Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 02:51

General

  • Target

    4b1b48638ef3cbc9331c46e3b4e401f9_JaffaCakes118.exe

  • Size

    9.1MB

  • MD5

    4b1b48638ef3cbc9331c46e3b4e401f9

  • SHA1

    006162b01055eec1a290b17e15da5849373ffea0

  • SHA256

    c93330b32987c7050b4755fd051910c9394e1d26e7be43554b2628823753e630

  • SHA512

    2c5cc5c3ef26486bfff200fffbbe5d67bba7ad819c823c1d922ee18ea3d733cabb7248565b4c3cc76e806e67cb421e5cb03b90c1b79d11a67dc1ab910bc3eace

  • SSDEEP

    12288:zMMpXKb0hNGh1kG0HWNAuCsltHlYz5c/tj8sWn85bM3npxYfj63hgD1Zi:zMMpXS0hN0V0HDIHytjsWb3npi63i

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b1b48638ef3cbc9331c46e3b4e401f9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4b1b48638ef3cbc9331c46e3b4e401f9_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.exe

    Filesize

    9.1MB

    MD5

    f4944f836d070b804cf24a4e4cee2784

    SHA1

    43995780e27ed3581b62120bee582263c982144f

    SHA256

    353b01909cbc3ead6910d619036140cc8406c97ebfaa75634a3a5664912206ed

    SHA512

    96a8b2dd0e03279747afe07f81955f747b90bbcd1e1a5584e858efb8e84fcf6e3251fb161f16df9bda44e49be747472f6074d61f9b288575a2335ea7749c69cd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    71d8923a8e453f2aee888e7a5a09111b

    SHA1

    6aa2fc7946fc431da9fa4354c1e96ced7bbb29a7

    SHA256

    8dc94679dbe8cff4ba39ffd75163b591f48ec80726f83471a0a7804959d1b82f

    SHA512

    0d3db7701bd6570974d269898cbd80ad447f34d87714083f8975520599e191aac770907ccf3f2060494fb1cbfd5847cf215cff2c6251193cff3d6e1716940819

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    478c9e1c9796f5c30599d791d8ef8a9b

    SHA1

    405fb2d871afbe6f4b077b93e60bbfe4c85e22c6

    SHA256

    41fa1f912c19c465077ea0a94df274a6e775a819bf17770a8f13d321ab222c4c

    SHA512

    01bd7b50fb51abaa4c2477733feae4d526b8745e76766fb9bfa303bcbd3d4508fbbf83dd66f638369d2e63ac41e55a73301b3ec3931dd83b50d50868a87d0f3c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9a6788830b719325de12f81b780fa6c1

    SHA1

    4952434b09b6676af2799aaf9a20a2c9afb8aa32

    SHA256

    e0d4582bcdf3295ef0734073695bde57f84e877efba8fbc3e7f8766b138ac374

    SHA512

    f5a61ed7ec09a00e3c974745af201ad709961ce3230f3338438d8b1dfa29d7352436b6b9789a0fdae775615a9496f107a50c176055700fe66cac87f85ab609a6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    be02dcbd6d9c692629611fc414667390

    SHA1

    49210b3966fd191cc83544dbc2aac1ce197edc65

    SHA256

    f919018802e315359176acca73775f58f9b2d6a918f37d2c4285ed01fa80dfb3

    SHA512

    b206bdbed66081c6ce68b320315e5ca05d6a9e0943bea1639a5526a6a132e57a09a5aeffebe8f15365d059dce71ab6934bed69dd031f634609bd94ef7d892970

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a3736cd437fd0fba093b6ea6b32481c4

    SHA1

    771d091c11225cf23fd89e71dbce7356b6ad14d9

    SHA256

    50c05efe455b4dd816db3fa36cfb7cc9d94dbe4f80867f44ebba336008b6c1b3

    SHA512

    8a84c64f12ee20e1565d890a5818a015903bfb5a70866f490371b1e84de9177b0cf63f512eb852c36c58b7a1ad77d914eef5616fbce312e97fb2ac82701cbc87

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b62eed8e4058231530755114de5fcbfd

    SHA1

    83602c265f4653bd02ee738e5b3a571b621e07b4

    SHA256

    2259d7e9e34afe84b2c4187133207c1ef942fc105347db15b320c2a591265990

    SHA512

    1e1bb6c31a20142f0260db4dd163a5ce339dea00fed18955bf1b6870df9906f97cbd669b6f94c5b9eeb4e2de164f8fb937d76f3194eb144866c14c9c1e73424b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0f2c33bb85aace3ef27590c4645c8549

    SHA1

    daacebfc119f3a111b511d4fcfad14440ec5e5bf

    SHA256

    f494f3648777a27b41473ccf98966632e22ba03c1db933bdebe2dcc581376ded

    SHA512

    341b581daa62014fd2a99520beaa6a98ca8a8b18eace541dc4a273a3f765dabbfd53e6ebe0c022294bf60048215758e6dc94bbe1651f654038c6a43792a46181

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    d1e73b72f08715a21b7e4a88043bc820

    SHA1

    1d3356b460b40048f7dfd45954c903f81ac75fe3

    SHA256

    d2458defa982da500c1ef820d3ea388fbd6de903015e9c77f6853848705fae8c

    SHA512

    22607ea4dfc9a27aabf79c8e5f83e921418be04c3a4228144c2df8ad9972ac1de0c2e400d44721fe2264abfa66798665cfce6449c188411b1e8e5fa29d02575d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    546d4c3e51410fddf92d17c87db04e91

    SHA1

    63a62b276e2b79766dee9003580fecac23decf8d

    SHA256

    882dcb28464fa6502691c4985683ec30ae02d3d313e0bad6d5cd16dfcb12658f

    SHA512

    93791d983a8c8b289aa134d8998af8fae7dd8a036c14b8c914b62e5765cd38ccc50ae84d7310b1c05505a9422c31aca9e2883206bebffa42570a8673d48500cb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    4f7cf1ed65199bb4d434de43c9220067

    SHA1

    57b993df0f4026e3f34c4436c7744b91733436f2

    SHA256

    27867e9404324a40d94b58db16ae01fe3bd106bf21833a6bdd0484f8f034e0fa

    SHA512

    ab5bb6ca6a36ab358466499bc6a5ca48dfc5ecfecdf6ffc81bfe7419a21211da5b0f7c9c5dd6b610b59a674532cbe0f3b774e6654027c256f3e04f58b3f2ac16

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    64a81d9e1f082282f4243ed5943503b1

    SHA1

    602a77b54ea1c5f661cfcec0b1ba8a55f1644a91

    SHA256

    00229d7ee896248f3cb7e08fe771e31e53695ed2c058ecb80439124d37fbc3f1

    SHA512

    761f7f5858bf2b2a7ca0f51359d85aa0ffcb0b9fcf4c2d76382b9244fc522943bb47092e86499b54cb68dffd0e5025e0bb59a3cb114dab24ff0c3663b101dcc9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    cdb2984566f3f9feccbcfa6642123987

    SHA1

    4d03b46751552d5d17e7f6fc03c69a141f31ac46

    SHA256

    81f255a9da3fee39c2c21aac27492eace6afbe672868a1aba190f8de08bc389f

    SHA512

    624044caeaf4836ac4fc3f31687968be125940e455d538b5d5529a5c803c5a4cd5109b02535216aa714679df7b3cd1df046372c5f8a3a77d80dacd5ce96a0122

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8ddae51c650b7f128a081b8268f14151

    SHA1

    bbe86e711257401affc6829c794f3ae007939fab

    SHA256

    49fe61ed6be6dfc2e7cdd14958fc99cdae90ab1c2fa29b5cbce4bf678bf23080

    SHA512

    4cc34df6ce5b2a8029275cc38b89cd1638bd89abcda7516bec773e732b5b6d864520c620ec53ab38006d065125e2fdafcc01e7a9b03fcb39f4385d1e067cd15d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    f18832059e40db9f808fed7b841bc771

    SHA1

    35abc69e2f5e99d507b71ed1961ee8ebd37d96e8

    SHA256

    24267b85a8a5e5a4e1ad972f455af9c02bddf92ba0dac67499fa8405ef381dd9

    SHA512

    261b1be3cb2b1254cd78431b51645b995913ce51d35338c16a211abc2d2a0ddbca4244735cad2b82fbf9a2e0c45373f36844e822ae4e74dfb6acc0117137de4c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2afad141a6697f532b67de12bdf8d30e

    SHA1

    5aac0d3d8d7035d5e503655c7ad80623bcd0f450

    SHA256

    080ddb63e9e1826bae075c00df3a7c199ec43ed413d13905a3994152fd6fa4eb

    SHA512

    043066da4818f55c0fbf91f734492adf96a6ba215217146d169b6122c7e637027e8abc1acfcce372e4d66edd99d0af298368debd1c5376d306f10a031b4f0f2a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e1f7125ba7e6713867fb64a00c108261

    SHA1

    d66120bae2d755e733c0bb2bdd18640140dbb136

    SHA256

    b1c75857a44cb13613a3ba548d3354f0e2fc4e2a4ceb4b8fe57d583c2e517045

    SHA512

    f9fc9ee1546c7876748b9a6af7ffdeb7b8219677e74fbe0794da53c79467269151004736c9c79f8095e9f943817b6a1157f23482acc466ac5e34e7f7dfc37bfd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    087f2fb4a1c4f27de026598f501d5138

    SHA1

    12ebdd0c34dbdef8c07eb155b2155e534097346b

    SHA256

    be8947471097b27ffd653f96702f33f96feb3dd4d54cc42f4ecee1bf998ea2c6

    SHA512

    1ea008ae329f9c301aba66dd677be8870c491fce355440370de87aa596375f52c25254600e08019a70489e30fd31c9d62f1ac903224652f6e831f63f954566a0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    9b03e448bb87860c5413fea6fbf547eb

    SHA1

    e86360f0127f7bf2a81601c4bfc8cb32b16bda88

    SHA256

    aa9813c8faff4890c9ea2bf9cc86bd9f5b6edec63d6dfc33bea8fe0f00c1b23d

    SHA512

    5016efaa0c22ee6217a262a9ff43c4f8ad086f54122432a52ed89c822c2fcb230a263552b2fc65ae81e4e402d8a2aee2083112d9ea9d8584aec20107e8951479

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    dd76141a253b1f71dd8f37f12c526c42

    SHA1

    233375dd7ccbc92993b08e24b35fb507f309f079

    SHA256

    f65f843309de5a467657929a89a6463b741b6a176bb96e758498ab61f6b72536

    SHA512

    f0a130ca1f9903bb37b82857877c1a332c66a7777977b5ad8b39fa202248e899727df3a6f008b4dee4b4888fc9696a179e4cb9d95961faa0fe97eb3e220b31f3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a214ab9566eb8fbbaa6acb8e1195a32b

    SHA1

    38b08427f3c12b41940c85229fafc83c38a9c76d

    SHA256

    01830676457e7a29f3ddf426cda1598dc88acc526f68e09e063003b399667712

    SHA512

    11330e375445687f463c07f1ec4d5579ef1e7d4bdcd002c4dc8ee3f6880d6f7ed366828800cdc769d0f38e6611831f240b4110270bf79bc6268cfde1da681d59

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4c844224e4334a118c260542514d6267

    SHA1

    8939e91b363964b84d06e954c9dd9156fadb58c6

    SHA256

    a406dba1f132a3301ee2782b1c31e957211da1d568a0568db47553ed87f5cb4e

    SHA512

    41a63f9c6b7ae1c866e0458fddb834a04420501b908d62bc17b095c7b9eed43bcefad5844eb62dff4be9c55587b0273008a25b0a75b218d174c2b2a008ef480f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    80684b67d3209fa46f5b8e7733bbc5f6

    SHA1

    373d610ea4b7baaed433d035fbf2a353dcbb1fbd

    SHA256

    d70165749fb13ef8bbf787ff18ef8333ab192ce698b9aabce6f3f9e73a33f2de

    SHA512

    034f030be3fea3d0442a19338ed513eeb64be3f108f813ddcc5085c80589879285574417c8751666da865116c0043e990ea7ba5fe6b14a98c4bcb5197a5e002a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    50a3298ed916c20151459482b5b5f9a5

    SHA1

    f4d29633fde4e36b3fe61c751683302b332e9c53

    SHA256

    09f6a9b202bcb7c3a98fb71ba22d92f7a4a9cf35f8f86c8bb76a6ddfc1a8a4db

    SHA512

    7a2fe90e64bc54ecf6616bf83d267305f961adf8b5dfcecbc90378971154813e5247b8225f45516602adedc306a6e9f70e1e98cdffaad7ac009f06d1e580c133

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    f76a4c07a2e78224a243a3712b320bc0

    SHA1

    e02ec0821f8b0f8e9483cccfb41042947e5ce30d

    SHA256

    86ca4b16e9c45c06963f55fcf18fde0491b3c02e5d5b0d6696d5e1d361f940e8

    SHA512

    89f9ee97f71eb0910c67f216c5e69038c3c8c9848279742cc76212635b57d69b97f35b0356704b05e11319c5337c6aad17451dfd5a9f955b2399a07ebb91b57c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ba5ce7c2da52c82108db93491ad3c9c3

    SHA1

    7ac9696a52286f5bbc718b13289805be9467bb12

    SHA256

    264272ee69e31621a3f66aeea7d04b042a0609c9c217599174f8e4d1e351e878

    SHA512

    b99bc156b4ee92579c91ea0287cfe61e625ce040c50728a8ebe83476bb5f2d2418425e29e9871b99c77789ab082d4c5b03dd4162c71fd283c4c4a0d38754e2bf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    7b6edbf3b783f6d50c0a030dd893f94f

    SHA1

    d158fc8c86544c0eac785ccdf8490a5ec2bda479

    SHA256

    e67783b5d2493f106c9bee9cb3f264b0c10d1292fb6743e266178eeaf432dce9

    SHA512

    37c816befd53d04e9e0d74e21bbd83d962e2fcaecef57a3c83939eef5f8a9fb8bc33bcdb84bf3b5e451baeee23c08ef1f34d329825f2aa25ce82a29de7c761bd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    868fa1260e563b6bbfdcc77a16619974

    SHA1

    814e860d8458ee6869035f9543ca5d009c562fd7

    SHA256

    8711746b88355b0ae8460e44fd9349c6bb671745d481c60f137ce17a89137dc5

    SHA512

    0611d023abdaa863a5475b7991b7f91c636da0d29146299db592d440ca5ef03d01ae0746ea5cdc2d2f2d706b29e552e75a803d4c1c1e1c660d3367705d7bffdf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    603755e422c90ca6ffc20306f0429e04

    SHA1

    da60dacdd2bcd7aa3a6552147437fd6d44f702a0

    SHA256

    a3d8dd527c79156644ea18fbd7ac3468d10b27c0b5a07ac5f8c09845c48e7ebb

    SHA512

    5a5e5840615a425c318c1ba7825a88a3fe9e8e8cf8bc1b81ce77f19c161397aa3e85c149330f045f8e4624844cfd4f0fd4aae3d6e41cd7c5f9260b539d09747c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b4f20c954ee105665347d4a6408a0a11

    SHA1

    079ea079d71ecffdd97eaa0f0ee193fa516012a2

    SHA256

    5e01f892b9671c2574fb3c9ae90056c4b85981b800568491079fa46107295480

    SHA512

    ed93e23e6d52cd72c8cbace5b64daf0c36d37ebc454567188992baf43bf7bc8baac3f7214200e3815ec100e2225b2c601dd1164cc96133f4b6c9abc23a30e11c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0e929ff2b011780639db085810cf408e

    SHA1

    375012a298bce05d485b0852142f4b7bf148dc46

    SHA256

    240ad4fb93576add912612ccd8a90cdcbda67a9b66ffa77af20ae52bccc06ea4

    SHA512

    a0b4d99c324b6118318362b3643c4592d1c0183ef892fbc883f52be58ea140bf11fdc610a837eb77c218815c6390b9edd2f1e9df7b066689ed4f8a306372032e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    99f315ce4e926370dd372ca4a56770fc

    SHA1

    05dc9d2c58e6cbaf4dfd162b520d3934c7aedabc

    SHA256

    b1c44eea2a01a5420ebb302840f5b1930885dd9d9c271666fae7a2faccf43241

    SHA512

    6a3a9bc59986cc688d9dc9af520ba3691ad447b77d40d003a9c266dd67c62fe627f1d3ebfc9f3d277dcac58ed19f3e75634a0f17685a1b66e16bb5814a4864da

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    10ffca50478a0650ec4fc1cc886eb29a

    SHA1

    ecdaac0dcbb64d83566e1cc3ef08d3df3c699b15

    SHA256

    b3a7deb226b8846859ac49ad7184ade9f4e82147fd16c4954661ee7e2636cfb8

    SHA512

    d82417e04fcb046f8b500410b3ef1188000874291cd741905f07924188139a0abde0655ffb4356674863757340167c826dec1e72e4f2e47be055f1478c1b0aab

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a457b8b38607558c5a19f52f590f6e0e

    SHA1

    8fd12c241ad410066688bf6be518bbe09872a94a

    SHA256

    14bf312a4009964d04f463b2834367e674fcd2b92f3b2ed0f08e94ed48ecf8cf

    SHA512

    5186ae87b8222fbf5746cd1b56b59ec794b20bb915a5fbcdc6f96caaf8be00d3d6870f2e630161abc8efef852fd656a575e440b095d74e335c90a81a6b001e76

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    54ca419601126c728373a04236fecf63

    SHA1

    7a84820e46fe44871bb693cb4c56eaebc524741a

    SHA256

    96a5fca970c1513ae068d8b4a803440cb3b2c76f8bcb7a798771479ee9ca300c

    SHA512

    b8bccd7d2b27b970c1dab61098835d90569b0ffb1fa82a02a36733a1a529e387c9065a74ec673ac6de8b2808d2bde6fa73ca96ab969a6e69ab5444c45d73fa3d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3e3be90dbca66f98c427cd3f6d4f013b

    SHA1

    bc8ef6f33bc5f33518af876352ebce136e76b9ed

    SHA256

    f702cdb483b35d21a5a2e631ac628984d064509986f103593f09b4ea6fa90e86

    SHA512

    9658407699603713800c51f0ec3b3d7b6e3ad0c2285c30e6badda3dc1a9550518fb6c2529b4efaa8c55b968243c3c14fbb4bb21e4db614364400365c3fd31f06

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    4c55251bb1acca9c775a8596a5fdcb43

    SHA1

    3f8ed6c0bde879782a220b6951e27187e96f3719

    SHA256

    67f357450703c6805a2448d4da40d57898d9e13d214caac532326abd918d12a3

    SHA512

    5a1263e9c0e24fa6ebd60a2464c99c99304f9bb0b0af912d0d8123efde90214e04f9e59bde4ce43a1d63f583b6b155157b164dee9d97fdb3feb3c6be6569926a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0df7112ea0be068d36122ef9af61e03e

    SHA1

    1c11cb09fb8df0d51b0e0b36b99f07ec0ff8c17b

    SHA256

    3588d30f32f79d887ab63aad2e7dcc4c385383f7d8df25505e2c336fe6c34733

    SHA512

    4b094ca521728bff36940830f6928e01a85f71b8651d2cdfd602ad2ba20d5bf68dcb014a1e7c46f8117ce67c4d7e015ea8165d06363544ea97a3d7180432d7ea

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    5945522626dd40e17861b2ac2bc35b0e

    SHA1

    d385fc1c5df364e3e7ee2be2579af4fe1f09f3cf

    SHA256

    86a4d3e887f8eb3270282d49562825e0ee09a4251e4e93b700a8639cdea52dc6

    SHA512

    547aa0ed1e658f83eee1e665401a842313bfaf4d0362fa685b95780a70f66036c081114c66dff7aef619ae3d995615145ab818376116f973632887c55325737f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3b4d25b21312b95965b32b83bc132557

    SHA1

    799a0cee559f518c9e46705f560d7f9f5edcefed

    SHA256

    8872afb7dc33317b67604932536e430b98cbf17b5c292d32285d052271c69bc1

    SHA512

    6916b15b39da47797e2766820388f95b8939064386bf6d5066ab8d167a57f75b50b198f4cc8db55553b05c91cdc337756a58c3d95c015e937ba4f797ea35689d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a862005828329c0689dbc7ce10f1044a

    SHA1

    9cf21670c933e019afae0445bb7410ec3455ff15

    SHA256

    eeaf78636a7216526630f9907cdde0ebf23002515b2d90aec05dd6ecd56452eb

    SHA512

    d4dad0948fdf9a6badfff31495b468ed5a39744a59c12358b1a8391092d2eec89ae2990b396c12b16e8ffc96a916475ef31e8b3cb84fe488a585ec2ae98ea6af

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8e4496c5e14fa372f5e73010af03aed0

    SHA1

    e7dfbe4f7038a35a6b094062ac2ed0430423a1c5

    SHA256

    b835e78ef4fd9db3ed0a988563bdfa4f883f5e9a1e6e5557056b2482aaca9c47

    SHA512

    cfa2cc2cce612e651455e6bf15ed3f5b33459794a58904cf7ffef69a5c775e6e895fe9a6e2b9600b0ddbf6cfb3ea160f0ac334c591c732789f85cf669cf09e9e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    51a9171f4fe292cfed01a69e26cda188

    SHA1

    70b8fb6ca0c22d36bbc29cf835e45ece6cbe85a8

    SHA256

    ee0a215ada10f37543ce5e232ba6eb5022db57ead29adf31beb3f2b058cdaa12

    SHA512

    068419f85d8e6464eae78f896294f22c65e7634569423a852b82f8bc129547848fcec78cf877b78169f54253e9ae10820d6dc7aaf0723dfaa73cc53c9869d4a2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    301d7cc228882ff725d8983226fa6748

    SHA1

    954a0f7a0c0820400c66b6564d93f934fdcf50d3

    SHA256

    9a757c1b727d74d1d6c9bf0fa3936bb12a646f0066e9893e88f39b7542ff03df

    SHA512

    f340f0465fe450de47f861e3bdc4d45641c40114326a751cd5455ac9835416390870f0a4c2c048590741e5c3bc99119d84bc2785a9cc271f7a868b0af410eed1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    d4ab37a0d75403d691c3a6f39fcc19e8

    SHA1

    d86b62364786e8877bf46d6a75095bdca62596e9

    SHA256

    378d7c3be5847dfc5291f4538d4f941c86a96c56359e4b9fb080c215e6c29ea4

    SHA512

    8094e6fab3991e565366e98464aa3452cd71666c866c625a80bb4b9fadd9f3e7b3b3536578bd37c4d52bf26426c0553f7066a05a2412067efcd7092088ecd705

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5cec712165116ee8a2cef0bf17ed8bc7

    SHA1

    0e861e924ae38dfc782c4827d7d3dccfe785fcf3

    SHA256

    331b01e308a72a9d66cf04726b42c5f978f7fad356af6b68520b8a5d36fca70b

    SHA512

    7ac367d952b5d3b143463e3d49e5876b42938cf57f68eb0bb3418b2f252ef3c2948eec8efad81dad9091c108d64ada87ffff2676b9752e18790cd492bed36d45

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ac6f414ed8be6b62e7686589fa96bf81

    SHA1

    5565de6a891cb5c484bae476335a3e60a6392e4c

    SHA256

    60e18d4936dc049dedfde1a11c24a09bd238e6884d97b9d24461e6bf6548fb4e

    SHA512

    ffd8808dd178dd7dc53cbf20286b2d04199c7df986dbbbd602e1c70b0631adb940444280e1bdf1c6072d7801d9c564a174a9dee7b3176147c30c6fe40866de4c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    393ec2de128606f089c5f0f55c36d165

    SHA1

    51f9b6fb2adb1b287d1934a8e8688dcda887e86d

    SHA256

    5991f00935d0bc17428876e99896170a9df69498232fc2cd557f7d1e6a3fc019

    SHA512

    e88864eff3e2eb8a08320115cd65e040e343be375e629095dc8d6ecff9c94e21082c5c2aff0f48fb4cbfd95d8e9ebc519a496669adb072532ce783b9aec65e16

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ec1973e6a39e15c45bffa9a6d0d79034

    SHA1

    40ac9a078e8ae2ce081c4abeec5cd8525995142d

    SHA256

    f2e95eb2d2cf07dd84268bb3fadcf652b2f41a1f2f2001c3084370be5f7cfc29

    SHA512

    5b59e57b018bf9758747821d04514ba34fb50af74c3e7efb97810ec8bb4ee1927db398018c63e95531f9e213fddb394fceaba77bdd44b1ea3a0d390835bfcadb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b6df3b21770f03628ba5376ceb6822c6

    SHA1

    a047c5b330585176ecec80c1b02967d2227a5f0d

    SHA256

    4724dc14accc20dbea110a3b0862332e43328aa2269faf0d148a60497942a02f

    SHA512

    0ee6de2e7e915b689e0d3871da76ccee65a1c19f0b0557c9694cdeca46979a9feb4fd17eea0d357968fe0183f90c8f69b4ec51e281f2b1d5d173378bc75c4a78

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    8280856394cbc6fcd660ff839b295780

    SHA1

    9004cf2e23f3ddc9f4f80e765131154eaa006e34

    SHA256

    eaf24b10c56aed0c296a70b7291322322aa59f7c198445ad71220d4722226699

    SHA512

    68ec5ee2ccc6940c1adea1cb17d8f9383d6fdcf45af8d0da9c94e50525a657da94431d95e53701482c6afaa5604d6c4577d4aa40c1365c95add956ee4472cfbf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0e9bcc6b20d2cb5d1a1b96d7958b0aad

    SHA1

    d8f0a93db13b0563586d91a1df5b05fe219f46dd

    SHA256

    e759132db098d109205ecd60b73ab8b825cc1ce505b41af10e7932dac771b4cc

    SHA512

    70a5550679c840582ba04ccbc457ebb44e9d19a5c07b8877bcb25b5dc4cb687f6361db876c613e3238a2a677255b52f64aa1a304d13682469da7df9ca5488afe

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0721c66a5cf1d0aa37cf3d4009607883

    SHA1

    e472cb11afff458bfdce81c63b886b04512d9b5b

    SHA256

    447384ae935702eff864f96f4ff81edc4355ea412c9574da1faad1c1d2644c4f

    SHA512

    527d47e315a52eb3b315f80ea7cd46b2703086946bd2526e241c9998851df71f3ff49e2408f1cb8f4ec9330541a8812e707cd5a0c7a7dea795bc42c4555d5f88

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1efbc7d9e47ed128a512b3f6897a7add

    SHA1

    d7689445fad74a8bccbcc81eaa4c546ca3202a21

    SHA256

    377d410aa10279ea4e5a67211e89a4137a7bbc72b4d866d84f4c12330572a7b0

    SHA512

    3434102d498bf5be19679993e3a9667f96e1a676f42181754be7ef77acf23077f2adbc4223b70c3622a6adf386a7a14b029465cb31a9014e70e53a47b1c2db14

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    6420f97e4a3e9148b374bae04cfcb033

    SHA1

    d9a8ae60dd1b76bcd40989a8c7ade2a7938369dc

    SHA256

    4c114cb9c78b4a9cc75e0fcbda34d3527484e0df78c2b588d7086ee3e783f981

    SHA512

    f965f1115ac607d27e397d1ad1b98b83084480f498ec5bcc0ec823d1118801af40d04737d3ee32d371772fd4fa15df6d1f254f732e6800a0a37fcd312c07878b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c6b8106e2064cf56679338a9c02713c0

    SHA1

    8740e2bf7e69a52dbfe473ff5c74144b4b2b154d

    SHA256

    8a7721a5eac058926dd5555af8f9afb46786622e97a0e6d5aa3aac9d63c10d0a

    SHA512

    3a4df0bbb846c1b6000c29ea9f78c4e36f25eeb64048c60eb8cf51c2407dfe846782b9f2bc7fdaea4b3bb1ac4f22b47f434a01a897c125c1af82afb18f934d97

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    1abbb48e93291a96d5dc70b297479f18

    SHA1

    37ff4c07fb1665763e89886011eb261c3d373c37

    SHA256

    d3bf8edc0d4d029f8bd7400abe19aa88535194d784b15410cbf7dfd82bb6ada8

    SHA512

    d111bcb471bd26f5fb5b296c3474bf136489a26cc84fc82a7c0be7793c86becc3b3775c9d9b2ac2193e5737178c1201f75149217b7e63e6ea1cf158a63424f16

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    9.1MB

    MD5

    82ec1e43b7783d81104525e75301c7e6

    SHA1

    5aaa246a9ad618bfc9fd0ff157d446693a551707

    SHA256

    4537a0ac45f0e102bd56c3b3613c2061a03a46ab8bbdb42aba37e82d90c22f4b

    SHA512

    a849937a1e43aa6acc06c04c264b75da3cb0a33679ef4909d75a1610969aa7a5c481425dd9433c88b8dd9d6c01b1e3a2728d04629b86cc6835cff6ae3b1f1d44

  • F:\$RECYCLE.BIN\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.exe

    Filesize

    9.1MB

    MD5

    19809386f39716f57a597d9cb0da96bb

    SHA1

    3364d4279183b1c750fe198b7970eb4fe500927c

    SHA256

    0d9fb9363e38d31d0608f409fa179afec92f7b72d2032544de823dd5bed6451b

    SHA512

    1b47742bf0940392e6cfda496ed6f81f725ee2a41212c1849b992776e65d644b3690a5dee009d6ca61986c29ab7e3cb3697f65f19ae807356079190067b621c4

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    9.1MB

    MD5

    4b1b48638ef3cbc9331c46e3b4e401f9

    SHA1

    006162b01055eec1a290b17e15da5849373ffea0

    SHA256

    c93330b32987c7050b4755fd051910c9394e1d26e7be43554b2628823753e630

    SHA512

    2c5cc5c3ef26486bfff200fffbbe5d67bba7ad819c823c1d922ee18ea3d733cabb7248565b4c3cc76e806e67cb421e5cb03b90c1b79d11a67dc1ab910bc3eace

  • memory/784-5-0x00000000021F0000-0x00000000021F1000-memory.dmp

    Filesize

    4KB

  • memory/784-51-0x00000000021F0000-0x00000000021F1000-memory.dmp

    Filesize

    4KB

  • memory/3968-0-0x0000000002310000-0x0000000002311000-memory.dmp

    Filesize

    4KB

  • memory/3968-45-0x0000000002310000-0x0000000002311000-memory.dmp

    Filesize

    4KB