Analysis

  • max time kernel
    145s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 06:32

General

  • Target

    b7375630562dd579a90c2ca6ea03be9a_JaffaCakes118.exe

  • Size

    920KB

  • MD5

    b7375630562dd579a90c2ca6ea03be9a

  • SHA1

    50519b84f1480c45acd4a7678a330300f8c8c874

  • SHA256

    cbd66f0dc71d341a26f907f13876c6d58fa4c8ea027ac94ac36e386b92230ea0

  • SHA512

    b0bece7b89e5912382140dd811385d3d63f8d7bace722918328eead5ef93b00719e543a798785b05808cd1d5463f4d1c353523493f021107babcaef9d0f872a2

  • SSDEEP

    24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvp:BEs1lP

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7375630562dd579a90c2ca6ea03be9a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b7375630562dd579a90c2ca6ea03be9a_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:32

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe

    Filesize

    921KB

    MD5

    d951c69a4c8e10b76a859dffbb6cdf53

    SHA1

    63f6f760f5f2388825c08293a5dfde86b5c686c8

    SHA256

    ac6f9ecfbbaa50efc65bf5a312d49cfac6c76e46c86a4a406f3e83707ee3873d

    SHA512

    6303c42f6b724f5ef5c35e9214ca4c9abe0199a912a4f40cd8281d5fc77d305123e867e4eeedb78261a0ec9694ec2c726b328606a2fa1d3edea767e3e75e2989

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7f8d800cf9522d2b8dfaf6950e557d9e

    SHA1

    53d812c49fcfc53ff99db7363e3a4c9f9f43422a

    SHA256

    8d230fced62b7beebd7f01b0c7d150cf8df7e50d4952ea95f605359ee64c0020

    SHA512

    77a9403bf89a05c3fcb988693a9b56e28e978b3ae80a8fc3710ee3b8248dc02f39b469ecb746e3254044927dd4f5deb4fff0e0526386b02b6c8c4cbd2b29b4aa

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d32175ea69351e86235a2741cec08fa4

    SHA1

    5e1dd61e6d7421b6a8196dea3d74f3c1fcca7249

    SHA256

    972834244ef5d3370bfcc88939626b5d2eee40a9c2c7b50e72b5670434e93c40

    SHA512

    d368b5eb1d448d09102dddc2f72a18f6dd7a2fdc7a138e6f682a4bd9f2330d150bcac16f65a51beb0af40f2504a0862f0d51f27107d7a8df01f6c127dbf224d5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4de2bb2bb30406f603ac636ea1497ff5

    SHA1

    a57a7bdb1d76986d6967ace7921b2ebbe2bb25db

    SHA256

    f9f4decae8fc34aa9ccf1f40bbcb168162c4458991abcf6922acb6b3c7439196

    SHA512

    b798e1c73ad359ea503634a410983d01e7ebd992412a0b6395f6e4e0e69af59800e445581ffcdcf8208a559eb4e5de1bfa942fe44d733ecbe14a39dc6d6b1add

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c483dc5d7402a623fad02bfac7ef2752

    SHA1

    59ad184b130b006c45c788685cd177a124c039b3

    SHA256

    fd3628aa9b0bcc483f47f90082b46cf9e18f70cef57f1d13317a1b49dc651251

    SHA512

    0cbee9365d93a433fc3bd4c9c9988c754ce15b9b039fd79bb5f69c6e30a41f60b6dba41c25b9dd027b20a52409ab7e2cef48719f8304c5c78020ed8ead304101

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7882642fd3dc15c49774ae7662fa1ae0

    SHA1

    a1fcbf27c8979bb12389d63abd7676ea787a29e0

    SHA256

    8ae34af17818b1b3a9110d5a052dc777abe732fd2cb4920480e8cdd7f9044993

    SHA512

    9c86e134368f5d3c20118bcf5c13081bcbfdfcb87b11d7f33e798fbfa0a0f92616019e58214a2e90e3906fd1f49ed1acbd8de44445ec047785a9153f35a458cc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5c06e399c06bebada095165d29e5812f

    SHA1

    c3d1e2e876b164ba350beff72f869ee9b6c96fcb

    SHA256

    aca979331219db0f509eff33bd4c49016a8d617fbe638c07af5264bb49627402

    SHA512

    e7d9e47a110fa64696ff70e13dc87008ecfee93842a7b6165a6491db62ce88d87edabfde48aafa56a23327d695b34e5f0eb1e45ba90432729c14175a636bd47c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3ff672234ce81ebd6e83c6b65936cab9

    SHA1

    4d82568d955f730d2e432ea78af9ff8dc31b6605

    SHA256

    a53ff741f5acb0992d0708d037f3078808247afd8c3c35015b8897e0c062370f

    SHA512

    d7f16e5cd2d5466884f880ee8c19b8df8bb916b00fae936aa22e076b7259450bffe8e111f147fda6d25e6ec9ab6b5bb766b01db62b74e43873e010eccba86ae6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    792c7be0c2f836c21027dd2b83a7540d

    SHA1

    3c38c37e37b398becaa9ad9e48ca2a07b3745229

    SHA256

    9123e28500bf3f1484add2d8151ce91b57cf832fba2bda049d4f16c41c8a4851

    SHA512

    adbcf4c12957c276dc2a13968590149ed8994fbebbc432c735d92c75c4f1e64aedaa9878c3cbaf732f6600ff2c1983ce002802577724b9d1471c9872af4bf96b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1c8342cc218ac5721a92a879c1231400

    SHA1

    f77edb43b1ea6e5af7762c5845b7861807d9af9f

    SHA256

    ab39c71107b5bf03846e52c6c7d864b304b598f904b2a8f286f9f9ebb95db6b3

    SHA512

    3350f88bda58dc302a8dfbc2c1a4ea25fcdcd6e93bb0e279a1758f35105984a58062e402ed846661ecdede7a9edb9c3c580540605a6d47e3deef4a818ca8c7e7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b75adf8c13ef663fb2a0b6dcfa5d25a6

    SHA1

    b1ec40f6603320766855f1c9bd8a5a9e368f5bfa

    SHA256

    6590f6ae31dfd865eae03c9d5c1cc8368fbae1b398ddd69a041db28aad54a38a

    SHA512

    0d4264b6359eb9587ca729edbfb807bc39ccda82596fe2a26d215d9299bbe8b56d6835d45ae8cfc3ce907073b01bba29c5689d3679476fb133a76d34d2b98801

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7fa6a450e94ba7b5ea3cfb4f8249f522

    SHA1

    3787d7b62cd2e5ac91d9316ccf554c04550c45a7

    SHA256

    cdf37f9e7b4b6e3aef1f9b07b7a3a8cb5a35c8c11a71edc86df1e2ce2699889c

    SHA512

    5ab60a9789955c2c4e6b6b3a16a8368840e4dc15745d8cf2efb674542a4ccb662a8f827bb216d5bac06eacc6b1f78dea8756cf69ed4dd4c5c89e1be5b1602589

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e47d749008552e341b9cca0c1f8cdb96

    SHA1

    e1a80dc43c4dd4ad6c3a1f55b6517c375583599a

    SHA256

    8bece23d1746cbea14da7be5c88b0bf6db9381c149782fd2bf973391a3f4e42c

    SHA512

    2793e9ba2c46158d397b30536a7c9eb9f6bd3a21c965f987e48f23e4cc8060d709efbafe2d8ff68cee4444f8addbf065f50930f308dffdcb401cfce263227cfd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e48c5e5b020bb83424c87ea9053525ce

    SHA1

    eae76366e92ead44704093cfbf71d277cd2d478e

    SHA256

    5616c5e4b62ef249a99828f7baef64056ca8d9ebdc8d93947cda370edc1259d2

    SHA512

    3565d41185b938b72315bc416acdaab3a00ca68afca1eb8ee31c12bc02a673b248165fcdfbd29ed344c7436b384d5ba4db54456591601ece1a4c32b50b1b6425

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3d35748a83dc05c8eee0599fd59e888d

    SHA1

    8fdef87fdbf0ef4c09b5bb63b228ed6cd6340ce1

    SHA256

    da87fe3084d25501a9b30a7dd751d817773236ea02508590d370ad0fc3bb61fb

    SHA512

    f53b2b590ebc3eb00c175a4e01827f1394aaf7d5b4be8a0190d05728b782ba8d940ce303aa2aba2895f21a6f5635db9169506bb6dc9fbf15a612476c0802455e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    aa9273c924948880d3870079ad340806

    SHA1

    103efaadbef81bece0cd04a07d2fead049c69180

    SHA256

    325e46fc7dca7727cf958cdace6970a8d86db5815dac583d082de137e4ee2396

    SHA512

    eb0818becdd4937bb5553985abc04fc625a1122c570bd1f1d1d44100c7c48245dc402c6454295713701767240c81e5eb3e792448e6756795ae6078ee1fd76ff8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4c05a74f28f209e053c5fde135f48012

    SHA1

    c05778c8dfd87c50af5b3ae282a6a0a8742897b1

    SHA256

    4f9c4dc9fab1be9f1e859928f61ba87c9c5fba17e3d738bff7013f3771707834

    SHA512

    138df322154c46d556de397910918964ef8303dac9b33b068691a60520490cec6b564c617946d85324e6e93fe4e5362ff848bf491e381f2bd7c0404e82210758

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    12e88acb86c6d960ed1bfd3ea37cd579

    SHA1

    b5ae7e3c47f56e3c5aa2a31fa30968faea03cfe0

    SHA256

    840dff0159a2c2e8fe4f6db3aa80a7576fdb858a4240d010e31422e63bcaab7a

    SHA512

    48ca59b4738465bfbe40d7791484c8952f1f10b066d084a03d8a878da461c9a13170222396a18ebe07204130603971e9463a823bd450dd7c6eda39eda5d14569

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0942440ef0680f6933d3db01d06776ab

    SHA1

    1df6fd4913125eb4e84eb64ac3559f61ad54f363

    SHA256

    edaa2c3375cf7e72f9da45114d827a9f7efe344b25002b20ec80fa1d6d7db32e

    SHA512

    03fd0cf4bbe305a6d4783587d42c7d97602c4911e9eefcdc285c374707c6e2a8ae209970059a4e89c182444d8210c06a3c9a4c2c577da8b6e85d7f022c46f93c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ab18c9b75ee36a41ff07340ef4193292

    SHA1

    490fac6924778293d1f05b7e726024fde2bb188a

    SHA256

    0fefdff4ed07f6132c8d2d2cb031c846d25f43c6efecca02dc541afb5198d635

    SHA512

    00ddf84425cdbf6ce071735009c2ac402c636a63c7816a437b20db9ff5746d778ca2567e745b417fa90690465e38beba21b08dbbbe1bf211765f879f2ca70383

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    6185f759a15a220d6ab7fc5dd792b3da

    SHA1

    375987f28a754689dba06fa6a880766b53b883cf

    SHA256

    22f13f0eb49dffb9e9f0533c2567200020a97f7d8798ee7cbe66c8506d60bde1

    SHA512

    9922dbea842a1c44ed55541acf460896f64ecec5fa8f87eb3bd096f2356c3b67ac081881c9ec3cf885800af1efa12a92fa091f7dedb348b847e9ceede046ab64

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    102752dd67ef5f7ffdc7fc7ac096742f

    SHA1

    ac8437b0e83bdfd528159b87d3939bc01550c234

    SHA256

    23912021b5edd43f4385d77d3b882df6cae59c9791fa6ef559c872056306cca3

    SHA512

    d187da06fa139973e2ac3466e02c027bfb82a8e3cf7e95be27e6a742160d3616e47a0f98b25b99e511d6713743a2439bcfd6ffdca35d440d4134da438975ebb5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b3843bd4f8e02e660a43f98385635e7e

    SHA1

    614e81db57997c6f5f59f9d75badb13c3f2bf1c7

    SHA256

    048a63467ddfa16496ee2a690a445c5ad80f34199b71fcb1ad560792f4006703

    SHA512

    49895478eb7b88543c7a29b01bd7ae1bc9e3ab8e510e8b3ff2768223805afd97a20e21fa1f08b21c13ef58c8deee9b4550f0935826da90b6ad8f3c943a2071ac

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f79baeaf8bcd6ce444d4428c5a6e2975

    SHA1

    c597f2b0c5e2056a4fec1f8fe6a92bcaa5fc870c

    SHA256

    c18a9b7b0b100aa9bfdd0079acb84309f4ee2bf53a5924da01582a664b259f9a

    SHA512

    e3efce0ffb12d8bd9168d5f77159f9a9b4648a90c51f51904811fcb074f54e8915c60abacd9d1d30b2398ced6273bcaf17b521b1c344c12b9ae4ff530a400dc4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    73ff03856f4fba08d5cd304d503fe1a3

    SHA1

    1eb9455ac0ba253af929841b7a969b5f4b30e982

    SHA256

    9182e11e3824d96b7cc75547421bb79d244477cab81cd242f298dc1a7de070b9

    SHA512

    57f378d4700b4b3c91502338add6710141c9bbe66c115632ca26d78fb5372e225c32aa18f33603379eccbfa10af8669ecec02c0e66fa8501027a038839b1fed5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    534e027b7d6889a99bf5e96b0baa99f0

    SHA1

    1bdba459367ee5834c697376a20853f6f91d0384

    SHA256

    ab7170de353111c333fc76b8fca6518d390509694e3858273962fac06c98229b

    SHA512

    f9da3d3c2370321f58d2253d98e21051b948b9631287d995b5c3e207e79d3a12e14e9bb4f73dafc1e2e631ca978e1b8a46b09ffd0e6760b67d70f5b1eab39cdc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2a3485244420b1f4de2b51d1d068ec43

    SHA1

    c5541531bdc2a5932490ad49d69c30492853145c

    SHA256

    160e84f910ba0f0bc3478733d6eaae5b256749925ceac778c0719e9517238617

    SHA512

    747f94ce0261e4a30a4b05da944194f5740354ca9d8c1a5cc7208c6baeab521fca54a5263e16850f0afa30195bbe5396548d250662e943285e10cf309350a2ce

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5a4e4fa029f8adf1ccf19264937cf6f6

    SHA1

    adb4ba90622c8001995e669bfc7494e2a9705bd9

    SHA256

    3e365e8e1114553b2fc2cd45b4cbce35d03c45d1df076760b37c79fc469836c7

    SHA512

    72c6a6bd3eec104f1c68096dd1e74893b7c98a14a4c10d39289348b38a48a129a7f950f16f8ed4ecc22c1ecedde7dba44291dc852d80b33023d6641231d3c7f0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    384494a888689581e86515a5e6f7ffc8

    SHA1

    bdf8c2962e57285a96e3a5a1a0a738a048c166dd

    SHA256

    2d449a97d65ff0eaef1ee76c195efbfd56741d0f54d90f31a66906a55da26dd9

    SHA512

    d1de584dcde3b0d175e6861555cd7bc4a729f5b6f22da1ae339209c4c39127166b0930b09ecaa042a21644cf101741bc667cb59e1c9a0df33a02e6b593eb43c0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e9516ca0cb9bf39f4b53aeba27d912ec

    SHA1

    2e27d8d592143a4ea24dde872c3248cd1b2d3240

    SHA256

    b9701d635d6be4ec37f336d109d31244f83fdd3b7546578e6cc8b50b4b3bf2dd

    SHA512

    4c5efeadefc0a1bd2f63dc2f3420baf5e2db9fad19943e34bf8981260d8fc540be547162e4882ae820c77f96a8e5b292c1ac9b5a3d065cd3b7c6ca244deae697

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0fbc177e5463237edf112f1e382be6c3

    SHA1

    be7e6caecdc50732ce72d236e876e06693ba2f4b

    SHA256

    6aed147d77769f8cedc6491adcf025d1b40d6452250884645a7e2d45422cfec0

    SHA512

    c85ffea4a79380cdc9e615c553f0aab2e5d78ca0b3f75eeae2c7dbba24b6d4036efaa52123c1b33335abc745b89ab30a864e28359fa9bcb4a694a84e69d8bce8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    172eaf1d1e4509ccb8dcc06cf7f25c8e

    SHA1

    989ff1023ad05242750feda20e39f3e3984bdf31

    SHA256

    493390de5ca7ae948b51d545acfec6b30c90e3870b11b954acf24af014c8536e

    SHA512

    ed35b1144b5ddd1ebf6fe3fade8f85a6615a1a88e3fbec4bb3380ce21989e7ad6389b66b588de8952f0691a572429d0e16423a7ebd89af2e40fb915a09119cdb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    439670d39f090e88ae759651ce5e6af1

    SHA1

    ec119f4bc1a5313a6b07a5665e3f07224fc55205

    SHA256

    52aa4f34d8d39458df708c61db607dba5e79ded8a9d732f21c725609244a4f8c

    SHA512

    6134fc65b581f1a1d480a86038aca4263aa57bf79f4f706e79468c7ebc238f258daf8706a129775ee651410869ac0dcb2f4ae95d8e371b1c2af41c6e2a6b5296

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2e615373156a4f20bdda27f78966689a

    SHA1

    5d689b7e134b3d635d726a196babb199a8d4b839

    SHA256

    76bea8c0766dabceac4f7d4aa4b723929d1ae47c62e8e7ffd824d8eb7f3330e8

    SHA512

    50a626df93204672c179b89248a4a4deb2ce78aa6f319896d4d79c31dc36675e7806488323368c289c59779aa3d9ce65da3fb32507efa87dc1a229427b7d496a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e4135e46790f8b8d7e581ef860c67a1b

    SHA1

    cbbf248a9ff61f1ea682d167e2b8a16b337e93c8

    SHA256

    6c3dd2f36b584caf27f975881d6ae883357d1f0fd4d873497daec5ef639bb9cf

    SHA512

    fe779e8e1d7abdad7bc15d35d927fcc843f9257878c17695db16f3c5d8c3766aefc03d39c17614152548ce426d09d7b59031a42067d90f219e609e2ace40b3db

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    80b03cdf8d63066edc11a0b9e21699f6

    SHA1

    4cc335c303c0d4a0c6c41d483dad3098c60d9364

    SHA256

    e44c5782e1ba52a3a6f1f20fa0fdc377af7304f53c13bc3a469375741ceae504

    SHA512

    1579f375f256047abe7e7cf1d436c24fe7169f26ce77a8a2944fa9ffd009a608360417d43113351749758efd2ed4056211a0764108c77495d640f6b30320b074

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    289b48ec7aef0668c8ce94e79bd35594

    SHA1

    69488ba4f6b573ff4e90f7f1f44a8bf92e368bc7

    SHA256

    b9ed7f54bc3709813c64a6145164bf0b8f46d7f3f40914c2f958002e3c17f9e7

    SHA512

    89cb656b46e26bf42c16ed9f52cbfd423f944ec42356f2722c6eb4269e44fd0d96309d23b9d03c36ec5dd27c4b2fd055aca816c0aa151432238201b10f669236

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4af4d5342572a6186cd470fd176e8b86

    SHA1

    43305705e04557b8597409b2ad44763b421275a9

    SHA256

    9a59ec18996532f983e6f312e7caf3361bb3333dcdb80d82e39225093120ef45

    SHA512

    a4235dc888f15e2d4e3b809f9f023139249e769826afbf3016b393e62619ff871bf8b27cdd981c593d2511be44bacfc4e96130511660493f8d46d4648e5dc10b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3ce887fdd1ed7375fdbcd5496cdea117

    SHA1

    5e62d6a013c35febf306a82837d38336877c6454

    SHA256

    5d3ac24087db28edba8285a716d8c0007bb73297a92638971754e5adccdbd26e

    SHA512

    d43c7f6f52245b47546ab68039745702b21e6e8c9e5e758c6d72b0bf7dc81fedc668022236e90b2aa711fb8823f718aa802fd3450e50dc9e00851c30d073da2a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a9395ca4ad8b2373f96958dde887ab52

    SHA1

    87ccd26bbee4abaabd3cdaf3eeda59118aacbf82

    SHA256

    ccaf7f32b66a295734edfaba786091aa0a9c6cea63ab318a26d69c57ab652c00

    SHA512

    1077cc7cae66234684bdc5a288049230d02ba81afbae93a48658498203f592229676ff49f393a9c0314d16b1051656308b52b43b09759500ce2caa46621b5840

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d4adb4895b783a95f94a27302208abd9

    SHA1

    c9cb5364d1b07f4600ce746e487827b09b5c1810

    SHA256

    bef4031a25dc98137442b902a843f98127fd4ec237859ad69e38add4154525ff

    SHA512

    add4dac9294547845aee50493ed98711a692b1382010a8a31d8402e76cda20f55c0735885bfc6c028c40eba0fe0518d9f2870c047fff377ea5c2977b021b709c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    675471a3587e170574f6d70702ebe071

    SHA1

    d994a68a6daa1898a89f81c25b247bb6ba250caf

    SHA256

    dcb4ca081a979abf059192dd84d394a8b886d0f625557d9c92b04a2567ec4023

    SHA512

    3e2d69a4e77c1e16e2625b5156a99090314be26d316bbaac10fa2a4caa600fed1d3e19fe1f846a64c3ae423819ae7c5cbbba8308ca6d434253185fafa339cfd5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    6b1b930773b25f3db5cad359924e0e67

    SHA1

    88d49c96348b86c29c3821128fd07daf907c02cd

    SHA256

    ec8c7ff56526c55068de1e0c80be399b5f114c5df0247bdbe604e897aad6d789

    SHA512

    5f0108cd8b1e50d36c2a2b2c243e6d900eb53c349e3d40c63b09eef9719a47744640152cfdabd52823a43bcd98578a6d77403fc81a2d0b203e933ee386956fa5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c2425a716727129fe916c8e017d5fc44

    SHA1

    24dd37b551703e1c6aad5386700d87f30fc3ce87

    SHA256

    3ab08065a5648201c3bf8be1edaa2bc01c49629e5b8726dd20d61f973032b827

    SHA512

    ce90db6611969e9b8b71f685738456fac2189e289df369c15ad390ac3e2948d8865df8649fcfaba9907263655442685188fb6a6d10410ced5d49321894e25ad2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2cc046895c81ef4795181b7dad1a7007

    SHA1

    3f3faf2f0d72c566940d4e4de09327811e4f33d3

    SHA256

    769fa7a42065ee87d27be2d5f198df1bdd0fdd9beeb121cc7b0d8a7b9771f1b7

    SHA512

    244774a91f19f32ac555f0ffca53cd93c7bc53c8683f79faaa1fe5be8936fa88858d5eed32bcf9655d2b2904511d2e5ff5069fdd9a91c90632dfa41d8e1c6c88

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    af2e95920347af85ca2535bc6e2273ec

    SHA1

    f0eb75ffd8379f8ab1b5f3391951e0b30de58579

    SHA256

    90bd093779e2b038ec1a490789fc5c0a6068749af308af7661c3af7b13d4c833

    SHA512

    0282499946bb7fceabf024e4a26acc6f7dd9c616d270c6f3c52008fca6dc81fbbbacb6be89f33149bb429159976790942ac13b5b627b1c22b28bb505d5bf64ac

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5c515455c6c19b340d92d55ec50be057

    SHA1

    97bdaf65eb8a656a9f13c647b968fc0041291d26

    SHA256

    e8f5f6d67940ad4c77e8fb5bca23da8f6ce77ac969ee39ad28e4f5437e595c13

    SHA512

    95e790c156c1bd433c2f1d0bd53c7331d53c003602611f5bd00c1d52010c83fbbe5d26cb20f66ff5a43aadeaa1618341e6c2d9f785dd89ae0a8560c07be90458

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    545279dd33528191ffef62d7ad93b343

    SHA1

    566cf7ca60e64c7f969c0ee234d20a205a078f6f

    SHA256

    9ed3dfd938075db4e16855ab792efc1ea3786fd9068577816a0d7bac7811ba15

    SHA512

    4dab4f6472db90b2477c5f4decd45e1cd7495bcef1a146128244f10243156e2111386a31a7ab63d7b73b9eb967a002f13a371e2b539b62751861a2d954780a30

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9675800585c3676711fb9352a1cfc917

    SHA1

    0e60521a556a83ddc72f62bbb234267fd8f0a7f7

    SHA256

    2ef4aed16a83dfa223b46371000ae79d94897ffa4d4022e38b0749e5b11976bd

    SHA512

    cf29e64592a578a5337b7113e7c18a3bdcb94850a2bcda8fb3d2e1ee766ed05215807284aab6cb44d851a7882ee99ac68b1bf4662d5b325272940ed7d4d486af

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    082877c68f3babd31458a9fe029d946b

    SHA1

    47013ffbedf72eb8b5ba2a52aaaf337ca8a589b6

    SHA256

    b33465a6a92d07325d23af0481cc1c59e7035630b7dfc55e6b27dfea0918e51d

    SHA512

    e544281426a692d902abb13a3f15c4298416abb3858837b2f39f4c35f9d58c41d85bfa4ea90e2158f06e3e579e705e55c467bb369bfd9c95c8e7f8a55109253f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    1de74afa3737783fb057ba87cab8aae9

    SHA1

    4b72f9e7fb1e01c43f22f6bb34af2b37d2e6f653

    SHA256

    1f96c5fa52e7750ecc46264f582a2e1c79619332d519efaa0f30b61e906cbfa2

    SHA512

    21b35996be667fd7aa8ada387f862873885f73e552a69c598d495c84c94cdf0530d7a7e5a1698536c3e3d5edbbd3ad576ed5a66465c619a0863d5f04cf41fc39

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    877KB

    MD5

    58cab97dd444edeb9b74b345bae4913b

    SHA1

    ffb6d71f4c1a368b2b8b1d7ba0ac7e4845857960

    SHA256

    f0f5c84912fbd1277d4580ad2986a9309a3cbcc1ae38af8583612cec16bdcaa3

    SHA512

    6306bbcb50ef693cd139725d21fa94d6998a2bebb111b7701c4937b5a3f048314f9de243537d21ec840589eeb2dc85517c7a3a6c1b4121b101ee74634332123d

  • F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe

    Filesize

    921KB

    MD5

    988f25d94e9f210dc9483bb5074fc225

    SHA1

    df7da4f0e273fe023cc6ed7d36d27c47cc6ba329

    SHA256

    50f11753b44561ccfed5aaa5bacfa392ca1289b51b1a4d68e0c2a250660a538a

    SHA512

    1b206ef2d804f3bd104e6bebd42f410a4577de73bbcd7a041ef62b24bde6961d945707094b8589203c09f45011e43587b58f5cce05ca6fe9920ca488786aaf39

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    920KB

    MD5

    b7375630562dd579a90c2ca6ea03be9a

    SHA1

    50519b84f1480c45acd4a7678a330300f8c8c874

    SHA256

    cbd66f0dc71d341a26f907f13876c6d58fa4c8ea027ac94ac36e386b92230ea0

    SHA512

    b0bece7b89e5912382140dd811385d3d63f8d7bace722918328eead5ef93b00719e543a798785b05808cd1d5463f4d1c353523493f021107babcaef9d0f872a2

  • memory/32-7-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

  • memory/32-61-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/32-6-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2144-0-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2144-55-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/2144-56-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

  • memory/2144-1-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB