Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 07:27

General

  • Target

    b7627865ebb11f7512bf13d1aa0deab6_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    b7627865ebb11f7512bf13d1aa0deab6

  • SHA1

    a7ed0db06d85193426dceb71ce7d38988f39420b

  • SHA256

    c68f09f188aeb65d6001571f7882009084ce27ef915b154f781635378b6d0b40

  • SHA512

    fb6d7553dd4a63eaaf3a4fe27f35f8207988b6c5ebdcaa6c8d0135139c3136306c2921d8e237ab0a0710d9d06a31b1880767e8af7ebc7fb401601f4ce5e3edf0

  • SSDEEP

    24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvU:oEs1hi

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7627865ebb11f7512bf13d1aa0deab6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b7627865ebb11f7512bf13d1aa0deab6_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:3520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe

    Filesize

    1.3MB

    MD5

    0ec4bccdec473c8268366b00f5100930

    SHA1

    404c55df892e8824398b40e296b1ee3ebad81a90

    SHA256

    74da8479b9893ca0c1700f50c07122a9a9c40773241e05a35081b144156b0f65

    SHA512

    f687894231545d97d06100b9823bd4875c7c3d377b7daae76cdd3cbc277e2cbd0f9141a34216f51e49b3536c8ac75874b1bfd768e20fa2e8c9a3bc1172bf7acc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    20bbf2d432ec1631efe337bce82e6963

    SHA1

    032402d486906fe57cc2c61b4a37b6fa82e99e9d

    SHA256

    a52aa45fdffd802282519c7b3f120d8bd455fa39b3bcff052a5f9319d3a0f741

    SHA512

    78b1920c097e78f4295d4c4962d0fbe6c844e8236c5c88fdecccd5f7081a5e35678112bfe39a97cd5f7af162185198af509bc06b97c7c8dfd88fe6458208f9af

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    35695ad7b6d6040b8362d6e7c09f3e8b

    SHA1

    14526d1254da8a32379373a27c9247ad9ff1f320

    SHA256

    1e2c9a67f513e63211085e9c0072bd21ac48d7509cb70b07d24e0abba5063a30

    SHA512

    46fabcd89d1e7adb5b9dd3bf435475920ef078c0efe7abd2f508318cb5e2e509e34f2433a5e0825138ed2db965fa19509d1c5d644a3f8ee9a57f8b312a9ec937

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2a7c8dcfe802e92f5cadbe7251d7e5da

    SHA1

    41bae94ee96de23ec824d5d2bb41469fb2d045c3

    SHA256

    477d956a5417610b1f0e5677ac29ac654dc6624c0ba7d4e541659e3064119d97

    SHA512

    dc39d9d97feddeb6cc26e91574143af6d8de4a145bce9137b5b44ff485d9ea35dc7351f5a078e18ff17b665da9aaf2589254ae465d6700170dbc6dc5916140f9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7258842efd2aaab24cfd3aacc5290a8e

    SHA1

    b7585dcbb3d331a76137ae8ccea60079484bc14f

    SHA256

    063b071f69a965796769008dc18c7db457b901adfeb20c01440c29c81074e6e0

    SHA512

    f70e551ca904aac42642bf761e790c8842a95674e334f02c003ef90015d00dc07f1e71db8b6519cca3530bbbf7e86825202751c0645c8a4988bd4b880c178d82

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    600fa82733989ed50c5c2180e267c457

    SHA1

    e4ebc6376b4364b86b8da1d3e486278f6568fd30

    SHA256

    0381814d09c96e0a7e812a1bda65d06ca91465a61ca7367611cbca149adff295

    SHA512

    72daffccbad25a2384ac0b5e75be064e42254226c9b404bc3e3140dcf878df3c8d8bcad14cf6a182a35568fe679418fc21a5cdb40ea6dd9a0b3f671d95a47138

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    935bfbf997e97b25572c31ba68f4c6a6

    SHA1

    9acc7996d15e63760a6ec82bcc4ab4ec21b7b634

    SHA256

    8ec87e98527a9c0be6fe1809290e858a5d4dcf26027cc19474888b2252f41256

    SHA512

    227183b9adb568ecde4c72ce49519af0dd979d8455c84cb61da11fcc510f24d48e603641fad39f66f8429088ffb67c5d8755a6b98e5dda50a4dae53bd2e937ef

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ad0d60274773bba5010f6ca817ae639a

    SHA1

    8d6c3175988241fbefea329881035d58b3837e0b

    SHA256

    c63aa2f9dd92253eda8cf8f9752d2187d061d2d995bb07c4b167a539d50a8a9d

    SHA512

    5ad1029add1a1b228873a403274fb4d372fd1be1e72ee4c154a844d124ea65753dad5a8aa7aeea51cbedd59521107020dba981cc379744262b4d28e5da42d362

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2cb1c006738be66c3f1ee28218ab28c4

    SHA1

    e589bf0da2237c24e5fec384cbe2f9d4f0e49e16

    SHA256

    91753391201caaec616836c2ced30eaa34018e58eaf136486f583a312f942509

    SHA512

    5ef135586fab368ed938c8488d8d1b820e06c5303845e94eb1591f42a7927ccbbc89b7470007d9adc806301788a34dd0a7c12129838f80e99843535a4e2a1ade

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4b657fe096f037efe52a9c9c930d77ee

    SHA1

    2ae74482680276d661b3110eaf861888eb49b890

    SHA256

    30db23032da9931959597971218dbbe4ccfb20bc2ce4c6c6757f06457304a9f1

    SHA512

    739be893190dd3ff079c89abbe4e8b8d82ae72872667eeb163762a484bfaac75366a60cb11d30a43e0323e8e318b839ad358ec9175ffdc3bfe8bddf992ff3278

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    34c009a70015924870a64a1bb807ebc2

    SHA1

    8cb8c5641d2569f69eac51044c786483e18f6595

    SHA256

    1aba5f4e544e067f1f88503c1d0bb9a7e6073116fc3195c1c20594edde549973

    SHA512

    f4bc427061c6b79d27dae74df471e1d6bfb278689c1aa548e80171d46309396a5d18541286fddf232a3d918e95b29676eb7ea0b2b4328c842af9f9a2f27af367

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    405fb780734959541c9c21302efa7709

    SHA1

    45bc1a2c6b8204f925cb22e4bcb1ad831e179994

    SHA256

    4317cf5d46d04ef8c5612b277af37182d0ef1c48516fb9f64d3cb6f9f0c55fa7

    SHA512

    e58f3b881a5b2222fb8de6c487be902cd4573e7ef71e35a31f84dc94a0e97fd0bc66a9ff0d5b7520af53a7ed858335b63c63de09969fd7ff86085be8668f0fcf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7ea8e5f556fce9fa0e0e19caf0e1d150

    SHA1

    6f38d00ecd403a15ee2472f7a4aa297a87f71f96

    SHA256

    cd5a83e58d58c8545551af0e4e173bfc54e990bc2a5b66874ee8cbe2c1c51aea

    SHA512

    a8dcc35ea9bef94cd86fda922a9b8594bcba00db2f5b06d7dac959d53e09f0d91ba7679991f10a00c8ee6679d94c5077e1fd55ccd878b431386d93e66010a438

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e745d709184df618a3120e525278451e

    SHA1

    6281b603826aa93ac73111a92783cedbd4f25b3b

    SHA256

    b28ebc172df33c2417808290bd1ae9c374845974e017f726b830e7f8aad717fb

    SHA512

    6a3b942b622b61ebb2d6dcee53de8b5acc1e691f0c9caa1b65dd34f04a0dabd6befd8d7645b69cabd109bf72d540e0d26986c89143b9085984671e25c728ca73

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    82a536c84270510a43d472f913d26091

    SHA1

    3d377eb4e0edb58859682b5934233ddd7e1d2e11

    SHA256

    df8f103c81f3dda735a9b01070476d976250eff8316e90605087a769cba9d21e

    SHA512

    75db43c5f38e8a26673954bb8745f5d4432cb9c15e2d06be774a230702c40d96368e594aa86eda2bef8b3d79ccfeeeb184ad0e27411d8b88915e66a0432aa14e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d1b1b263fb9a478b06034a49c681cb20

    SHA1

    09a8b98397d97a5ab11955e3a82e16bd1416bd5f

    SHA256

    665ecb22c90f1d6e7e4f6200ec9b52a4c5f58828908e4f9f73cd584a0ceda9dc

    SHA512

    28345604cb8ed47d066342e16c23b4ba319f43539fc5ad0f37af1fad9a790794031babf1ea87b9ae8fe659acea3bb459855912b98f61039d3f2a5442c2073c06

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9118d48f9fb826e6fdedc29603ed8c05

    SHA1

    a39b4ac39e348411b712822a42b32f54231c8679

    SHA256

    1b8eb59d7a152c0228826cde237ee55931e33a977365c065d0ea178ac4f22b98

    SHA512

    5e6d418e601f997a937c9a8bb897231a9a7cf6d2215cee82a9f64080cb4acabc8ae4765e8ad0feaeecb91e7f644d3d155c4839bde8d6584de89a99de366dfd09

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    94d46b46fdb919a7128ebbf7905e7ed8

    SHA1

    f69b24f096cf5237ecc9aaeeaf45f69de780a83d

    SHA256

    02a962d8d6d7f2ee867b0236f271c859c462e9909230cbca5e1e332f927df909

    SHA512

    7fa0fdf8fa275f9304c19df16df5b5af5c37e936a5cf589859c0bd3cd74461c7592050d1033980218380df7e817a29c0dc7141486bd0e9da4d99ca1c29f34778

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    178a65379902fb0225d50cf0c10b3261

    SHA1

    dde4562e02d4513acbab2efc15096a98d252c197

    SHA256

    e0c9d9314ad53e7867e9b996848c375d90f3d114e27ccbaea5000cc037d0b8e6

    SHA512

    60b6834d6c5c22dca5933ffeb0ea253a5c64f6395dcafd90221b034a0a4d1b5b8fb04e67ceafdd425e2c260b63d38aeee5c8e0dce8f95aa0e25e071952507208

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    301ffef52888a95e2b31bc5e4f89727b

    SHA1

    a50792ff6e46396efc7c886331b0690991c87b73

    SHA256

    46d6d5820af3ce7c4d63b48a67853b23435c79f056a76608fe99477a555f542f

    SHA512

    5adf08492b7b216de782f1f50fd85ca1dc282b083a69989d4a6ba50b976cdfd8b0cdd01b4f07bc1e8341ecec4882260a1152a6e2ae01dc3d56533d6ce49a2b03

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0443742acc16dac9c7349bf8286f26c2

    SHA1

    c1316508831718d5cc5a0d386fd915b3d7326a7d

    SHA256

    a8c030538fbada060499329f213605ed7ddc406a7be368019901426c30b45497

    SHA512

    8561a67d6c5473dd043629e39696df5e8dfe9d7ed4560b34ef205897bdc0ac9b4ec274790b16254f636d1aa98cc1c8277130c900b2359ec07b2b21286c5030d0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6d078663a42abf06933dc64b155e9481

    SHA1

    e7bc7760de9a105e2e5a11dc6d7630bd5b55bc85

    SHA256

    071d257f306dbf824a686ccf030a4a0611cfb0368871233fb78fafb9e132607a

    SHA512

    debeeb3add68636910e30807923de591ebb327754e83826c434116c940b937d269021eb3b4ef1b47ac4f3604c7c8f9e4b6581a9bbac037477baa378fcba7da95

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f9d26e5fc2a7f7721d64831c716ee5ba

    SHA1

    2c40b3f6004339b5990a15480b0556aac6f7db9a

    SHA256

    aa982f899d0e0127dc5edcbe8101d05acd29800c0142f601fcf84446a98f4474

    SHA512

    69fa093533a1ec069054caf1c3cfb3ea6f0554f5830349626cb3162511cd2fe449c3b5ef20c2fabad1b3dcca5623c2aa87b6b1ab6b865fcd30582bcc0c123cf8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    667bc537c239114a976c4812cd4d773c

    SHA1

    a006b6ccc691e70130c97a5b2c5624e794daf342

    SHA256

    863d69b0ed31fa798fa746ec32b2d2903593a211190e303be7e1e83ba389177b

    SHA512

    654e4c74675eb15a31c7108228462a414a67a57dad9637886a6624bbd33fd064d9191332ac34ce830ab296435b15118898dd6002da3390a870149bedfeedaa32

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0426d9a7243aac71b226e124e2c48947

    SHA1

    c9ef9744838301036e4958cdbcdb212818735415

    SHA256

    801fb9ad7e5738cd6913f9c23da11abb89e5bdef44e05cd993ab2e066489dc15

    SHA512

    9d0e7a33388a286b9a584235ccffeec40fff071cb5b4c15b61363fbefd422217f8bdc921b4f909c99d8d4c9c45a7e814d02ea96bcf20e1081f791ec53f8016cd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    fc873bf470238dc01f8e19eb2b870411

    SHA1

    ab2b2cd02b219d0dd5cb7cb8204d6a61def34427

    SHA256

    8dea8a5108f9f319c7f6369bf58172be42f24ce80c25a24f96101d7fcbac502d

    SHA512

    e43ab953cee3282ee37a8348931067dae94363d398e1ea51b184c109f6628483130bf830a1281208964e4b987ea3e5ab88f6d5a97582e072c5b974b9e1d5fba4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3bfe0610371197ff784561004934b638

    SHA1

    aec99387e2aa18c2dc2c99342e9fd25a813f2ef1

    SHA256

    5b0ab0afbbdc400f5d27ea8fa47972d9c2c2f7eda0ab13216fe3d3563c89893e

    SHA512

    ce7e1e7ad36a40e5fb5f96f4ca7cb79061189613aba0ee2ca6c64214c7cb7b47cbd0fb57a23bcf4a40b1b228f5633a5d9c4fa81e1b956037498c28a6a49c25cb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1b44b4f352823ed334fa657d3bf86b97

    SHA1

    16f230503da5d4d26002948489cd77a24be20256

    SHA256

    fe22c42c10ad8d6b82644ebdbe594be5fd09c953c2a6c9c4ce7c14e33d64e5e1

    SHA512

    3d812d22190ace351aeeab5c0cb3ac31e3bc456fd49b8a5ae98d21b3638eb9ae3264b4b4a3c0ad2c7823402a886af16170c12bef76f7a0bb3f3d58a4e43eb9c9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    08a6ec105f729cae75d990620af2d590

    SHA1

    c13c91037a33732ac039b15cd3cea8a6079b62c3

    SHA256

    5ccdeace754acbbae1fa356ced22e9fa3fbc869240fe150c63ef11cc5dd92d0e

    SHA512

    72a588d9a9cfdfca07a597a1852c499765f6bd5170a23ec5f8bb4bc6bb7c92be1474946a1a72394e1eb66af6c609eaa05ec6fa99100e2874093f1ea801223af5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d85a5140324f688922c823f15fcc916d

    SHA1

    961faa2f577bca554adf04371b44a5084bd9f612

    SHA256

    ea51a85f723f282bf4c09bbea89980216a8c39fc052d2dd8757e24e0a95bcad3

    SHA512

    17fd5bb5ccadbf38972b5905a2cfd9ab990354b653c8633e144f045908db32ec2fe964429fcb874e8253a33101040b9f280e497c6a325e184f36f2c876219d01

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3089c6709e8e863cfba4fb3600b1bced

    SHA1

    e5f46b020067cd868a74e3a1c6d9c71d161175fc

    SHA256

    e668e39c3fab8adf591036295946311aa4444bceb6c2c1eb8a65d4408713e128

    SHA512

    8e5448a8b0edafa27dc6fee01cba1d9f3ad0d573b89686b74cdf309e3542ee17b310824abfa22dd374804b13c1042836dfd88955ed9fd8579c66de58c4bce266

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    94bf917f5934ae7fdba49a695d9d991b

    SHA1

    89eec65f7749d7fa81799cdc7d667bbe5d44dedf

    SHA256

    fdd9b69f55853dc7acccd6edbfa763751e1f543b42bf3fa71f6ceb1569cc47be

    SHA512

    b179a49e1b8ef92d37cd2a692da5d12ec196dab7253203e018a351c106f8f8aec41e999e9868938d1db8bea702642b9bfdf968895758152327b6bd2735283a3c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0448ac184aba58be7670af01a72c1bad

    SHA1

    9e02bd35a5e21121e7abe345f9d8bab8577109a7

    SHA256

    02a34a53eae681df4b3aba769049a429172e7528ce4d0603f98ec65a5ff8d105

    SHA512

    4a799d2df8009b4ac1b5dd32a77b2ab0091c1e119fb896e4ed48e76f4506f9df18458def7dbb84d5f9e9e30bed25f107c1b04ce377c054d30f845dcd96d47eaf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    227979ba02c5314b7fe66cb1b0523382

    SHA1

    7e7e77c95b08a4cfefe0989adc4cca2d7486396a

    SHA256

    664c1f1ce1dc7d0ff265ac1238b5034294d564815b2e1f5ac4dfe5f98ddef9aa

    SHA512

    03af98a855182cfe9dcbcd68081faeab9f3a6f26efd6701c4995c1947c9ee9953ba8b68024154057522a4df7c551171a318dc26084b2d2e4422b4c78eb3ffc2f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    bd1479cbd85db15f8f37f169693f513d

    SHA1

    1d5278449220c2d8daa15b264549e5010ad2e065

    SHA256

    3e960a10fd85bfbe6059dda2c59ad520bf9b444a394d3eaeabe2c63c6d7e7dd6

    SHA512

    b566a87ff94cd025e5026c4cac415aea302375fd309ec21d07bf04abba95e0d5b2e3955bcb0fa629c0a2a02f17e599ff8f191417d8927b06de5c8896d4ef59ca

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1ce313dcb19b1afd903e85d685f1441c

    SHA1

    de0be9d316ed4e7496fb5ce37a525f29d2a1c87f

    SHA256

    58dd701615a618b0cb6f3df0dd077f3f7a1b941c409eb38b96239f891be3cef1

    SHA512

    1fe6e249e45a692c50d38bea5b295b09013b22a45cfaee1631c35e84f92daa9e954c527e9bb7f6f3fff13060811f26d56d9fd1c51b17754d2539213420dc9874

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e5f5cc0d5d4fee94f12efb3fa634a5d6

    SHA1

    1c427a2764380bc32b5b6a486f2931a718ba5360

    SHA256

    fa353f79e20bf35382542078faa5fbe997424a93a17b249a88336c5ce4e7128a

    SHA512

    92498a1bc50bf254fc707f8b3c2baee80ee0f0e53e73e9f5dbbaff0125e98c59eb4c350c91d0ea01f9e50fa7e9a8948e291a4a20ec4ffa719b2fe9df2d5d6c83

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    16efc8fd55e6645282ee2a29dc3f7203

    SHA1

    f25e996db344b9013068f68395593f34fbc0df76

    SHA256

    50a29e620fd89f5458b4db16d8f02af8ad7af3009d0de1042c28b9f23983b0f5

    SHA512

    6b3f2525d7fafd97dd36ab9cc5e3975e85f58dbe364cc54ab5f9224a1d6f560159b43328cbd7184ae981af1ea25adf599194f258e44ba9940edf0f708e6e3898

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a19f6dc279b178f36d695211d0b30587

    SHA1

    2842788a56577caf5d6950b0ed2c96c28df09a56

    SHA256

    8d70fafc755486067e282a08f8bb039334000b6af618a2e614dd776c01c2f50e

    SHA512

    5576a40994270534d62c4f6b805349bfae11579bc7c1087d222fce6b2b306f347c08d835ec2dc81edd931f6ff723a07328aa0c12418872210229f6c4b48ce424

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    fd8dc46ab2acd1304e10e8302df59d4e

    SHA1

    792bf88b00a36cd6b1283ea93536d90efa6c2e08

    SHA256

    e5bca495dbcc300f633d4c210fe21a2f48eadb1824230f3b56603d05fd9ef50f

    SHA512

    265a4d45124a39588dc8d7bd4775ccb901463ef53be585704b5547774f990c6aa08893edd7376a05a2eca66cf6c28ad13d8fcfe26f6d8df8f85b2ede0605b0a7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d3493b7199a6ad83c711d78f2b0ef290

    SHA1

    f6bdf4eba5707f2f0d084fee3d723eab238c2f05

    SHA256

    abfe6fdcc654c2ef9ff9878b883d39a25be867fa9a03221a68f6589cfd171542

    SHA512

    87637d7e269d6a61ade18c6455a67e96688b158afe10b1ab4d87a365d4224b0841d70f584da80dd38ddf2e0044551421a5fcd317031db63f204f82a0dfc262de

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1b4afc5f4bccac148f904f9ce23dc4cf

    SHA1

    3f782de92421e082940076dbf21d61d51803f1fb

    SHA256

    69eb787d6077303141438e242362549843e0d8c533688349fea5b5500ac4e003

    SHA512

    3bca80049cc674e8b4416f56598b1fe548325c345040237a202da9bdf5d06279c326640ce3e6889ff471fab57a9e68844b0be63ea43b3a6117da4e63a36cc18f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    08b845a31c9cdb81953645feb2256f8a

    SHA1

    1a97226fb49e5d58f3df769f0542f0920882aef8

    SHA256

    e76d15fcd6c058af72a611e9c8eac42d7321743b964ef7e6dd409673d3db73da

    SHA512

    7fddbb55d314d1bdf9ab76f7984b7bbb9af7e326f0b5fe97a2a2cd410cfc1ba0132fdd25c039d1249a93b93cd98a1b03dc3fe8f52d13f88e466035c2d29761b8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    546576f75a0b8ab5aad099d74c45f6b9

    SHA1

    aaf714154ef1d8390c4691899f7c5c9c2d023939

    SHA256

    4afc9c164bd53d43074748927abfb33227c60aa409b850fff7b3a801ed7abd2e

    SHA512

    2bd266c9158917d04992b3a8a7b9c87580aa9a0b3054c2e925f08b9826f8947de04e4d2bfa68db17198d42cf1882df93736fb6648f6562588d94e46f467d7025

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4ad522d40488b95be16f6a7c6185bd4f

    SHA1

    1c834118c1e544fa87bc27670b83a513c498e5bd

    SHA256

    a2321d4a2c3bf0b1754f37177ec2d9c14c48a2d7f67f6716ecc9619baad1b88a

    SHA512

    96d1b095033e022404a2f686347428c84c6f652dae4a3197aa4f02c1b6f5278863aec40a63f41a57d439abd7f8a21fdf6db6caa5b2f2dca8c8c2e9b4235a1ead

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    013fd072cddf71b626ee0e7dbaf00973

    SHA1

    728344f4cc8166a7d302a32e762bb2fe157d7d1e

    SHA256

    a376122d8632b6772a0ae0191a524845bfb495d4a76c98d200b21de249b2dd73

    SHA512

    2d701cc64353a093d8403b2edc6507738ceacbfc5e96275a17487d7a4708c51cd4c00fefc36865c4f6fc8a91986d1c48a31ba9d57fddb844a924c634363dc574

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    99209c0050017a6e117cd01df536f7eb

    SHA1

    7079e0f4562472f1ef314859894057c190d7b22b

    SHA256

    d3bdf82a024fdbaf85326b4f07c8414e9f6be947f3eaf7de71f1242f37b05a3e

    SHA512

    61207b2de59ee947f2555c2d0cfb39c774983a1653adf1c3cd217f26afbe07fcd9a6cfcdf485f9a1940c71d7b1d51150985d95a8d041a27d6afac1262ce58ec8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b4b69226ae3ed3a69edc74983afb25fb

    SHA1

    25c8ce21803f607fee8340eed1d8ed9971ad16c4

    SHA256

    8b683e4f76d9be538d59a18d6a0004f08de4d866defe69f09c7bfb8b5c52e002

    SHA512

    0233cc280a9fcb6a60c9018733bae4f10719ffc344a0303a0522b4691a414c9866e3a5ce7abaa2a85cf2b4cd8826ee90cdcf85f504642b8d2a1fe415aef93937

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c32bfe4a4311284b111c10b1ae4fdc4b

    SHA1

    f2e043a049deb19a45a332b654c1bf787e90c049

    SHA256

    d48ca5549c94fb0a9f780002ed91585da5b8ddf100a7bc483931ba1558d61089

    SHA512

    daeb10c71a5e556bbef756f5e05e32e03af9fa9db7130e4f31710f1c33e48bbe7df9d3c369f5a98454519d318fe5a6c0de10f2c07ddff0b09b81bbed854d5ed2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    da41c63a09b2abe7f27b5dcbc3528303

    SHA1

    314ccf324895533e08e4427e2419227f00d9555a

    SHA256

    c3ade84995db28164e21ec123f325b1aab187da893a5d2af3aee561a9fd22336

    SHA512

    6741a2eda478f44a75d332cb0bd8f6a6c0a40ed470dc0fa830e5816e903378e10ae40f71175bd1f1df72c0ebddcd330d598453fe09c877a8356d117aeaa43133

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9847ae91afee3ff80950f0cddd3d838b

    SHA1

    483552a275b74fbf637369c72012181078f99402

    SHA256

    274494ff9ad4ee3b6c611e3a74e56d9f4323b0d6b25e21ca265e20362a697f5f

    SHA512

    ff5770d97a3c4d45be009bdeaa92112df5d46848a5cdb3be1b999e115c0b1de0e7298eb40615926d2139cb9cb86bbb0989e888f4c599e677522d25f3c8fea0cd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3913f99b20587815669dcb5c8fac3cb5

    SHA1

    65aa9a130876b5093bfb5b62146112c989220592

    SHA256

    432f62c29446b2f3e719e62a888df722411e28d7aa24a41d248d7f8479204744

    SHA512

    caba269b3c215684cde3d998a2992a8b5c42beb37c9eddf1d79c38940b351dc970adad317d63664debef5340d0616c11bb56b2959f79a9d5f46c7f76d9fc742c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    553f231cac6a5be07817eaee05e66d16

    SHA1

    3ccf41abb301eb262814c33a8e50934f201a798e

    SHA256

    f004c3918f6711a3db0c5e0904f0765c2dc240716ca8da249eb483f287a86289

    SHA512

    649fabe6203d152c6ff7206b24215604e7e73f0b2e31fed5d8508e187e91717d12ed910fdca35d077d5c75c4ec9e18d6598266433d403113e110539ef8577fd1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e9e3a39acf29a5c1ddf9b309244c8c4f

    SHA1

    f9541f717947c57f549b8779e3d87d0c68e06191

    SHA256

    078092e7d2030f92d1b207ff54c080c62e799573d69a33bc35e81166ffea8da5

    SHA512

    38cdc75791d0b6b360426e5e68922c6bd986f7ff4be8f396d52b1a962e089983f62471e9699844bf8f37e4dd1260ed176ecf064ff8af8373d7718f5695f2ff4e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    346870607ffbc8fc2e369465898f6fd8

    SHA1

    14fdae6f5a83abcb403089fecd8f40e23932e11e

    SHA256

    e55a1fe94682b2cf0a8867b2c03a40b246f8bd360e6345853fb3a74fd07ba785

    SHA512

    ca36248a9da3d5e624b508d633e8a041f45997cdd034c20c6bfcff1989282fbd0d594e25ef5d833828657a961fe38b6f38fe9d3d46529a902985fcad64d2615e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6d62b7f92b4b2e8fe28ff09cf0a73573

    SHA1

    47c28425c6b099491830a6a2ee17423799d9f6c3

    SHA256

    ce2bf7a186ab69c9ba559cabb88dc27ccccdb8a81c8bed99b46c8d82eea0eaf5

    SHA512

    a07ccee18595d442e95c1f72ef84391f8a2d2b00aa28dc048a2ee7f9adbf02f1b463428b1d137e7f97c11935ae0a1935ea7b6f71e688c7fe121d6f03112bef1a

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    1.3MB

    MD5

    dc07e9ab8f299d656ccb86184b1acfb5

    SHA1

    32c24fb13f1e60d6d2a60fb19fb1ff9477244040

    SHA256

    c16108b15e11821eafdaedfd28c9d5f3f612b656e0a1b9e2e3b10c4f5932a6a3

    SHA512

    4d74294f50a378641e8e8e50413eacb3b54123838be2f4283c91f5db15c1d899fe1899c7afed1c1d8cb6c9cb332bb92dc3b42fd2bfac362b6692bac11181d0e4

  • F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe

    Filesize

    1.3MB

    MD5

    6b7fe1d98979aab8fea6df118b1c9d60

    SHA1

    c7aaa13ef5d4e304876da536df1198a9c6beee37

    SHA256

    bad3d23d84bd7f20e5562a0f1b0ed6730cc970e896f18ab16ef74878fd68a6ee

    SHA512

    e93419dc614bb8972d822de39b5b1e91e5336494dbcaa46fd770e774b1757732ce889158b43c9e0b158bbcb14829d88cb5af1af125685366d3f90868efe5b58c

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    1.3MB

    MD5

    b7627865ebb11f7512bf13d1aa0deab6

    SHA1

    a7ed0db06d85193426dceb71ce7d38988f39420b

    SHA256

    c68f09f188aeb65d6001571f7882009084ce27ef915b154f781635378b6d0b40

    SHA512

    fb6d7553dd4a63eaaf3a4fe27f35f8207988b6c5ebdcaa6c8d0135139c3136306c2921d8e237ab0a0710d9d06a31b1880767e8af7ebc7fb401601f4ce5e3edf0

  • memory/3520-6-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

    Filesize

    4KB

  • memory/3520-176-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-62-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-63-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-64-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

    Filesize

    4KB

  • memory/3520-126-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-186-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-146-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-94-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-106-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-136-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-51-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-156-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-74-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-166-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-82-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/3520-116-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-50-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-56-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

    Filesize

    4KB

  • memory/4016-81-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-115-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-0-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-155-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-73-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-105-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-121-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-165-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-175-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-61-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-1-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

    Filesize

    4KB

  • memory/4016-185-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-145-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-93-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

  • memory/4016-135-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB