Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:05

General

  • Target

    54e2398991a9cddc07f7f06a872f1d63_JaffaCakes118.exe

  • Size

    11.3MB

  • MD5

    54e2398991a9cddc07f7f06a872f1d63

  • SHA1

    9986f150239e30469866d4509a6dcae397371e18

  • SHA256

    f7abf97c66dde0d10eb7d8a90c2286ca4e03f78204fba4a3d7fa405ad21e434d

  • SHA512

    e6dc4190747a0686a43113caa83ade2c6e651fc97981eabba961a0ec189b5daa22827bafb7dcf8ee11437267a8b141393f18355fd401e67e062bf004f18f505d

  • SSDEEP

    98304:Ji0tTIMzKpXOMGQzIMzKpXOMGQkIMzKpXOMGQ:801I2lyzI2lykI2ly

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54e2398991a9cddc07f7f06a872f1d63_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\54e2398991a9cddc07f7f06a872f1d63_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4940
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:3580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.exe

    Filesize

    11.3MB

    MD5

    fdc20914c265f91987d68da32632104f

    SHA1

    7b12dad0d6bc34c188545fdcba9b4d6356ebf49d

    SHA256

    6fd1442382e3e91982ccb5bc0708b9b3b698e05bce9a5821dbb127be855791f3

    SHA512

    4506776f986f61340c2339e14ad99b92b1429c38fa872dc569ae362d3c67b7c6640ed0ca8b79cb1b5e38892b8281e4e312a774312816f05fc3cada856c754bdc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    49881b748eb233c3c474793261d4e608

    SHA1

    1c49604d129882b61d558d7f0d77d0227b123bdb

    SHA256

    723ad3435f0f92cee76b8d5918828eac2afaef1b40b7b90eb258db8c7b5b6ab0

    SHA512

    27c9d8d6e4e6b59fad9c5ee9a262be345cdda0a00e050c89f6662e0c0f4e8fbc922e9c50ad395ca0c1d71144706b1df00a7a9e1b1b0710a9e869e9c008cc2808

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2bc7110f81e4b11dfb95df204c6d8704

    SHA1

    fe927b1570aed0ef405ac46750b015d14b775fce

    SHA256

    720f8e0c8c5bb4a207ac76dfb0bc6525f639d647ec9c466ab9a6318e1da0e9ee

    SHA512

    d5ff949be58831978fb1d890d1254620b8f96c9523b32594c8967a91b17ae13852a8e625f9cb1c60271b5430b615616084f62c8337a6e23c06dbdfe78192bfe1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    261b4eaa0b6d7a66e020e603efa7edbc

    SHA1

    75f21f63eb5d3702478a4079469231fe6b365941

    SHA256

    e21b3cc28c238d18f4c9a0388a9f8739291e9d957a546f0448a15f3cbd7a88bb

    SHA512

    40944e96b9e34b50a60c718f2fe1e28beb33d00b3b4d08d09a4aefbe21dde1bd7d114dad2395117760791323c4b44a121cd75add98ec3f0476a12f056fabec1f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    6c8d61527f121ebf8c5a5bfb0d9f5373

    SHA1

    b808c38a6754ab6a15a0f41520658b799f95d028

    SHA256

    a3884e9f09d4621f14387ad1596fe52e03a8875e15ebe7fb4995bc025004b378

    SHA512

    b2811c40c3e1bc793be0fae3f7002c687c8ac79ced79c693cd70ce594fc45642785bf08f5e9084700fff0ed85a5cb75e0da16bf27f374781b30f45990452c6bd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    05a8be6ccc068e83b2f68d4872d70b43

    SHA1

    948a4ac26beb528b4bacf072ad47c10b81dcf05d

    SHA256

    6a05b27868689a8778564a48d9d95dea8d4029f10aebd466d8cd96db86ad16ea

    SHA512

    c2b0f1cdab3c055077df484b3f02aeeb14f143df48d815acc7e84b4c0b26217bc26332e65688b6e777007a67f79c29e4d0806da2f3b3979efc9ebea7ce305e2a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7b7243070594878ed8c2bb1ff25d0e9c

    SHA1

    c6a72d1b717b6bffd9715e89d070e1bd1b3c0fed

    SHA256

    4a7216da7809d505037933f117b4380cedf5f7e460788cc1843831ddc4c8e332

    SHA512

    4f6274ba300768fdb492632996cafac5942e33e68f7e6f7aed26b0c48e4f955e64ef2bfce2560616bf03dcbe6a3f79e4e5674b1a826698ce480670aba0f8c307

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    60e153c17c70dc827810d11410bf5e35

    SHA1

    e176ec2e2b670625019f7423a992a5e8b472dea4

    SHA256

    6941368197820b99e5fd3b99f0568df43c56625041234d34066bcc27a206e8eb

    SHA512

    2d1349e6d9c98d8b7e98145166fadd527418b9346365fda9ec1d8ab1f409e39bd95c87a0fdf421ff766d59de579fb64c164d03e8bc67925c93ef52a01005e98b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    acc2999807241f81351e6ba4c8db3134

    SHA1

    b2e098c05eca226326b0f53f5423e52c78e223e3

    SHA256

    ff7dc8ed09f4ec58edc22f374dfc72dbdf4c63d216bc4830e7c04122a62fe75f

    SHA512

    7d14d162b4698d090730a3136d0515fb948c51ca32af0ca9980b6a8d09a0e8b0dc7dfa8f9b49f40d31b76f3a560f5e84df03df3037b74fea4e27a3c2b45395ac

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    23a16f0dd43ecfcf36298e6d43e38d5b

    SHA1

    3225761a167aaf7912f1ce780842141a154eb218

    SHA256

    31f1a994a1c90e5c964cb57ff4bfd670641b38ca3ed336a16679b5cae9b17ced

    SHA512

    478ebb8dd248ef76dda47f0e8a4285826803407b170c879d7f84d5afedda8d1ca717109378fa2866776d327dc6de2b0d85a66fc861d791dc978c38f0645e3e11

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ce974b8d80598c57293074c47e13132b

    SHA1

    70d8daf8043c0b3ae99fa59419ff924cf5e27488

    SHA256

    2a94a5991baa48f6c4b236ee851945193dc04a56e17af8dc5efaa8d7ef4200e9

    SHA512

    b8bd305cf565f40a3d09385761b250b7ca0af40611894bea2e74f08039ee37572c15b12114fcf515fbafc5c13b6d718935fa8023d0a97be998cd7c664453cc30

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a415d5704113e50f9ce43997502c6b74

    SHA1

    260f4cb38fb1560330d67d5a24c75ee4660cad6f

    SHA256

    b15c81dfcfabf615aad3bcb4df32a2e333f38c90594365c8b21fa250935e0c85

    SHA512

    67c7c47544bc01b919c3263da54b4a275b31dede8f8cf6c0015bcd042ce2711ee6f1b733493b7435c2624d6a98d6c51673797d8b54fbd8aa5f1cd492905adcbc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ee3779269d8992ae5970b455db4c72b1

    SHA1

    40f0d48042affb47b48bc37579220474f06c951a

    SHA256

    450d4853e8f1479a57995a214ec0d2be0f2f5403d4904c5ed6908bd2b4778c1a

    SHA512

    9c0c5c063aae66190cb1b933c313eff423dd53a014233cc7489a07680ab8915c9d46c99e8376ba05555d2eaf5ace418477457198421ad69c26fb90dafb1d81a3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    70d3c21440a263814dbc4432737f58f0

    SHA1

    ce6a259d2af76c3dcda0e28ba56c80fcc74cee34

    SHA256

    2e510ce210ecc2b91d61ca0d421659140ad002ad106010aab7504f142ebe3db1

    SHA512

    3ee65064c53e97e078d22c7e60365262c4ef305acfce5d68154f787d661d16fda087b126229bdc4beb12f88dd6f5230da6ee73809b889e89e3931fb56ae46114

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f688ef4943a9d1348bbd942a14862ea8

    SHA1

    5ae8c2fc5881449d43edec3c9d2f35b86c42a07a

    SHA256

    2fa50d50719fc740a44dd7b75940e8e2539be6e8890cb2cd87244297b9dc56f4

    SHA512

    e7ff3889b2057b9b9e8b7b4ee2c57beeb77e76f7b18e95297045865837c122c1687004e52d8d303395d94c0be679226b0c4155795d35d577e554495e7d1c2f7b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    63e6cf2c267c76b8431332d673349499

    SHA1

    b89b214f81dccc7bcdfb032aeef31f55c7438c36

    SHA256

    edb36a5b277b38edfbf2de6741c815d6bb5b8ca56c27244e31602bb1a67768e3

    SHA512

    a4acecea24043b764c6e5fc21a78ee82659517cc022956526e9156a5a087a6a61007d00abd96f7c4cbc75435c194026bc3e99f2c7e5c50790a118b85d96ac227

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    887845b6d10ab0392a272a978108bc04

    SHA1

    d35fd18a8e2b9b4d7192cab322b7ae45cb8115dd

    SHA256

    148507d333cf2841036a8277422fcae388027ddbdbe5a12b98c1c52840e3bd1a

    SHA512

    f57a03c8a236cab4b86e2a754a2875e984409ebd9f2b5432597c60383ffa424e76889ecb1a18b7fa482ffcd14675ee82a34bf8f7f174a0bab0a638104f2ac464

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b00f8763bc2ceb02ef84a5e266f00695

    SHA1

    f6455680d49f46d48136ea87e7602cc431de3d17

    SHA256

    efbfbb8c2c499ff3cf98cb164c0ba64ab457cdf411b2571d08eac63d6f8b0d50

    SHA512

    0e496ef7590de349d9055f0a5fb3445448d8121cb9e4b2cea83d007e0208216d77a2e94028d97128949bff428cc59a523020e127dff4e840e1a2fcd67e021db5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d052e815d99c07c3e97cf8de24f9b8b1

    SHA1

    aa062cf0120651c19ba5f91f92110d0b4445eb48

    SHA256

    f6c2b64ad546d5bdad4b8a09058fa26783601c2d72532a5517aad6fd1d5c737f

    SHA512

    f6e3982fecca1a349df4e1dc2f88281180fb149f11d32a2d6d1e7f7c312c2db427cfae87cd4e2269bc665082b610d480430c729c6d8cf3b9f8ccd52d2e743f3a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4e1a2e114ada47addfa4c111a8b5ff03

    SHA1

    0354082aeb9d9cf9bcaf33e9dadb66ae45206645

    SHA256

    3fccc62a7f03c13d57e20aeab8d887bff9d56d7c0dd4c007d552452471022d3a

    SHA512

    bb427e6211fc9a2c3c016e9251324df9daec37dd40c6a79634e21fd308b1e90092b70051f12676b863d3f4d1f422f295acc4ff155a7b056273af965ea28754ed

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e447f02d7d1a3b75560c250051908f58

    SHA1

    6526129348aec919f5bc707c15946d47634e44c7

    SHA256

    e9dfd97cc15138a42e2721576e05c36da6d66478112c30b37cbd4a3953506327

    SHA512

    3e669f9a9ad6e287fc229766db6c3f97ae6cfcf13a74a78a0212b1a93bca7b6991b42941d4df1d1855fc74b5b1467f1e443370308b9e4c5806d8013736a9a2b2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    708179a7a32663f1f8420c6a0731e7e3

    SHA1

    ee4bbc5d719925ac7afa24b294679975e0ab87fa

    SHA256

    d707aa14abc276a997287b02ff3463dfec0f44cb762b0cb65736441cc0b78d33

    SHA512

    133e452821749419f3d4300848b13e6605c5f7f290f724321d20444cd2f33e6437e1329f3b46f13fdf420bd94273c5bcf628844d890f434dc34fe661f587fda5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    780adc391a889b25863a3bb2ff82ba36

    SHA1

    789c2c567cdd3fdfa75b1f635f83357e4f53f979

    SHA256

    272dd84a50bad0629eb59d20f6f5d09d57c800ba1684e22cc526b2af39dc9eb5

    SHA512

    d101109f4003f2b421d5b03cec7289f343a218d13fc4e94aef5b33e12ae604a6353f10462182e6fb95c994d9b53401f11f6ae162d63526228e26de23ee2d7ecf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0f795c21ca76a9aca2b4bd278db4c49a

    SHA1

    5415fd05a556c46879156a75cc0c69329a8aa1ff

    SHA256

    9d169768915b2f3628f904036ca3c87b85c4f817b2ad52074b8b2511de20d50c

    SHA512

    2b57e7888f88a058a84def21151d1fc4329f695d7f85bbcbb6342eb2e953853490eef277ceaf750061b89501618b613f3cd6e217decb3c02ce205fa203cc5788

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    78a1e437b9095c5d982216d22136e268

    SHA1

    22da3e971e998e22aa9d0ef492ca25c61d15c668

    SHA256

    c9975a933ee55bedbd1048883fb9948852c20148692a608c832d8b6ebcbe93d0

    SHA512

    bf8048e52d03a85fb95fada308d6af7612f075bab58a97db8fa775bac9e68a70656d0258fda39c8808716e261a4c49c7a278d0bda773e92dd3b387a6be91cebb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3efb7b7623d0e221d1f1596626addc78

    SHA1

    726bd5ce7bb245c2402873fa31e34c8fe6c247b0

    SHA256

    c0255151cb3f4f21bb8e4ba9fac7615c80a3227ac33b06195bf221151ac0cbe5

    SHA512

    e6b9e9ed1b9f3da5e79b5483dca1d2dd3b5cc802aa248e41a9f184c427fcf9b59f2341522c5688e7ef92878931ed2e026aa38c3ed4df1e7d75d4c299326ebb1b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    db2e1560ab9db4f170dc1aa8dade7a91

    SHA1

    72096624185664f0c22a31356e08d49b06850cff

    SHA256

    87b341f781721a2a7bfe0a04d2db7365331ac2905fb37b68bfbb34e9a6c1484d

    SHA512

    9ef87e6e0ec0c7c2a0b37ef61c3d07a14e16450c4d7399c3fda06fe61a05d21feae5643d014eeae9d18efbda88c76e7fdce09d752cee011e8db68c449a0f1186

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5f22039baff83cdfb9f85787e64e7532

    SHA1

    c445f8e483389534983eb03253b343ae54586965

    SHA256

    80e44c6112783d125bca0b16380f7d2c59fdfaca3602b4493b8da657a89bcf3e

    SHA512

    2efeb6c1c3535a6f7ea2fffa7023e5e5fb413b41f7b4e98fa92c7e1f44c86e68ae42b89ba494944ca41ca1f93fc38dbf9ed1c04785e12fb76b636655c2eab0bc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c129f53e01e6aa01ada2e199e47c0a69

    SHA1

    e91bcb2f25d168ac886da73bef7c76792ddde220

    SHA256

    0eb80ebd610640462b375e4bb6be5fc71d602842d1b1678ea275bbc80271310e

    SHA512

    b416b6c04da6b7276999f96bac55b6a471ed183e4ef2d455c3ec10acd540f1a873ce6672f4aff582a13bb92da1267f3e6836515dd472c12a281563f5e382f8a8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e0400cbc7147c4c708424baae169ecb6

    SHA1

    d42e2c62f079bc6d5597a8c52f99d1cdbb6041ac

    SHA256

    cd0818f19cc9b6a4a2e749423da66ae15d85405ec16d3ccb41746c8eb12e2146

    SHA512

    8ecb5e0a174ab17b3dd13f6a983ccee6252400fa6d12b49a1440f2c650dee11ceef50ef3cc4840b7b724b88554d41c42c33d3b4f5ff5a207964617a8b6f1a63c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ac8b0c2207dd23365c41ca0f12983bf9

    SHA1

    ff471bc1697f365d4a0572d03738a68394da06fc

    SHA256

    02ad8c7c889944e9af2d57bb20bceb54f82d1416ec0af45aa5fb2f3b317c6e5d

    SHA512

    f169e46ce32864ffa0df16651e0503a5e7f74b8496dcf44416223c119c8363ce5080657432ae27c220de13ae057e235a84b01665c6e1d4efc88c37710638a369

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    aca5d82904887d59cce7500d89b6d056

    SHA1

    6b843ccb63e41cd5676a1160980536164d011038

    SHA256

    fd6cad61342b3cb73abafe1e39d530b01e24af7394a44777a73e1f23021ba2d2

    SHA512

    445028d128fa53ee4a20c7970d7b97aaa9d935c3fa30a2847dca54b323cffb8e15c2509adabe1403469244b121a89115c01be9648797c581403794ad5214da97

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7f2e4846cc9793a6bdbaaa8ce6a7bdb7

    SHA1

    5a0e52fdab5b1a183741001c5aa7ade09cd81a85

    SHA256

    ee18a81864d7d425e31a4e448964dcba8f29c1d1e4c5974f1b8f879f589bda49

    SHA512

    53b4e42343283faad0fceb1750bdcc6a013864b2e6d2aabfe316ce5632f3a7e8a5be69856605cda6005ef8332bfff47173d8e188cfea7fa2919fc9338a27239e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    684911411d14c3d07853b4c6ea6b0a34

    SHA1

    0b3304f8727ebec0fae05d1572e91db34d8fa8d4

    SHA256

    c70f958d4b27599f38cb5c28c56add4e4639fcb69dd1392b55932278dfc4a412

    SHA512

    0924eb13a1e9f43926940fb7e6ee15d220f1f65e5b0dc5eb193b57f7de3a5f998da14deeed3f5689e516a32dc9a9c41a1a295b6b77222a041d7d0ab01479293c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0a9724480926afc99598720e6ab31b55

    SHA1

    4c9baa872b3e7bbecaa23b7224b54339d6daeedf

    SHA256

    2cbbb4cd55f0cc5a34e44288d2633201ef50ce1b8846746cfdbb4aa351dc5edd

    SHA512

    7b3b937cfaa6197a43ce70c8aeacb24d393088a8450a10d9a2cecacc7c467f5036f6f6ed0c5c8423897d1d006fa135bed61d35ac60ec4ba74f17cbad346a6181

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5fa44c40b3cb8169c56d0a42de1e15b5

    SHA1

    d5524e6095ab9cbe6ba494c29a29a2a9fc10fef1

    SHA256

    4d108e85879c138cbe813ee236a2e4add9c40cd02340ce81016b1e8d007546ce

    SHA512

    f687729ba202fdbc01855750b246363e7f49e527d4b33da9c4bcc7f86f09bc7b908aec842107d3a53d995a4a482777c0811f766a097be25f2fef10906e14d94c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    004fc26bc17a4ee7f7ace789cf0eaabb

    SHA1

    1979e493a3bd3b839c7caf2700fa128fdad92f02

    SHA256

    40f741000a7bfbe9b2d5878e683dbb5df049269e3c167beaa07fd115f15cefb0

    SHA512

    a8a6a316c4722159f3c1a2d7af70f61b725e1706c8455a537c78d47e953ca9cc75111b65a6e5df5211a1854739350c09c55ab84fc3010acd5f806b38ba8c0545

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9bd68132e788a9c8055957e27ea59b21

    SHA1

    c4399f2e9f0f522a6c381679bf8b35cab10accaf

    SHA256

    5596b3cee7f15786d958212b4fc1243af4b1914a11815b741d91cd7874599df7

    SHA512

    bfc47c4c2841638e6e4c8530c00d2885e2e2c14702ddd12eb59d24a76ce30471a1ec818b529b83cdc4e7c8f36888eb30f60bee69145390286e64694fe60e6ad9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    25c0016e43753c8a4851be7e4ba121db

    SHA1

    52b2683780b3b643ce9bae04b365cae486ff1259

    SHA256

    a8a46dd56e8652881dc2b34a3c3ca82c42793d0c345bc86733ea4b736d57f3b3

    SHA512

    8a7f990003ae92bcec0948d14ac0a028eea842387b4f04ad0772557388a370e29309ac9cf8bfaf02684cdb10650f36536d77ef0399536376a9270bc831a8b039

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    fb0a638ee72dd439739ef4ec1d20e057

    SHA1

    630fb3a93dfa80457b2280da689924ccf4445cba

    SHA256

    dfcdd826d980b8b4be0c96c0399a29b3d2178c7b2b4e141ec8acd17af802a65c

    SHA512

    4c9df1847728210df589eb9c3655742113ad5c7e00f8234a5772b6f221c6d990ee3bddbc55e63347cebb4dfc44fb724b34f4ef01ff1d393968aa0b6fbc6ef14a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7723829188b15ed0f6e77407d698d520

    SHA1

    fbcb164b5e64fbc047b75ea5eeee46d4ba32c002

    SHA256

    d90bbfc8f87df3094a99a18e00630eeddd71ddebc717533c8c308164749896c8

    SHA512

    3829f4f2cac3e4d05cb0eafe02705d36db512490056281c7931fe66615192bb2897bf2c7b1d3c462b794c800a13d5e81360bfbc968071a2e0a851eeba280b925

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3db060821aaf9b82582fea45869eb003

    SHA1

    df64782f1e555eed2b8c80f75b5b5619a2321556

    SHA256

    fb4ab1027f321db052a976904de528c30192e47cc8106475c3a371eafa091298

    SHA512

    82a0657bd7177c74e0352d9ed2e8fd2744cdd9e58e3a071a98e10281d9dea6e0f287118537bfe5b78a5b3aee9eb267c87e38fb3da53865996168416a6b66a4a0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    cbb5bc7da49b3d4e59ace7ae0ed06cc7

    SHA1

    2cf099fcfd90270a7acc18f5fc3c5cd3335d4511

    SHA256

    cd91dcfcc409cb264fcefd806e43297dd31d89a0045f8eda3f934c1012fe8ec5

    SHA512

    9c358d9a314a974c8d155d82ba20c0c9e65b7e0e30d1b91b975e1c13b59a4248772f093badee62d69a5623e64578b59c82d3c2ce989f450cd99323e2c4ecf6d4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    604854e276fa41da8bac3b183937c6e8

    SHA1

    abf4ba0be5e1d040027ed3ef7e7214472690dc71

    SHA256

    9b9a4918663609e5809145566eff16c7e9f6190c84c00cd63f0c2743c75c8b6d

    SHA512

    7304ddbb7c729802d193ad8ec351faad2291d2858c41539477d8a42e60e8e8d34a374a5bd0df96d010ca5e44c45fd83a29044d0f61785ca378342e028c969d8a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f171b8d2f01f20a35c67a7127aa49a21

    SHA1

    8701b66c56ba7b84e59f864ad99b0877b12ce6ed

    SHA256

    4b21ce68da09e8fff5ec8876be2e5143bd9bf659a53c6238ee070b0be837dbc2

    SHA512

    83acbbc3a93831247380700abdfa128707e442b660304b428cf80f7d06c5a921aa591f056cd05a48e15849fcfbe4242017184d3c8656cc59aa708ac309f8e783

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    43e0d59e2a78106390f0d189e2ffd523

    SHA1

    4b4c1e4e418abb8527fdedc24131a795bfd7ba2d

    SHA256

    9a83902a0eb8ff32abe6efef9971e6a26346ad995d335b845ce629f7add8db4f

    SHA512

    bcdba5fdb1075a9f6623644dbee764e4760c55396662d93fa85d33ece6db2aeb6aabaf1029922d364cadec7d2c127d13bc0efa2c4777e25bc9d5c675e92838a5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2966d808a30fc759588b3ca1014c032e

    SHA1

    36d422e5aa16f5fedce308c502119afd4ea9ecdb

    SHA256

    749ad96b1f31936acc8a7f16a8ac60b9a60748d53c08485abd31b5ec14bc057a

    SHA512

    2ebca99f713b18901945d03c30704bd48ddc87dce93805aa15a192dae98bb405e3c5888463fa4cb6b5ee1bdaf5dfd37637fb9e40918f398779895d3ff9de6392

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4bf7cdf4b857ddcb2931ee9bee856474

    SHA1

    567ffb1cb0dadce28f4f4a36f7f3ebf7726f29e6

    SHA256

    f3d42ee098a42a6ccc49f89d572a6286f315f5f7a539bd1ef89de9834754f112

    SHA512

    d3bea2a7b42970b63bdbba17ac1d2dca7c10299224f099315da64f5ebc0a474514c2b9e5a72b359c41cc371ecd81933e0984be8412beef599ad8df526ea0217c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d7bc3264576b3e916b95989c1226ba07

    SHA1

    b38d7034355e00da5579be54bcae076a8c9623cd

    SHA256

    28430e3c489cc70bf65df3ef0cbc1d109b829c8ae3dc985c4f24f8d058697e7c

    SHA512

    4921555b0ec75424d2b6af6a81e78ff71fc40d8eafa5293e0e7e13b18cf0a4567c698a7ad0c62f3047afec683fcc8d1551aaa72abbb12d5c91487f5875d7aa0d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    edd99ab0fa12dd4b53b592cc120569df

    SHA1

    045b0bf7de24a1af43e7ae7cba276e3ab6aa7c41

    SHA256

    2fbfa06e0dc059508a96c89f9f89c10ced1b206808eff8096082144f2e0b94c1

    SHA512

    302c36d4f4ea7e84399b8403a0d3bd2cfa4b16fd9bef732710afefa7b1e3bf782a89b721b1b08b64e35ebab90996dc39705499ce213702f740bed10cff600e89

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    2a40971b96965b631521d1393a90eacb

    SHA1

    92e2f2c86d6fd3db88db37ab34212a25b3bf23ad

    SHA256

    d6c2e5ef9e32340102acbd4b204061f43e22b32f64e1718f925b23a563b655f4

    SHA512

    8c9552b9165ba79d9a2b72605ffe443e28752be8470a2971380332b9190fab474404d66c1639a0718b294c968b903a709b1229f24e9b8f2661942144f32077a9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5fa6cd66eb1965a4fe01897305c4dced

    SHA1

    d2e4aff60b1fdf2c8795d2399d7851d4f58a7397

    SHA256

    0fbaacbfe108a68082e093941952ad04843ab6199f6a8fbacaafa6b5d8c62c6d

    SHA512

    5abd810f474728194514411ef6334fd874a88181d49ed4c536e4dcdb6ad30ac2673bd769c0d0fed48e4cea18590b2ad85b55564e4c3c352fcc178077d7e1c962

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    af82d416a5211779e8cf7759b7a296e5

    SHA1

    621d2ef83ad717f9fe6c79760335593a77dca18c

    SHA256

    39bd71d4e78c7097446122bf2fc6b9846e37db0bf944fd279b5378b00d4d98ac

    SHA512

    90ba4144394972fb8c683a9461747a0e8120c3b855592088402e84f0f66963e7cd92fecbab929bc38c67747a5d7b0c53029d4935ec69c92958ee760995d31a8c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    33d6215bdc7b259d152b44e54d46e614

    SHA1

    2bfeb05009ad2b9ebe1a35fc8e363cffa5e1ad4e

    SHA256

    2ea803b0cf379e3bf2f95e55b6f07b668c7f2c8d5452652c84b4670917154691

    SHA512

    fdb962f96a10b0013edbcc9cab70c39a8101efb2e7d3e7f87c7255056cf4a371cc102638d31620b805f516b734d0b6c2fe1b1339155b9263e35a5b0d6635e2c3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    ccfc98a97ff8ef564a5b2169bfb062b6

    SHA1

    b47b55aebd193b056aac22e18624f93fad302828

    SHA256

    38f5d1d62d9827214ba931d3313813fc66314d447197f6dc654b3c516474d1fa

    SHA512

    1ffe558ae8c8f7c4ca0dbd60c99875595fff3bd9c4a7c887851b8202c23243cdd2c7b84093ee98e11a43e1b6d9d7bf24c5397deb03818ab019feae5065c888b7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    86d59cd30d6025314ce90b77cb672ada

    SHA1

    bb610584a131fde9a423c235b6965c03d83b25a1

    SHA256

    f4bbc9be21dd905b5b813ce33c0f4761c69d178f3f6742b785cd2ed14f5cc0d3

    SHA512

    f22026918b034f67e220d332d8b0e9b80b5e95773afcd33bc3897b3415ce353be39919aad20f686747674d5d739c690ca0956484021abdf7e721b053d9911fca

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    fbf92d2ae86f8ede898f8dc5edbcfb66

    SHA1

    fcddbfa64f6507d74a3e1af519b3adcd5d7f05ae

    SHA256

    c8b850d7f7e6512b29be8049bf5c30c4584636434c9ab7c14a4fb93b8d750aee

    SHA512

    591762e78e92a9df0c5b9cd08153f1f28be821366d6209458fc39dbffc79b5f263f0e5e00927f169d588bc57ac9b9b9a385d61a2c4ce1e48fa9fe9ac331db924

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    11.3MB

    MD5

    9bfcd5028a56d25466b9e4afe728f817

    SHA1

    a0c9cbc15ec132f85dc7a8eec9315392ed8f5ab5

    SHA256

    0bda3d8488c209fc0b2dc88fb462017e19d553ccf11d6af9919b90f205d63104

    SHA512

    a092ab85fb38b8930f37ad15192fa1c7887935df60e9865432f867c3f0ba0cfefc04fd9cca5a8d01c4c57c877566e28dbdf2f4e54e31917a378ac2a7a722bec5

  • F:\$RECYCLE.BIN\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.exe

    Filesize

    11.3MB

    MD5

    5e3295fc863723f28bdf695baf1b2179

    SHA1

    b0cb3330004775ad98efb417b3f4333117bb462f

    SHA256

    6d29ff3c3be680e13fc487f9eb991aa74350f52efd0883db0d5e1f5ba59dfbcb

    SHA512

    9db51ac7585f65788e11bb46dd1f48ed533cdad49f0c727ad5588b69b9cdc84720d0efaf7b51936d855d4a759e339e9d0d9c133692818987a962c429b80df919

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    11.3MB

    MD5

    54e2398991a9cddc07f7f06a872f1d63

    SHA1

    9986f150239e30469866d4509a6dcae397371e18

    SHA256

    f7abf97c66dde0d10eb7d8a90c2286ca4e03f78204fba4a3d7fa405ad21e434d

    SHA512

    e6dc4190747a0686a43113caa83ade2c6e651fc97981eabba961a0ec189b5daa22827bafb7dcf8ee11437267a8b141393f18355fd401e67e062bf004f18f505d

  • memory/3580-5-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

  • memory/3580-52-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

  • memory/4940-0-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB

  • memory/4940-45-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB