Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 17:58

General

  • Target

    4e3bc33d73f4d1b456edd175c4e1992b_JaffaCakes118.exe

  • Size

    3.0MB

  • MD5

    4e3bc33d73f4d1b456edd175c4e1992b

  • SHA1

    48d3fd59564c5352080c2c3799e03581610b1978

  • SHA256

    723ef5c8665cc631c3dc5215aabdb0b379c6c4b0b247a36ddfd4954174024818

  • SHA512

    7690e3b5f1f36d6a01eca0759cc8e94771a1d71b200f89fd19173902c0a5aaef3d261bfda819ca648b6503fa84fd790f42a4a863990b0ee693c81aafba939a74

  • SSDEEP

    12288:gp4pNfz3ymJnJ8QCFkxCaQTOl2GVqyKXe/8JN+K:aEtl9mRda1VIyo9t

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e3bc33d73f4d1b456edd175c4e1992b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4e3bc33d73f4d1b456edd175c4e1992b_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4568
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.exe

    Filesize

    3.0MB

    MD5

    14c419c7e9c6a5720775dd7a10ef0c84

    SHA1

    8be944601ce21bd6644556d391fb7b50df8df058

    SHA256

    65fdf9a4c23f675415981e441de285da36d33367c305964135ce7863b94fbff0

    SHA512

    6bce364ea86670aecb83fbe6badba54f79a272c0285c29e9195c83c851f6691ab0e3e877fcc1c5d02507f42da512e8d1d0b20b0a2c228b930f67cf26d8b3c5a8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c8ebb33dbccee7a24d0f7c09976b6e50

    SHA1

    f5297d0ec12456cd5e97d0817ee92c81d8a685f2

    SHA256

    82bf66de1c0d40e7c02840845a40095e833f462b8bfbee01d51f3eaea14f3d15

    SHA512

    4e5e820cdfca4d1f8b9cbe1867fe9f6dff3fcab8db4f3c67e5eadbba154fdb018ce38cff77191993ce8037a8923bc2f18b88b4aad66be216ff201a61e6809b22

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d22302ad0f5a688f727282a1a45b75b8

    SHA1

    3b672e27cdd968cd706bcf985e57234abbf47c6d

    SHA256

    888e8270ca1371ab6a003cb9b1496af193de363c0c6d20dfe783e315fa09f42f

    SHA512

    dd3f50edc27c74e40b3f24777a330afe226adb4f159731e077b357589dd6ad27819d6c1d008e90c71e6c8682c81632d0de9e9e1a4f1faaadd2f4af887798ab4e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7e37eaee894b42f9b5c9615b8cac0369

    SHA1

    4a164ac6dab627dc275ff3a2c247ade83562820b

    SHA256

    55870df7ef5a1bcac9eab67b1c95b5975d9d66c13cbe104a833ff481a518155a

    SHA512

    03da0a55a4ca2e1997f5bc7e6b5f127816bc50bb376bd5063f3ce787ae5b97c25a1556e0df2883faac637a74aaaae3cc7765614250d553c93a46b33f33fa784c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3d908e993bffa2c10c72eb41894a8d2a

    SHA1

    451d0e2843ef91731c5d4d0e6d51c893b1cd8be4

    SHA256

    bdcaeea38656228a8190868c9075e9594fb5e57d669c7c235bcd0e5cfe8f21b8

    SHA512

    ed4124c18737971f646d32ea7e3e43b0175404d9acd892bb3535b85953ec820fc035b91b26dca25f58bc851aabf760c3fbd375a51293095cb20656be4a4ca5fd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    538a4b9e8c8ebc01a5113d7d9b3e1e4f

    SHA1

    3297d31c4d69a04ea393eea58a78e75e108f4915

    SHA256

    5f7870f86215a2661a5a8ca75ce6c69073685aafed1ac24a82ee30dd7f956e27

    SHA512

    0017e8da0d58ea1522edfb4a99c378a7bcaf2c7bc3b9e1fd18f3507bee829f873f2a934705aad001980aa97da4b04a68e7cd378a95e5389c9ab4ce19433dd5f9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2408a637a65c9574163c7986be0b5b35

    SHA1

    67b24195c321454b881ccece72ed8e83127fff19

    SHA256

    7af627aa1c61b35478fe043c5a3563c1bf89555b2f2faedcfeb8f8cc4238bcf5

    SHA512

    22481a94aa7f6d573a739ca79fa6d50afd10fb5bc7431ef9d8a0f9bccc8354d95943601fcd694507d762f8aa3a8d88b1ea91d65bdf06909d9c90276fc7fc4d08

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4553451a49c9c98cfb4a9e00405e0b69

    SHA1

    7accd146653e190ed7200e0063e1d9a97b74093a

    SHA256

    bb34d37c2fa8f1659b3bac9b38319c7c9f84883b1dcbdb5f262aa74132a6bdd5

    SHA512

    14e3ee94aeb2856c7908d93e717688caa853db687bac8d1101896f69b463c732ea37b7fba770292dbd5214a2f5a48fc1555a7c7b2c8ed9f36341eb553bb5bbf8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    dea879129e9ee5d3e6f2d44d8acd02ec

    SHA1

    061aa418c0271fe057ff208b1d5131666a0eec4e

    SHA256

    63a1dc6901ecdfcc7d7933336efebee81052f877f99d1e422ca7eee79f1d379d

    SHA512

    e15422994d4a23e21a5cc934b2d8efe86b7fb9e6ccdf0651a5507016a77ff3b5157a2bd4225289cd7ba01fb5e56650fc2f97574fba249e01f7c96efb56545fcd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9f6235ecb56ff2d132556291a1cfeaeb

    SHA1

    b63f8736ed9aea6863b5e39dbb6064e317be1ccc

    SHA256

    8bf3ceff63fc3b4c7aeec45f6c489199a61a05cf38f8c2527896497ec074e0bc

    SHA512

    dab043819f5221a4a68d2a9717267c559c483109b824c8cbfe6741ac465b570d5af6024f89facf6aad844f9bb96c08fb972b57bde7fe14aa5e2a825f8293af6f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    61ff3b02fd9d8ee22add6ba79c97b1c5

    SHA1

    37705c42f62772653d3d2219e31f47f596a37986

    SHA256

    32513f651c7c5692adc6f0e4958ac771fd0ca20a31ee369bdab8eb913ff5d2da

    SHA512

    903df61fafe359470122f49d7dd73650ecfaf1792c4767189aa8d1a379af4a0718a43c4c9cf6e72985b6a0950f013cff7d08abf3aafb1b03a3aa7fa4355719fc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    86d5b8fb84c4e9f4c57bd96d84287d4d

    SHA1

    76cc351121e322e6efcc28720289cc8d1267167a

    SHA256

    81faed34d867957d04ba8c03998a08a59eb7fd0e58cf9e772fc401c1998b3933

    SHA512

    de97eab4cb9e318de02d6b75353c32ad43a24178a03c4081b1a40f600a109d8268cbc4f2477c01c4c0f7aacc8e7e799a3bcd4a85172eb14e9572b43816fe17d3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a08cd089f1b8d98ea6bbde11efc43f1d

    SHA1

    a2e15a5e35f0ef8dd19c84e90b299d7cf5147117

    SHA256

    1ba8f394608365cf0bcf8c9223f54d9dbc0c17569b7c2e8aa046e1bb6a270897

    SHA512

    6364802d1cfdb1aca56d8965f4a0a429a80489b6e5aa71c7aa3ff225a37ba3d4f726661bea17735a3b9d79efa10c2c1c6e7d8ac1ee52ba16962065d9e4849dd0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e45ee63cc0d3026505279a6f68d44e0f

    SHA1

    681df8a05b35d0187e34ef7d3bab1a39cd1a1c20

    SHA256

    6f3c6e35e35c71af7d9d1bde96a87947afe9c9239070f2eaa762dcc999c9b47d

    SHA512

    537af26aca258b11950629a72dea52896d379ab504d2a4f6aabbda2fd83a3b52fcabd68ac7fdcb13519b1d7b6d735fadddca641bd9df78c3bbe5bd57e0c308c3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    404e23b40d901f0ca3f1000593d89cbc

    SHA1

    90748dd9db32ca56d799ee2cb31b5f72f64fb2f3

    SHA256

    b22bafd5de2c14d6964dd5b4e852427d5df07b9519c987243d1c2891b625fa2d

    SHA512

    a1fba31ed19bbcb26ce1e01df47c07dacd20f4083c7f3f14aef09c4ac774f16dff6b8cfd4aad51687d1cc75eec9e9b5814355f7c389090592aa1366af286e0ad

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    26314a40b99f87207e1612b7c7c24a13

    SHA1

    963c68acee5dc5e016a8adb52dd1d2fe7162b291

    SHA256

    10c7db67d870ad480e605b8aaa38afaf722e2b668bf9d092c745a88905d1e7f1

    SHA512

    cf59bf32a67fe77c8e85a05fae5b31a73550b2313502e1217f0bf6683743586ace8922d9355362eadb0e662977212d1edc0553b9cd70d402a7b009c0d6780b4d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d6080e9bab32068e918ca2b4969a6cc7

    SHA1

    dcc01d92c20e29d24a5c06af44c539bcb6a702f9

    SHA256

    5768dad086b03f50410085ae64a6478d9bb2bfcbc12a2a64b46cb87624c251ad

    SHA512

    c06d5f00bfe39717d6ffaba24ceaaf087673ffa5286113c33e6626283ab3e0a016027e0995149e73b9a0a53d78eba1bb47e7e8fbb9968c76628ce94f1887e0cf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    badfacefd4d12d1320a1cbc8447cf544

    SHA1

    df19644adbcc96545fe11996a979206b96441c41

    SHA256

    5b9a2bfaec5a6648f773dd268653705afb13510d9ddc72f118d29cbff7812898

    SHA512

    60b704a75f6fb454dd956dc769015d1edd466a11a56fe70fe09bdd21fd708449dab14e20d94f6009a72f560124b670a5bdfe245c8346b189b706ca9cd637dab7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7e161b4dccaee6dde573f90681a191a0

    SHA1

    b39928b4fab81dfe87b7e1b4206366f52324129d

    SHA256

    40652d30811abbab530549ac042576bb4d149e307f3a9c7b7f0687ef42fd9a5d

    SHA512

    a0750d67b18de14609e6cfde8cf57504066432c97cf17ced566f802c2f898ecc3ff528560cd8d83afba3f33a8cd023a3917315f3f78db28af7345db24a51433c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ac07f5eb9dada8b3ab7c4e3f2959ab9b

    SHA1

    1ba02a37f11e0c34e90a1130c599d5ddbf257c27

    SHA256

    2a351ef3a3ab7eda0a9f84051009d45d166af9ee9c62b1297b2740feaf743c78

    SHA512

    65a44180e95a6f6b0ee2e3d4a0dd074ccdda8183f30e312175d7011a1104d736ff048829313f44282a368f0da0e88d0eee4f6a42bebe3361da2daa376fab5760

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8b7b7b8a7181684789609043206d1388

    SHA1

    67e4dd0101ba94426f00184312769c506d685abc

    SHA256

    bfbb433cf09d8fe139ec35935a98f998ec7b9ae3eaf7080b5239dd7b140d34c5

    SHA512

    2ba6d677c39d339e3b3e90508eb6ef52bd411b92762b46beceed7e02a29aa5ac2cd5e77d43078f5894b85d143dacb67cdbbb36d542776299c723baa2b02f0c7f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    bf8ed22fa5256abbdaed16571b4e2069

    SHA1

    4f2c6472bfa03b8018dd8615969d7f6289740cd2

    SHA256

    5859269537c60a1b27788379d5f1a812f87bac97b7edaa5cb4ed728502d8bd83

    SHA512

    b979f2225fdca46328d48d919e04fd3bff9a24bd4e5243b17e465a4a481eea5f39b8d040d7c63e4d972df81be136ff4acdeca1e7d84cf77a962c3821a8f2a4b4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    11f20df0923d21fc2f6dba5c89a160c2

    SHA1

    a592395be88443e7491f80c9809c78dca6885444

    SHA256

    efbcc26c3188587a79501625e803903ec1b8f685b1bfc3007847225d67d1ba73

    SHA512

    b41c0bc58de33c4737d97534e5ac65f4a43d90d7555d43834b770278d5a371a5dbf3209511bedf44b8b46e45391c034dac91628ea22899262a460ce41875984a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ea1880ec93f07ab18814ef5dc1d2e59c

    SHA1

    6b35296e26e3337ac18bba427ffb4b4308c1648f

    SHA256

    3cf2cc93deb88c7b12a32a1dc6e84c0343ba9934b52cb322ec126ec3e0690846

    SHA512

    c1308411434adb5ec9e3fed777f801eaa239b4b5131cc3671729815715dfca270f37962f1a434c9b3f1a14a04affdc0d1fad3e5a250780178d70563b885c03e2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e5222729af0c53e9ff04d3b7aa39bef7

    SHA1

    e6a73147bca6674fcbba91ab83ea703f48602345

    SHA256

    f977938cb681fd0ccf493540302f2ea86e3461ebf24196f481c1c5010019f643

    SHA512

    5a57e9bf3ecd5ef2bff21715fc7ad4925ddd83b9fc6cb064aa7303f68883f06d7ac6c5948cd506ffde2ad536cdfd2869c01c5ce3fa1f1f573a32305fc51937af

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c9a9000fb269054a77fe59b7511c7cc2

    SHA1

    c308c7f79e93ac2c917711229d5083b88a3deb96

    SHA256

    3c154b50a8c7df3b9bcae7419946ef84e31e1babaf056c54418b07152caf71f0

    SHA512

    fe079436caa3b7e078dfe4f83f07218d259359a58be3e678651cdaadb5c893a90e630083012261950a1918afda30706675021844afa75e37f049c8d1166708f9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a0bda9694b9d52eeb0328935356339c5

    SHA1

    2b0257902c5c4ef22df95b764280255d9e4435aa

    SHA256

    aa5eb23ee4a63d3944fedee8350ab46dee77030f95eda8ad96030d92a44c81f1

    SHA512

    692bddd820719802981cee8782307e630bdf3abda7c68e8187313589103b89ad1d72fdd8e8fc5605d18855edbd818c0ab885425cc35ed8457241fb85c8105140

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d078d81cc0669638c303aa4894565ce6

    SHA1

    4a6c8c5bee2727cace4ea8b6fcec4fecabc54887

    SHA256

    1e20d0332b9c261d0210992c272b0121af28727129b5d8e9da3e90a384ecaf1e

    SHA512

    478a93cb49112ac2897a395b522a7c152bedff65bd7fa5879047d7405f9d4063d55fa361efc46de8ff51ba94e8d28d8e2964e087cdffaca0dbfd4578f73e97a3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a1f156c07d2dfdbafb2edec75b5439e7

    SHA1

    e2ce16f3740e2515cd8a47526dc0068cd90bf2cb

    SHA256

    390c05faf73aa49fc4c1d2fcfb5b20f62599fea42970c9c391feb09153700e19

    SHA512

    47bf9e27717795322cdeb24ef03d5a144b316d579c93c2dcb0bc36aec9e60e3fe875ce915b0a83d10c661a9703e0e890c94695b055dfe1fb32b80d27aec24947

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    be33ef4c2e1cf71dc8d19eaeb83c513d

    SHA1

    730768af771dcf7373d8442c3a0ad70917b4d08d

    SHA256

    80cc7dbea132a719143e2f6115241e989da538a8050e82433019520a70bda2ae

    SHA512

    cf41cb0df51b192c969d1b260ca1562785d2ce3e9ec06fca93087a9eb7c9a2fdafeee4ff79f13141e8d1e2878e1def6e9e0052d07fb8d9df50e5a7e0324e323c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    341529699a933c65170d872df4076e16

    SHA1

    9c890f5c38e1196a74ff9ab88559e2aab58daca5

    SHA256

    4d63940032a47e628f2ae59de22a48419456eab99d644d7f7f8015c99a9ad457

    SHA512

    c808dfc5c4cae86dfa6457777a1a74eb7e2948999fc30f6a5d78205727a7ac7dac8f2012ef69dbbcca4e9e1ea481b75090fd8bf1899995205b2e7c873aaf6005

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    995bd3f09dc7a3e51c7667ef2ecd2c1c

    SHA1

    a2687bb251719d6fc2f33e7791fd7730164b9670

    SHA256

    9e14200321879fc66349f9825c026ef17ae41506e766e43a58617a4740958ae1

    SHA512

    e6d7f6e7d7210f087fd73ca29df690efe7de1c72d5627d4744bd87b3db952dfe13684120e7961d702e109abcecc2285cd318c70a116ba57d8f9a0c7ffc0059c7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5005b855958d5777e5a75ed5f1b02f77

    SHA1

    d7841973c1275117b6f9abdfd4d951a7631cbc5f

    SHA256

    0f4773b103771ef693346ce48b60db258749b34e474efac48260bf9c3429d174

    SHA512

    158110b8a413f11ac37d96f1f63e5480ce9794382f9bdd90bca77ffd9e99a52210bbbc9110fca45a695f6c8dfe76ef984c8bbbb4a8be979611236b01ff86eb8a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    032f9daa0d27246aadaf448a3a415f8b

    SHA1

    6368b9afc98c2a837f565a1b45e8da3c2154d580

    SHA256

    43e1b330ad78bd31e44c8e95a94e395a39bb2e74df6e545f4ce4b2479f403ec4

    SHA512

    dd18db9c9bed9709a0e1ed452726b83656cc77d47234d738012d2e16b51f42afcff7a871d3e5d5053a30075eb539889990ac3b1508157cc4c6a261dead98d59f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    43fcac87205c8bbfda815a6e62872cdf

    SHA1

    58a436b2a184e362fcc463cdc6a4bc971af0c61f

    SHA256

    a6ee5356e922754a1d0a0e758c65c83897ca40ac6d39fc73fff9d89d632e2349

    SHA512

    eaa804c7f736a7b72f6d1669e6776effc0184f4c18eaec6939aec91186e116d847010a5da8f924c2a1963c2e68a186cae2f2ef565be188b119aac720cbcf3dbb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4a664bf3040f80803ed1380b90904895

    SHA1

    c7b62aba019f2bd6ec87ae6ab3e95d8041217743

    SHA256

    2d28539601c92495c2ee4eabc1f7701b5fab0eb99c0e78bd8bc8900b7cb17c44

    SHA512

    6fa26e4863acaafc4cf34e4c1bd240a46650ea872beddb3daba5af80972a538a5e338b6e764810feb1b9c6ef5afa3e55bfd243c689637cf46da584635067b900

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e2b747448b2a8b3deb381735c6f3feb8

    SHA1

    a561401de29b546e5328f5996d0f6a0875f5065d

    SHA256

    e848ec611a3cb38863c1e39557f2f758237eface5b82343125408b016333a264

    SHA512

    5d6b76affd9a37626c8cd47a916e1c6dd1037f4723fba7bfa514519cd36e0b8cdc6546d890df1ac3a4e0c27a5b18a5a7af991a2a280367dd3c860f67e30282ba

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    5fd7d1efad5b03e331c028fd70b167be

    SHA1

    456c7fcff0e31de5940051e9a80a841609b685d8

    SHA256

    b901bdb56c35d07cd2f33c7de7779f3ab479f47faf6de9728515f7476cdd56ed

    SHA512

    e6e29d04adb484d95b5b44b7a1fc26e1642da574e6133949fb8b49b9b84e93e8fd29cca89a661b502406d733e93eb58b10605531d465520c8a90adf0ad8f79fc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    eb476d299710a12645fac3328b0b135a

    SHA1

    0b9bafe7422884ae7871755cd9df6c33960a3c6d

    SHA256

    521c9ab15d1d28ff2a03ade33284480727a13c4d1ee6cd1123213f7dc48d29c9

    SHA512

    8cb0a537a5fe69820f29c490d4ddc273363fbeabd4a51364c8d58ce967973fd4a2cd60c5487d8634b3f5e645519be8b5a65ad276661c518c8027e5287f00e930

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    df3a4e10ce8ad43629369b07c3df5b5a

    SHA1

    9a5ff3453fb6653c8305c21816c5714aae9755b0

    SHA256

    5dbab445f29e6c05f68f0b9cdaab60a5b508ba775c6ed56404e88940821cd24e

    SHA512

    1dfae61760551f25f07d8ecbafea36d3d4351b97e798e55761d6395e4e8ecec20036bba0556f3b1f336640bd22dee44f1a9f265e3270f793e904fbbaf969d3d5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4521c00772d3137fa9b7ac469640824f

    SHA1

    9d2f8f43ef5945b4340f5d0e78e6ab07fb8e2bfa

    SHA256

    367f7da6b2aa9dbf8c120d779fed016273684699c6935b2fbeb5836f9ac8e09a

    SHA512

    15096454e4aeb588f840b55d42031f230bf695f5a06493b7c7127f2fdac6f8ec67f85a143939614a9604813360193da68e20a35d0cc4a1b779bcf1e40ed20763

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    1d9853acdcab3ad34c15f8fab070ed70

    SHA1

    67d1599d4c06b8f360d4318f150b9d58abbce5d9

    SHA256

    07fce48dc890c2697a6fbed678cad08f2a1787b5127252d860797c56279f7324

    SHA512

    23c3c7def9545302caab6e84c8fc57a8eff5b094c489a94acb48e77c9f365ceead5a7c835f377f4b88c76e1b3a2d3e28d6460a7d1e3a8914376e5dfd21f55041

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9d6b7e072aac3d2f096072d6c4d40297

    SHA1

    f907a61d8477eb7d150c139edd0f1e6c8484f1b5

    SHA256

    f9e771a6fb2cbd0657a19bae72020469b993000474b353b7b4b50e4efcca1349

    SHA512

    6c0ebd19dc1baace4e2c8a3a1cc4aa542e12b969ba6bc6dadf61c34bdebd844279879a78ded13232b877658e8f926786f2ad5982120f0f7da6c81009187bef18

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f679679f9f2c8c112ef20d7d361c5cf4

    SHA1

    1d2793e0696bf0dc60cc79bdc9c1d3bd8832d5e1

    SHA256

    98ca02073ba493b8fe1622340c3dd3a2abde5e86ff70c7b2d9bb97ecbc24aa69

    SHA512

    dd9640f3ba246cb4770b1e02b3edb8717710832a077bed8a544797daa1d620f3c208cebfd2f62fd5f19f804ca2193f5d0eaad4eccd76c899f7e04b7f40668851

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2e1eaab8e960f8c0840ccc0f7056becd

    SHA1

    ff4de0f575680a81d327ed67dc1cc160e40d35d6

    SHA256

    819a720a8f914e0373d7233de054867898b4b6639ea4fbac323ef903ecf7204b

    SHA512

    dc8830af0c9096455264856c6e1108f99392b9ca7abb588d03ed54517d0563067baa17d9298de8336926dafbec97457be73e1ab5e59d83af3264b7b896bee509

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d8935331bec87ead68fff51811bb64f4

    SHA1

    dfcdae3036d923350310a9a61bf06d4e42c36a00

    SHA256

    5cc6751ebdff0d730e81f8aef956e078b43c4cf3df639facce6e0fa797c44783

    SHA512

    f2e1335d4a7d6282168b29c4b2df6a5547c422a6ac0bcd7aef9c331f0195ebd5dd6e5c1f95298e1af5d4b044e6957dcca348cea34d0ebbbc83a7c49d12b12324

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3b1b9e618d1500f8fabf1ddf182cbe1c

    SHA1

    ea218b13f7c347ecbc98783d281c665600140c7c

    SHA256

    975b00b4e314579ccf48d176d057227010af94b88b5758d5e456e9713d221bf9

    SHA512

    4af407bbb88bee4f8a1a06cf1d04b98fd48bbc1b15393942ba617aaa2f5154447b294b0e5af621763124173aa12ea47fa22d64a65442f0e3372be77156b99b8b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    89b59f80d6c2987f17ca3edfceb25b4f

    SHA1

    67347a11bf8205feb0364310fcbb87b98133bc8d

    SHA256

    6c27d72376083ff73fc19c7ded5ffe615f92aa41cca98d88cddefa4998d69d24

    SHA512

    4e3b13cede4f6ff562155350bc296b5c7ad669946af537c9d2b3809c71ec017c37af2d608868a85cec421e8f0e2782e7224b2c97f7a541cde9231c1d6e57a3d6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    770dd8df375d4c1e207f3565b6b9d6ea

    SHA1

    8e317c6869f857284c3c4adf2e37cfa31bb60340

    SHA256

    b56b3897224a08debcf00b9a33da395e746f59f65c402bdca11d0896e7c4a504

    SHA512

    138a68698e868f61509759d1365fa0d3c57a0909796a796b5972e880f655b57a3fba2c1ee561ef6d06de205bbadab84acc1de940cbca63a52305bd3fd3457577

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    67f5653c27c1c3efd8a288d28f116e92

    SHA1

    0df47d821d91571278f6f1e67d4d88ede7b8ba71

    SHA256

    e3845a6999c6141bd999be1d89d26418cebed1a8fede119352aa53dd2149483d

    SHA512

    666711d11ba384c95484e6043f8f41061b86421d2376b391e3ba730dade0a3b31d59eac99e3f384259bff95980c9123810b1616785d8308d8b52ce87c16cd936

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    787ef45b3e568328aaaf31b3ce9bc70b

    SHA1

    f67a51bef522abece4ab4c47c3dcd5a67d27ac3d

    SHA256

    a3f527b8cfc9d6c8a02a0cecbc15d8ec2ad879b3659e03da99667c388d96e9ed

    SHA512

    7de7b1379b7f6566caa7a9088c15e417665e6d3abc529356eacb7b53a979e6f5972cd031f15412bc9a7b2d8b0ff66d4b542be0bcdca28437f87a91e34c0a2bb6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d78b10310496bd7298d35892695dd433

    SHA1

    a76887dff50fc70441024faaab57392a25970a7a

    SHA256

    5eb9d900d1255ddcf862d40d2b352823a4d038b5907e05d3694160e83bd95d68

    SHA512

    dd42b4f7d810c96334a2326f4c5ceeb1b83c6172881ab11d949e7f3402a86a92757395666dbdd88399b932e6ded5d63e3b41239b913a927aeca9c980c2022c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b2436e1ae3e1fb8a8eea7ef486677ad1

    SHA1

    92b57bc93ad64b1a26f6ef17f00d7ce723c3a3a8

    SHA256

    4f47179a3a879877bb0ad665a171aa945f2c97a0d6f2a64ccba185325d27fd37

    SHA512

    72b3aa0c9a11bddd776d7c3c333e7d8a0ae62a2f0c264aa3e45a9c6983d2b76a1eca6b0b519ffcff5e4549d8a0b8527bc5ff6924dc91c8f1c5dad6989bc4571b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ff3afa4b2d5170c73a5da8bd826bdfb6

    SHA1

    79b730e69fb6a9d87f3d44ee73a78230203dd1b2

    SHA256

    f1e8b71053a0d9eb645ae4be9d443656beca5f7d4ad920d99e2d697ce40a3d1b

    SHA512

    18f426639999209034b56395b05e81cfa895eff490e0c322c24051555b5faaf545785441323536eda4c9025bbc6c7a120856f01950980c1d9ac0d202ccdf8060

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2d6d5c513fc2ea4be91f04117b73e8e9

    SHA1

    d045dd53643c72402d662b78f46984a172c168d6

    SHA256

    be501b55e3f56f4929c55ac465814b091df5e39b1e31c41eea63d4b28d011811

    SHA512

    ff2f737e29693df8b7c07e5f35cac6790572ff6f21ab91d28392b43bb27c2ae3ed1fd1d0f202dbefe1e07e881303b4a5605ff1fe29194c96532516acb375ad9e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    a5a873660346ba6c635014be502dd754

    SHA1

    5273c271b3572b6e8480733c890a31687680af8c

    SHA256

    3ae42f9f0d5807f44fe7d398dbcb2de447915aaaf0a08bf018b2ad252ddd3100

    SHA512

    33e99bfa5e6a8025f2d0fb99dbc43bcefdd4abedecf8a21bb507b97d10ca88fecea0b90bec36d18896d924cac87b99fa04fdfbfc1cff53e39e35219c47388952

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    1.0MB

    MD5

    7e4e24ffea295894b9a761a4357978eb

    SHA1

    3902b765eb7224e56cc9dc0c555a6c650534d967

    SHA256

    6539f6d8a284a0225ef83189bf6bd85d930fb033836fd95e743e992767b6ea79

    SHA512

    df1bc9ce2903457b241f41456a9a534162c38ea5a4308c095e3fabe480fbecca7c45c3f24953f67d2593097ec1a7fb3a0eb4c5b6ccb6a6cc347cffaf9cb59b26

  • F:\$RECYCLE.BIN\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.exe

    Filesize

    3.0MB

    MD5

    87f34015e0c55ae4002e4cb273671947

    SHA1

    e85032da47de47a0131b5c4ffb2504c07b507ff6

    SHA256

    9a03b0cbce8e4dba8655dc02a100a2fe48914aaa07ae6ec794e3c5ea8554b6f9

    SHA512

    2344b779417a86e3da6f279fb28d1ed77ed2daae948be1c96115e659280a294f51da3176c2139680b6354a86c6ca39069168f846d6ad4490c38fa23fcf40c117

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    3.0MB

    MD5

    4e3bc33d73f4d1b456edd175c4e1992b

    SHA1

    48d3fd59564c5352080c2c3799e03581610b1978

    SHA256

    723ef5c8665cc631c3dc5215aabdb0b379c6c4b0b247a36ddfd4954174024818

    SHA512

    7690e3b5f1f36d6a01eca0759cc8e94771a1d71b200f89fd19173902c0a5aaef3d261bfda819ca648b6503fa84fd790f42a4a863990b0ee693c81aafba939a74

  • memory/768-49-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

  • memory/768-54-0x0000000000620000-0x0000000000621000-memory.dmp

    Filesize

    4KB

  • memory/768-7-0x0000000000620000-0x0000000000621000-memory.dmp

    Filesize

    4KB

  • memory/768-6-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

  • memory/4568-48-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB

  • memory/4568-47-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

  • memory/4568-0-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

  • memory/4568-1-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB