Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2024, 22:43

General

  • Target

    64713b6d231e03e1321e8afd9ef7cddc_JaffaCakes118.exe

  • Size

    6.2MB

  • MD5

    64713b6d231e03e1321e8afd9ef7cddc

  • SHA1

    80999778729814821415559fa3bf4a0b06211750

  • SHA256

    3a838d77489e2e60c77d1bf82a0d7a82a02ed1ba9c1bf1441cbe8c64eb348de5

  • SHA512

    c0f4cc345744b4031e154cc739cbf007cab4f5648b199d0bbc1bc39a8ecd6a0126ab795ce14cbcb950ca6dafc68ab11559e10fe194b29375c5b4a13e100bb2c1

  • SSDEEP

    24576:TEtl9mRda1XySGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJs:oEs1Xne

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64713b6d231e03e1321e8afd9ef7cddc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\64713b6d231e03e1321e8afd9ef7cddc_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.exe

    Filesize

    6.2MB

    MD5

    4adaf60a91e3147e2f5e4c151532c723

    SHA1

    60fd706c041e6a21ab9dee1638c738a13b474300

    SHA256

    d3ddd09360e6040bd55ab98b099b5ead7babf94f6ec3b704b842bd90b7099e7e

    SHA512

    e98e01451eeef8c62d8cce69aa802dfe344675d975138a1339e696df1dd03c392fb900f426424f2ad5dccbe5a071797ced482fb9bbc3dc6f3b4dcfd65bb77c3d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7e51adb8f7c72a5adfae3e339c0e7083

    SHA1

    fd64cfce70c15f7929bfeccb36a6b5d707e1adfb

    SHA256

    ba2febd562063ed2fd3a744982de433d850ccd91ae39d9ec8431de036acde910

    SHA512

    15b7d75ce6d0b23985f5ddfcaeb4770aa8b8eb919d479b55e37fcad66cbd34b24d71fed89260475a1be3b290d05f658208e702a10debf5a3f60dc4bfcf389d95

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    346ca55740f39e6369fa7e5a3097a962

    SHA1

    62bc199e04d41ab73a93d7667e3a8669ff5c238d

    SHA256

    d63f78e2ec7701b69041619f3615b2e79d771940e395b8ba08cadac106daec55

    SHA512

    3b75acfbe9191a224cdfd7df595eade6a5937db82b2f951b52ec7bd4ca1a7ef16cb91b05d8ffc16694b555e2ff64466fe3ac973491af0f79f6962afe2eb1e56a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    cd1fe97dc43255379579cc4462b09000

    SHA1

    81f0809e90c8572ee37d603e96b76fb5e241d54f

    SHA256

    32f00cd41ebdf27047ca75a6a56da752cb57b5dfabdeb6f1d6fbe8fd19e0ec1b

    SHA512

    ab6359313f81dc8e094ef6478e4626235fa66e1afdaf7dd632a7faf264142e9f3cc85432b122b266286dad8461a45dd8c7085e8cfa029bad321deefe4ba63f44

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    1207158143df6ea1063a20bfd69e5ad1

    SHA1

    91a8b605aacd9d6c05aae9fed99ee75e938b25e9

    SHA256

    8e6d54148e547cb5566bb199f4b6849ffa997c7b079fce88aebb9ae1d13c0d5f

    SHA512

    52a1bbafd5d4d2ca1681c11b93cc78ac0bf27ee0f90af0eaee7ef5c9a32a748e49c201915ef91b3ca3b5ba26714acd2e2b0e754ceb5b33d820aaac75201b04a8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    875b4ec115be492da620d34d6a364900

    SHA1

    c7f87f75f98d04cc61a2975d176183318b4732de

    SHA256

    f3ba9e0706361ada542e0d388beee6ea1d89d2565bdf0c75dad8a6ec2e91a6dc

    SHA512

    0e5131fef6fbebd0152c91d8edfd238da13a3e3ba7e8fadd3668bbaee31306f6d9e6bf88aa3094077e4ecf7470c8a5804e9bf8ae5408bd40a0d53d761a544b45

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    4833d1f79e671ad99c6046ed3dfca9f1

    SHA1

    5428f21b940105e9636a5f1fbe828ebba2355146

    SHA256

    9981e1ce427e40c1b79dc9c3fbeea94d64a780b86fc34a2bbbf495ad6b51cadf

    SHA512

    12f4a38bc8beb88f8dea225a842c62a48b2d7b910c604bd9270da99570ef9589d4f854fad2c11c696b8df3a4a43efdd7e2d01dbee6b62bd0c0df12fb4e6a768e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3599e4f5932904d4e515bb991e38461c

    SHA1

    b20aee8c4dcf703d9b6d7c1d6b3c612cd5d320fd

    SHA256

    b8bc44d766ca5aee15f563f63e524c780ba0d7d2249d96bae8b1b66060619b03

    SHA512

    c46fa1c932c0c90deef0010c9e98f83b9458356bc0d4d08ff8db10a3bfbbdd18a089dd29d05a8798e5f1e82dbe2a6bb9eb903e8f4590a5a695dd4c2f4db12f84

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    63d88570b78ae661eadb73586e25a225

    SHA1

    cd41be26c930473e9abda92f0ce689e7db6e4917

    SHA256

    74156d2d19c1043ee4a8fed9a48891e995179f8e3a1c5195f12606724a0e1650

    SHA512

    de5625cd92680e18b0bedbe183b5eed71a849e2d491fe4e5e1caf5984853ed3f5974f3773faf14a0aa4df4c588112056969f8ba0b44f7ed4579066e59f1a5aa0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ddb80a288bd6dafa60ae936af7460ddb

    SHA1

    d87f817258f273f8b830e82725f1feef54211f89

    SHA256

    9b3e72ad73ac0bf5470fd00726d8ef7d14cf82a3e3cd461ad7c24fb7f416dd2d

    SHA512

    ef63c1fe37c43bf271ded89ffa2f607115f3a495e2d5aff7acdf3608fba539317b0938689ae22064749cee51388b45804b6823d03c190657f647ac1e96d39b7d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    2a03af24140c76e2646888c142d2b8c5

    SHA1

    5813f64e79cecb95403290e4ed40464851680f16

    SHA256

    012966f0f5b218907872cacf335b0404dfe240555aa65ba59cc9a6ffd29fc1b4

    SHA512

    7e937324c827fd13d1a23c83178fd9718f91bac9aa2d8d6ecb5a76c20af748e5201e925573734915f58c0ca1432a800f3bb6e5209f0474cd90922e0b5b89c130

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    528c1aad8857fda9896596de156df7e9

    SHA1

    e29faadc5c051b31b1b6fe59a4ca0359592520d6

    SHA256

    1abab871090686438e0d4e241369bfd7e065d27ed54c610fe60c412655a69c3e

    SHA512

    62ce22145ac4eacb32c1cb092102041fea46844e21bd04c44360133efa4338d42543b889ceba1604b062bcf88a1ffe50c650f219613d8bc07b6cdb5b487a5779

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d6bb300f737b617a79337f999164fb8f

    SHA1

    8b3064671efacc7d1be614fec1bd6644a5a72516

    SHA256

    22409c89f909a7a9494e7affe1aaf0e2e6c9d73adb5bc56a5296ab7cc731e390

    SHA512

    bc1a5a1e0e720275909215c82c4770e50f3f6ddb6280287683f688e4a5eedfb0da9ffdad338f7f346a9a1c59dc8dc4c106323d1536331ddffa8cb4d785aa111c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    f95d116fc3b47f5a37e226d0365b7dde

    SHA1

    111800a20badc31950eab77388b7991b06269196

    SHA256

    97b824db475dbbe67eef968d4e7db94d456f96690fcc9bd047e4664f8dd2a702

    SHA512

    27354e9cfcfe4c4e69eda02031a748fb75bd3e4ac298a41a1250d6e3a8fdd54185edeaeb985c80dd3b4300c87bda9675e51e57eb708417e9bcfce50b914f8bcf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7421953d599137100edb3bbb0041979b

    SHA1

    6c4394b17f179a7b1763565832d8b3d05247df00

    SHA256

    16e4d0345adbf37d41e3d6c379aa8d49695bb73e0d0f29a5f4df316ea367a519

    SHA512

    4383f79f85f2746599499bb5014930df6403adf22b120fd5e962242c244d528fecf1e0a406ef003676e9bcc9afe7df0254624d99ceeca8c16e12e73f57fd18c0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    1cc66d9a36e1b28902e94201b9d84423

    SHA1

    8c0e081619533b4b420574ac8f9328567071cfd9

    SHA256

    dc886326ae277704beda76436ac86c2aba6bd1b2631919203297266825f1ccc0

    SHA512

    7f37ecddf143cbb22e515b41f423fd054d06686144589d77e859a6d997804fd160b9b8a1e96ff2c70eb254325d81a7c0de8e8eda2e0cc9e18acb541a3cbebb67

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    fd01764c1d5abe2ea7a097b34e45c74c

    SHA1

    c729c3fe7c0ec496207f043d08ac4728e3ebf876

    SHA256

    703cd2c7630bdc5df3d37e06880122bdba48323aca3e91af2d1cabd417ce65c9

    SHA512

    0f29c72f76b532eedcc72b47ffdb2c3c3dfad7e768a7ed5e4a2068600d1927a556e40d960af4912de31e3528526be183697c7a342136cca6cc389e8522a56a99

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    2e6a424727828a3364ffff33de17427e

    SHA1

    fafb555c81b37b606fe954478872a1fcc32f923b

    SHA256

    42b261880b052c230a54b626e3a6856249a16fe6aafba41f3afb5c626453e344

    SHA512

    c6a969ffa4c24043ea47e71d11ed3c72fd41169a5361521af723ccf80c3865501bb792e184c53f5e0a41eca6a827bb811b6fee7eb8113c6c40f76deba4e7cc92

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    cf07d816db09533e1d37021856cc8b93

    SHA1

    8c5b3132736cfb6360f5b1a540585fd91880816e

    SHA256

    e3347c6f7171a7481b2c369545741bdb1206720d2c7c3d37d82ccb4ee4619dd4

    SHA512

    ab6bc076d68b21a98751d8b92bee3c2995d1152d053e914ec3b26f71be635318a3dd52f482e6e96d376ce47cb4333b542f9fa26f309fd5a2e9e050b7910a80e2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8564bd882ce0aa4d131f1dd1ebf8401b

    SHA1

    26b5aa56d0e291226c321940956189887fe53960

    SHA256

    06f99d3d57fa0874e263b0964813365f50a406be7730b763c18faaf6da864934

    SHA512

    7380ee6ff3a2b8dc9eb1344453d1e4c277051f9e40a122950446954c2f7083f076b660d75ca6a1cdea0bd29e8ddcd29c7833f2673076b07650b3b039fbe85b86

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c4da073ce88b1d3403c0f88e6d15557f

    SHA1

    9255c2d8a14f14d8af13defa3c6bf49d7a8d2639

    SHA256

    fa5fb973c72642661ad3165bbe1bbc01c5ade0ef7b8b4ed659424cd2595c27fc

    SHA512

    91f82681a08a4ad67f1227c1f54958e5edca1e1b0d98da0e86eccd4a8105d8d78b9708e49bef6894b03f8eefe586e1bb8a42816161abafdc75a4129ad8e646fd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3a46b08ccac4441445c9b761dc24af3f

    SHA1

    9feb74316321ce3e25963324134474ba739b1520

    SHA256

    1abfb6cac10f70e25cf2efe6152b2e25ca40c5293d9b6f9ea7551f5baaac993f

    SHA512

    157cd3f037a33aec9bd310b8284e476f64ddf36eb7a47f0b2276eba8c4ace3dbcca495b78334fb50d96ae0110ca73dc68b0385985f773f04544e0d1541c5c507

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a0db81ffd7bacb1eacbec065e1925c83

    SHA1

    d0d283d47a2fb55a0db522e87293d04257025ab6

    SHA256

    6ea3c0228610a9a1ad061b5308a2fcc517a45615c55e6c0d86dbb2ed492d579d

    SHA512

    9b7b6a688b77b74c12e583ab59af028b0ce9501befacc244aa84067f67a1a98958c46ee4222e86f1780d632dc012c4a5811513df43d3f956e3f232f7cbf726dd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0e9a5d48e4c44c0456ed378258e9e4c5

    SHA1

    3c64d07fcc91ea9e9631a3034ccd7f20859684e0

    SHA256

    a615cdd19591f6d5df8a0e40a0a1a31aeb9f39c1cb52bd146b9ad6a56d90acc5

    SHA512

    c7ee97d681089cfdd8eff61fc39744d31b8daa66ec24743516d2f37da537f66e608bb992074617fafea94e602c1c4c5dfe1a8e85e64d1561441a7a431c2570af

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    072247dcd350af490a240e3d940dddf9

    SHA1

    46695560db054c382c87b5ed5d43e66d744bb529

    SHA256

    3a4cc0e23c2ca905cd511e57e59fd1404de049d8c8280acb134102d540ec6d11

    SHA512

    13a0de3da382f0ba18273922aa197534e36e1348ae987cef6a94509bb247d9f1477f64d7c0d35cda3ec514ff2e6e7b2461ad4eeabfd41fd6b663b302024af3b6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    3777f353de66b1be0fe6e24bcb1b594a

    SHA1

    8569d2c6ef76026797040c917f7a93f06313e6c8

    SHA256

    8fbb858e2c3cceff57ce7452578f56c5ae7f856e16047cda11070b28f664624e

    SHA512

    6f040b45c98f4750a7dea2351beca04b43b3b6d0cf68821a95b10a2ea40a0f98273dd3ba1ac8f2990f4fa2e71f3d7c37bfc3c715fad689a45ea72a1c703df236

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    c8f39b4415355e202bf7834254bbcd2d

    SHA1

    1aa4ea4300af0c709ad265dba1f3cfca6140a4e6

    SHA256

    0aaf734191c1ad000fb72b598223bc01cc9278609eeaf486aea075d733484341

    SHA512

    979c4d8c8863e576f3c6e1a62fba360842452b4ac18f6073e1356c2589aa494595d9efa7137899f199ca4a08c8b273361215bfdac450ee96c8e9416797938df4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b02f2148b95e65f63ee1633d15d187d4

    SHA1

    bd55938e58c599a6c09041e31aaadb398e2e97ff

    SHA256

    d0a4ec748f08632bc8e99b82e6382f877ce14f80f9e81a93a13e2cdd560604af

    SHA512

    c3889f6bb7d7c4fa349715a4acf7cec244eb158c4868a42c8fd10756087ab5e5ffa57d5280b3ead88de060aac8e79f8cb938dd038ae4361333696190a22ee401

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b10d3bbd94e1a734e1abeaf0650e56e6

    SHA1

    4096b82acb66326ee62704f08ab7d56e34373aaf

    SHA256

    f6c2d64e2c4d2faa524f64f7ade0db66374b87bbab6eae5ef83ea9c012bd1865

    SHA512

    e816056b9894d024a2af042011798d99a0db28925b52a62508c3e6cfe5ceb0b83f329908e7c5ffb9209be3c543ca9947f31f1d405ed43dfe48237c4e39d59bc0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7c9e6b04bc98d12baef0f217ee3cb17b

    SHA1

    78590ee4624753723ac4f52b870e63c2c82459ef

    SHA256

    7809d41c645ff322876df3d9ef8779288f3112419f4f572fa0101fb57d3a02f7

    SHA512

    8d7306a9fc4593b4e87bdf5eb71814be0c2dafbc2e3cd933482975c23825d8796e017f38448f8eaf09289a87744fe967e109fb49c781fe67d5dca43672abba7e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ed7b69ce5b8f6fd4344fcc4dda610af7

    SHA1

    71b46510b2cd578ccfd39e5b5bf5415ec07b2570

    SHA256

    504036f5ba868cb9d6bd0a2b007ea43c139a25e13765418e08cbe20a75380fda

    SHA512

    1316c74d3ca135272439d0d9e4f26ba18a456ac1d21385dd869634677937147e84be9b279f6f3fb11b5ac80dff3b99574b22b566d0e3a80b2afe855f320713b2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    55fdb49e71ddde2d57131c0b7836e355

    SHA1

    b2a5b2faaff6950bfcf3a3dd4aef5b479a73e6ec

    SHA256

    42a1a832d645cf207551b3c1dc2571b377b7975188a5e31af6d8b6eee5b38734

    SHA512

    54507b64932fca4dc2c33e375cf053114527b08f48d758bc515128961b028ea61f8671f0e76457df39cdf707c3a17a9211723276d2900df7141020b51d728584

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ca093565c1c855b282b2b515fca33f99

    SHA1

    6b1039321559a6f57cb2f6fa85f5ac5d5d062137

    SHA256

    f1c6b80cb74c2379a8b76ff5f5103cabc5ebdb91514abe5e795e228bb0c95af6

    SHA512

    6d3ca040eaa6cb80e6d4cf3e96ef7d9830dfed9a0bcd18526652f932d0d786b268dad8feaf8680c0325e9402d38c7cc9087d88ff843136d27d0daa77a79384fb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    fa117a4ce088810e3b7fa2f306cdf35d

    SHA1

    24b56029935e46a3d8b4690481f79790ac130947

    SHA256

    75fd758b4ad7805224505f5ad33ac037916f1b607123e7104c926136424e77c6

    SHA512

    89a6cccd9074f39b32b18646d4234bf5761b1b7d0c60c61a95008fa383aa747cb8d203872afbb03f5748ed0dd3acc5f3784c412a8071d680cc9b8dad3b0f251f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    69c52aa952db586c65fcb3b742b1dace

    SHA1

    2c980ba41dd103e5959173b6d7b650a781447399

    SHA256

    886ef3b1988ad917a689a83095c3e8d0c112232a01e30f91016c50effb523327

    SHA512

    571f046497e9133c8c39e5f3eccc5f0cbe86bf2c5d28112ba98fc18619eec9e0d574a5cab6201ad537cb73582f7df87c1f9450ab49ea3e212831d8f91762a868

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ceba25c46c1ec3526004acc4cdc01d59

    SHA1

    5ad703b0d27043d7e3379f6075339127bc8ccb5f

    SHA256

    1fe6ef9fe632c4df45bbc52a2d6e5d3542efb62fd46cc5facaecb264ba10aab7

    SHA512

    38fbdb107067a9eff843264d77f19a0a1b413af8edf54809f097ab15957f3db3590ac57e5b531138cfd3cc09241af728d43ee628eb94af1ed216ed3f582c1a65

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    c9c9aee795736f49ef5af6cd285e7e78

    SHA1

    f8e1bd78b1afbcb3b2c0cd31654e44972fccde09

    SHA256

    79dfff15a5ebec5ee7b3e5599e84b0a53ddf72dfe1af89ecf556d92c28b4d09a

    SHA512

    42076bcb245196fcb4bde89e4dd02b286ee80db1dd0aec35bb31b20e9a202d523f9b187111a2fa4b990d68611275fd647bff90df0afcc207255b84898f8e4a1b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    187e0b0260c8ecd8cd1a91d5b5bcb559

    SHA1

    213f855da2c6ea0a41280d37b25eba13adcdc8d4

    SHA256

    cb4341e8a9a2bdac17e1e766d3fd16ec7bcfabe19c9c7726e310049fad0f2da5

    SHA512

    881581ab067328ee42c7e80b6c52a0451607ef10f2a99ebaad5aa9582ab5005e4868536f33e211691d1e3498eb9c97d84d357392537c830258a84665c60841db

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    29950bb1791757fe58bc82c82dd24be2

    SHA1

    41394227effe10df1859425e4ba3643e1941e1e1

    SHA256

    1ecfc825e92d5add1d66a5e0f5569175a32e242eabfc8601abff01137252d68b

    SHA512

    32fcdeb8156eebac0680a270de8f0a17cedd33e9a9e2d88379f01adfa69195522a489bf8fb0138c1509fd1337df311e277f25e5bd55c19107bd15bdea16348a2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    8a8e35ac2b217289e1ab1af15d7d9634

    SHA1

    6cbdf78bf2201445cbd57cc14ed151caae8ec5f2

    SHA256

    587063d43ce3642bb11e6038751e1aba1a0f882e2209da251bdb3ec0b3c87f6b

    SHA512

    0fe98fe958dbbe166ac28ce4ce6b68ccfe3c8bef544f5ebe59272dbe80b991608399fc2bbb3d4a7b9e415ec9a0992a408feb7a12ef1d01571d4e064e1f37368f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    1292de7c2ae7bca1edb075f4f25f70eb

    SHA1

    375058835523b12e4e40b57673cd1471c4e367e4

    SHA256

    86cffe2f542942b5f4bb7b0913911e529f3ad475a2ebb8228b63b8bf1797422d

    SHA512

    d6e37754dfce282f70584e821e44900481329fccc53e024bc0b0423ee13b3491eec6d2d8e743d78ae3e4eacb9ed8f8921608b7ed79eb2cd0f15102cc57cdfe1b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    bc976a76739e2cf281c642c86fbaf760

    SHA1

    7a7fe91cee1989ece87271cd4bc03cccce08484b

    SHA256

    d4744fd27942c62857aeb4e15176a7cf4413009c4f8b0219deb1c95638e461e6

    SHA512

    2a5528ea11cbf5d09404b28655a0ce0b67bb9d8bda4258d1009719ccd40fa26b9c4f248ec8d8c5e976f3f757733872baf9c06e2ec0035ba3d1e36fc51711f848

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    fbcebbe4ac2b3597a28ba3fec909ecba

    SHA1

    16b3f2a6a0cd7d75fc2d8e729085f13988f4d18d

    SHA256

    dc29f57e3f1ffa0d54ab2ae952ae21588e2b7128f1ab6b27a4450291841c84bb

    SHA512

    9cc80b05c319ed9bc08d22df07e35ac870ef1516b7778fc9b982c23a71037756b41fb61187c90e0a55a9f6c47903b233ee5fc54e5c2b3f806d9bd53298365c13

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e9771511a54fd2f7222368cc65cf0c14

    SHA1

    d0db2a327f4c387daef9158f894003ed191c94f0

    SHA256

    5c1213814ae36b251ef6160c890976db8b9ab6527045d8c8e5931c7fc05457d7

    SHA512

    8f4ce0cba4808d5a0799f6d6c8a77ded85b000d49ff4ca1a18b36c95564dde9d63e995557893a4591a21349b523df7fbd7b8238aac28fa28da294b06183e4063

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d6e055bb92c9c0545377c6499acaf81f

    SHA1

    9016a8dd4edf9953c4ae5e1a25fc34d8f4fed569

    SHA256

    fab3d8c9c9179a2f620cd1fa0e7fc4c977fe81e1bba6626c05afe3a55c56edb4

    SHA512

    f0525f7087b4725d848748c7c1f397f4b9c573eb7e2eb04b4d26f96012069693d8e290d57d1a418e7664448198720db1bf2cf5756990c2b96db9fe18126e84ba

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f2f4ae94928339f8023cd23172a83933

    SHA1

    612fad61ac7db38fb003965385f5d3ac55fec9ae

    SHA256

    79ca02f50a1a84726563b1f173950087e6c4cddfaa3c9f75f5e3fefe5535324c

    SHA512

    07849869d0b024f3c2fcff4c01c8fc8a463281688d28e56ecffa0bf06796efee4189fa857dd71f36baa9cba9a962ad0eaf5cf9dc2ebc982f9308c389809b351c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5997572c61796299f33bf2120a2dbb96

    SHA1

    93c6cd2be25a8babbc8a866f1b25958982425ba7

    SHA256

    ee8d4b933c6951fb95aa94e2a17069ea72b58aa28afccbdf52bbb13d35e7cee9

    SHA512

    c5e9d4243b642bedf8b25c7e0ac3294024ff53cd8f4dc752c5d34e09c450609faa314ffdb039d0e63b2f4b132d791f309fae85eb31d088760d75616128a1c5c4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    edd9954567624973b3968e6d427911b2

    SHA1

    6ecd168189b5c32eff3c5fb3d73095e888af733b

    SHA256

    93fac12a77f4ba00e04443b238afa8fb94547388a1bfb2aad2533d9114a7eb56

    SHA512

    83820e88e59f46e73e23da522750f40fa5bbf4abd03bf962cb51075cde0a56061fd2e5d57d121cac1190c6029e21278b541329da40a736a0468a8e4181322757

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    caad2f9ddac7ee7d0b757331affca1cf

    SHA1

    2eece64320fa5605842809bcee52b01fd54d82d9

    SHA256

    82029a591581c19f74df5363ee322ce75045295c861138c038996efbb2eec5d6

    SHA512

    2a5eaad0739e3f28c6823ee92366a03fdc0f20fafc4a079f1645858a27ec8efb8d65b2311b9edcecbc55573d8d9f48f27023269e167a63dcec38023898afe808

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    80bd6c13336de94cad29ec298953a52b

    SHA1

    dbde5bf207b5d0e604a761b97d109f0867fcfec9

    SHA256

    5ee7dfacff357d91e48b725b5e102f674f81feaf6edf2ffd89d59c1c68ca6d53

    SHA512

    b7c29d45b69ae7700c006074c101957c66704823f5e81a559aa28805647f314fb128e26d0725f9cf7bb019b2b9b6fa0a9b85d195737bcf2ab4f271c21c3b3df5

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    4.8MB

    MD5

    3bf6297fe0be5002a90e7c00a4aa83a7

    SHA1

    b485aed1d38feb864d4f15ffa1a469ff9ad83860

    SHA256

    994c585272c68e5bdb15aeb2390ac6e6c16dd98ce04ecc3fec4f0e28dd076022

    SHA512

    def5ef0b60cdedc83d75b890a0352b8421e5cdc94d07e9c3bf3e256e4f2934dd357c003935246ce4a07252677d502f6b8f80addc8995ff024918e55f53209fd1

  • F:\$RECYCLE.BIN\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.exe

    Filesize

    6.2MB

    MD5

    2a0a130d371fc0a53b97949154a6462b

    SHA1

    50dda102bb263c4b2af02a87b40c33aa5ccc6db7

    SHA256

    62650859bc1e3648d7661050b029f01e73902ff64e09f5389563fcab446a170b

    SHA512

    60abc58126258d978a069b043d540d1b42e92013e03143d9382ed7eba8849b0eb03fedd60b403a4463d9bfde8fefd5203d100378010d47206ebde7be1aa30418

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    6.2MB

    MD5

    64713b6d231e03e1321e8afd9ef7cddc

    SHA1

    80999778729814821415559fa3bf4a0b06211750

    SHA256

    3a838d77489e2e60c77d1bf82a0d7a82a02ed1ba9c1bf1441cbe8c64eb348de5

    SHA512

    c0f4cc345744b4031e154cc739cbf007cab4f5648b199d0bbc1bc39a8ecd6a0126ab795ce14cbcb950ca6dafc68ab11559e10fe194b29375c5b4a13e100bb2c1

  • memory/1316-47-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

  • memory/1316-48-0x0000000002330000-0x0000000002331000-memory.dmp

    Filesize

    4KB

  • memory/1316-0-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

  • memory/1316-1-0x0000000002330000-0x0000000002331000-memory.dmp

    Filesize

    4KB

  • memory/2608-49-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

  • memory/2608-54-0x0000000000730000-0x0000000000731000-memory.dmp

    Filesize

    4KB

  • memory/2608-7-0x0000000000730000-0x0000000000731000-memory.dmp

    Filesize

    4KB

  • memory/2608-5-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB