8eb869cbcc705bdf5ee576433cf1b90822c75ec1f812fb2da08a922caefdff89ec89ebb3fbc358c04df5169922575738

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5766e680fbc215ff0457185b3ade7ed7

    SHA1

    6850b1c4b0489c6d2c1ff1f6b4cc4609b4e209ad

    SHA256

    77dce6ba752588702e7c6a1a2e5d601ecd0204437588f9b9d36cfe6e5fa476e6

    SHA512

    6cf7c01d7b8a3d9d6d11696acbba120a00e160003ddf355840d58eb8fc4ed39ab8c7a6048f4f279fe3cc5f1e163527ddd1ebe58b341a3fc3521553855c7091a1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    aa55abf97f5d82bbed7f85030f2f21d5

    SHA1

    25807ce331091f558da147ce121e8f004b5be7bd

    SHA256

    c78166a42d4709aef954dd0e6fbb4b6bb10f13dad3cf4b169c1a32c88700dead

    SHA512

    3c08e0a34d080151139a6ac8a4a0ff5845c0f731bdbadfd147df29693621e41cab8977b154db53f58e50f25a79516f59b1a7a8aab5bf76f892e53682423f33cd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4dbb45ef49de1e04686a46fa5e020b61

    SHA1

    d2461476e622c8bcc619c5de65d10d76caa9665a

    SHA256

    a41855c8c6206ba596499b9655edea6f28b436e9acf3942fdcafc31f66af787b

    SHA512

    c1db826d187600e83766e08feafb609478c9593ef626a2bbfbe7e1fb87326aff5dddbfb7aded63a491912269668bb13190fb3eee487bb44a90984aea1828bc38

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e6cfdd44201f3ccea94eb197c5906892

    SHA1

    c3c337874bafad5dcb2d98806ebf833a74ea3e19

    SHA256

    290ee17b0f7ff8328f3f43811c748042ca7fb34426f48693bc5324538bf79008

    SHA512

    8ff9b7a54b5a7c1edd0c832456ea3c05e06d40f576e666efd01722c7350e9ef7fda69575cc839d01effac54eaf858883e622c5c2c29ce55060df2b390a82d01d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0c3188b669eb4425b217df3283cca209

    SHA1

    fc7617768f39b23813dcb54c47bdc69d6757c988

    SHA256

    1707a308e73a4d25e0d83ba924c8b7feb81a5b86eb8d4130778502f0ae57305c

    SHA512

    6ace0dce8f4dc9f0cc178dc6b5f89c7ea72fbb79eb4e03106a3ecb7b72f2c8151df29709dac755d22e67139b6aacdb1863aa7e19ad897daa5de5d05d2a6b3748

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5ce9753e3b242771b23b62bedfc55cea

    SHA1

    d0a8ff2f90dbde1190712f74dded06f7592d3cf4

    SHA256

    7a9e3cae514926296a4e856151c248da727dddc1999f871f617d27a1e7632d7f

    SHA512

    ececba4248d79c886b82886b188c96c76726f4fc2baeaffefd2b4874d7332fb1fd09be79484e2bf1b0de517462158e6eb3334918c95ab13ad557f2edb7429e8b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    99540e9e8052f1e429092ecc825cb280

    SHA1

    800cd4a0b294eefbbaf573e5e4e3a7e477e282ec

    SHA256

    ceab8f09faf7b4079241fc905df18a2ac074cbd4358337c18a1f109b79525237

    SHA512

    cdfd9a9a2a44b18bf6876d16405267dd5d116f9f8895114a1d83c87fc34834a96bde74add7dc581d16e298c0831a7951f3f133198ff895868f1969162fe74a0a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a4bc9ea740399676e2d03bcd3108d6f4

    SHA1

    35a3a762d62c21fe9437e3f904c7227f90f7dc5a

    SHA256

    73263ce499fa87d4b16964e219453efc042847dcd554733e8f77df60a1448974

    SHA512

    de9a2c2912ae16434a7adcf147d10783b4c01b8f46cdef294f7475146f0b3eecb44baf200b9ec6c05764128a99fb029a41daaad3e404640da545064deacb1ad7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    bd3f95ffa66931c3926d4e83cf0229e5

    SHA1

    5523a14dd64a4db1300910b1101c83e19cc92ed3

    SHA256

    3e4d667304068cb81cbfe321345a92077f4a2389c2da760c74755eb374cab575

    SHA512

    bf99ecc2a7f1672ea2d1cd63e88c502b734c481efe3673481145dbbf20ecdf76f538e5ca1085de05f5b4c268a63c7ef0c3625ed4867eaeecb4d1db56dcfe4c77

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    63f9ddad7958a79a9433d395ff62d0ed

    SHA1

    b710b7d68a51851bff2088bf2747a8058db67597

    SHA256

    b58c764beba42b763ad4d8b0dfd428f7648532a56315f25923d24b27815e6c9d

    SHA512

    1e9933714716f5893a1ee85898b6425fd6ebe3d8482dd029fe8866ad9aa44f13d7cee7085a1eee61086c6b296f245d01bc3201e07ec70518165565c01f0df342

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    662d3b63b1b6abcfd7a69c6f57ef2d13

    SHA1

    dedba3c1178931d427109c831072a7353d47f068

    SHA256

    09e15542e6ca8a3988fb34aa2227cd8c793c80a08f28d47af0bf20f8f6592c32

    SHA512

    8870b55140c02a97805eef149003b6a1c270fa8f94024146f1c3527ec41a91a33697361934e3b1c831c3009b31b33ec415eb19f8317d8c25baa2b54e6af46cea

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b223c57d55bd4e4da9474e2602f10258

    SHA1

    01eda2004397c56809655099a94764a3b71a96c8

    SHA256

    488022823f0243a0eec2f55e9d12a7ce8792bf04c73627ef9022507e8930e003

    SHA512

    2c1be33a457b41acf0b872ca892cd47905f2a73339480058598ec3f988af4117b15994e525e364be41287a1346ab96a0f38bddb06c60e4a84d25e82e823cb09b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a56e0b737ff5dec96542f258d80b752c

    SHA1

    eaf8664e79dbea3c2ef3d64981ec9ead79ca6d50

    SHA256

    181684804c89884b136771785481d0aa8dbf80f2e1e41dbf66eb69c059499cc0

    SHA512

    a69d4a0f6156fc6ea22e2abcf31f1cef68be5fc61a343a3c2c631322e05856933d746f64b3e52c6b27683dfbe35a09191073b4059fbfb3cbd05cc7089ff99acb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d457f3eb76e271301720bdcea211e5ce

    SHA1

    3ee9b1a0f98d56dafee5d012de12f74ab43e1106

    SHA256

    ede247fddd92cd088262f626d54674fb2b53abfdb0fcaa7988fc4c1b1854d732

    SHA512

    f0b4d3c658014fd4c3cd6d0d06d08b0d98f63c4d28462e36ba12c333b7393f65daa05ca389cdac7ac9dc60d042d286c037161656e23e2e360841964607270789

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b97f696c89503c4c37bf2d7c35957b88

    SHA1

    e6a719dbf1564a7793630f124c77255245a38f37

    SHA256

    e60a316f3d9c24fdfa594adab9ed7b5bf96d97f7d9a393ceea76078dd53304a4

    SHA512

    53203c350db8489c6a1f16fb11a7936d8ac32178b586975e0d0990fa292dd477b804fdde1eff25edf453ae44c75dc0f8ffcec32f003bc84812cb5f9c816588ab

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    cf79db81100cec48cabd1ee1d007e3fe

    SHA1

    b4645797012f167dda277f91d7e64a54058acdc2

    SHA256

    17d0e82efec15d1e603f0597ba39b482bbf0eb1b9481a04f3b2ccff37d0c7435

    SHA512

    1b53bb767bd98348cecf66514513704e0508cd2215f296e36a6fab8edf8a788b5a76dca9a60e9d6bcce91dbc3b153c1281386635a9f0b44b9a54cd9bb878223f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    db7234c847e970c697a48d92b268dc1a

    SHA1

    c9106b1be26b3f43c307ed87ec00d1047ebe7a32

    SHA256

    039dd8ad44e710d8fdf5db2ca09b97b3f335b76599b0e467798eb07dcba1dd60

    SHA512

    8cfd0b3bd5e36622bf608b6fb05748b30791fc5ea2fedd31c0d80e65f064c40b98f3121d5e782246803035595763a8f07d584a26c20d8e411ff1c01dc9dc7f97

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3fdb072f4c727745e02432c66863dafd

    SHA1

    247c6a118fa924ff763287ded5bd976f08597bd7

    SHA256

    3306ec9cf42e60630ec0aaf62f4c72727fd2d2bb951cadc3a444d469a9ac4302

    SHA512

    b52be67c2c6a5237e12514d389a3782cbaad4fead2ec68bb550c81f6cab155779e5d22e4c0d65709d0a4da451f42d784fe8fed582b2c55075dd408da75e2cc9b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    6d29986b88740cf5c9b6f413ebef13dd

    SHA1

    3f0c9e382eb4c8bb0e04f933f6bf14a03c4d81c5

    SHA256

    0ba3bc72784cd1dd639962619fd162465be230fdf03d654eca3a7934858cf735

    SHA512

    e61986e1935d3da6b0235e1a78467c456139f1c77b3d8dc566c2405f59a52d1f4b5d0360b8a94020c7eaabcdb435c9cee9dcbd55a32561105669730259d3faea

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8bb2e93d6de609fb61d6b03ec427c29a

    SHA1

    a6d730c69afe0c6c8b15773893758cbf232de6cc

    SHA256

    57e732adf3c206c4b58e9d89c1f78d6e860fcae6dd06c146d5176522ab5aa75b

    SHA512

    c03d2365cf997a544e28c674936913187a25d258d61f13bf001670f3fdee47b53c92a961ab9d44112e32849cff98539b85a7378b01de6f3986c0b2e46a288677

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    05400850332c2d6a6fe97ebf489af886

    SHA1

    82499ad8f12f7f4273ae4e5e50ede76bcf4f8165

    SHA256

    3c61e18b4991c983c5490cd7b7e5c169c33900be46fa18ec936a517721e1a35c

    SHA512

    ebbf0d2032d628928b35f9fbf26ef9086cd1e2e5a9f76df14d7c350d0f3e929c7b25c944d287df2bc904aeb28dad1b5a82dd6cf5efc70c0c53e31e005b38bfb2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    055bd31dbfd42d40d1e978c549ac4c56

    SHA1

    4a2aecb6d89d9a05bd1753482a8d01d5e8f725ba

    SHA256

    a261c375ff31ad775478f42aa96fff8b3bfede479e72610457a271e7a7f817e7

    SHA512

    b42bd271b749735e9eb28004e644e848cb5dbeac802415081f2771d2ecd035b53fd732cee5e22246195fd8dacb0064c7d10729295dc46a4c0210fb6d18b2f952

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    957KB

    MD5

    129dfca94187120f825c592892e52f6c

    SHA1

    8dff7e86e0d128c2339f7dbdedab8f5609e34dab

    SHA256

    78f41d1ba212c04adfcf990c352036dc5f46a27779236b85d85c54b4398d6ce5

    SHA512

    b5db05cde57313476eaa21bd7876120db643d5866ab7c83d9b1c19a416c77e27451da318960a533a7874ac18128323e8b22bd8cb31d5be0de1c10319f32c0d82

  • F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe

    Filesize

    959KB

    MD5

    e3b1adb985d735d8ad0115a15e68cf77

    SHA1

    9de33da2c520daf65693e5c1cf550de43f2a7c5f

    SHA256

    01005ab1553c2a10d69aa7e11434dd244e228692a2697a8ff1efa8cff135c4bc

    SHA512

    8a9d36a4ce0126fb6839260dd8be4128d9ba76e763bdf1ea06daeaf5e10b9fc10febd2620f4bad3fa389d53a2042915abb0aee17f6a2ff0e1b8219ecbc5f298e

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    958KB

    MD5

    b6b8b4a3bc16c2f4b558ed1e4516c944

    SHA1

    9952e8cc06cc8509fa9b2b0d2708c46a7dcb5aa8

    SHA256

    8741ccbf5c4054699732d5414e86346a851aeecf954900a1c9bf614f11af4230

    SHA512

    0344cdf8cd666595a7fb16dee0bbf6dd80fd3e849d0bffaaa67b0ae43013598f920a1bd6916f05b56d07ab5a178c33606b488d03f91a3a611609bdf627a5d49b

  • memory/1392-119-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-113-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-133-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-71-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-183-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-79-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-143-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-173-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-1-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

  • memory/1392-0-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-50-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-91-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-153-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-60-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-103-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/1392-163-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-104-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-134-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-164-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-114-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-154-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-92-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-51-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-144-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-174-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-80-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-62-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-72-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-6-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

  • memory/4772-184-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-124-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4772-61-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB