Analysis

  • max time kernel
    145s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 03:01

General

  • Target

    600afc997d421b9ed14064b2759879de_JaffaCakes118.exe

  • Size

    182KB

  • MD5

    600afc997d421b9ed14064b2759879de

  • SHA1

    3f83c2c1b304b7269fdd2bf6963b738ca19c74b3

  • SHA256

    bf6acb4359d2cc3d8ee27fb9093bcbb478dcdb919a5a05dcf80039aa21c811bb

  • SHA512

    1ff25a2ec275197e5177ab5331eb5cd3eced7f40908d33f643e292fc051885cc6d6b16d1397ed0cab7acce25d8165ef134d1b5b94aafd5b1ab30e5b2df0d353e

  • SSDEEP

    3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJ9:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWf

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\600afc997d421b9ed14064b2759879de_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\600afc997d421b9ed14064b2759879de_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:552
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.exe

    Filesize

    183KB

    MD5

    b055cc0e1bba00fdf1921d561ce3fd4e

    SHA1

    6a927bede07d82f7f360b17f05ecf032e1c29357

    SHA256

    33dac4a597cba46ebe99163340781038857aa9e25000b0f9e3094d713a8a8f13

    SHA512

    7efd458defc16fd7b4c521ba27de0cc505890d40c5f469ea6e902e32115fe5191ee99beb77ade0d7bc5f414762b108fb88ac526f037d3484c50893dea38aa4df

  • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe

    Filesize

    997KB

    MD5

    1a87748775fc0aadcca5d970cf1c9acf

    SHA1

    85b3965ac02fd5735d36709c45058b01be7c468a

    SHA256

    06cd7ff6a9dc7228a710d633e75a11b973ccce59839dcb8cad8161734d76b55e

    SHA512

    57baf5808f937f16a024f5526e1a3db3bc77e553fe526a99d08bc8f5601bf05e451a10c20c493165bdf0adaaaa4e7b2c449f4e53637e3539745dea9dc237df1e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e9da9fcfc69f122542d27696f89fb22e

    SHA1

    7b4df224df766db902e6c0eacc2f41e54a8adae9

    SHA256

    46f2d146c271ad892f87a8d28681394acdefa1f53dec8344608785216fc003b4

    SHA512

    f218274345c543e801d02af407af28ca604a120ac35dcebe30d4c62e3b920f08b74282c1fdf63aea5271dcb2366ec28bcca0e4e972f039dbb9d41fb0ba41428e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    27974ac8d8f7390a19bf07b344aa1b37

    SHA1

    4bd8ad5a488a17016b0e42475d69be46fcf97a23

    SHA256

    6f1269204a6cf66166f6a354bf95d88394a2185c6f12b6d677df9179f159263a

    SHA512

    e90677c265018294533b11dfa136e6080c2af25278261acd33409bf260fc2e91259b82e7f171404d503f6a2a2e592b78b4ce03b0d83b99cee445a24236c23168

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0497fc368cf58f74e7d50259f25cdaea

    SHA1

    408be04d09fdd65fed6a53ae1ead128e70bd8bbb

    SHA256

    f894637f99088d60c58abfc441cd0a10f7d6d60ce8ad74fd28a2b59c80b71fcd

    SHA512

    b7622a0ada43807764e04ad3548121f3c82443dd670fe76004d16bd16a8c2bf0bbccff04a9e87fb4cc235d848c0cb345369bb79a47680c95602a6a2657d1652b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    eaf1c2aeb2551b982642a7917c060c16

    SHA1

    bd0bd53680320aa9eb6ee5c7867f046add8bed32

    SHA256

    edb0fcacee3b9d02478aa50a0912b19eebdade71ecea608aa90c56b43c584d3a

    SHA512

    da4816cb9e6013e0ef7a21b0963905ab628067e124a1f716e9cbfb112554c4dac788e78b20ef9d5b8f7173957140d0d886dacb388a179ed0c914fe70f2863625

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    61223f9e40150726941e3de393e73e62

    SHA1

    48aab6e4b3576859e80b85174cd300faffb5558f

    SHA256

    acbe9b8c37a6d5c3846da74a845f617e1a3828e5bf7817be180787ab2013b707

    SHA512

    516be080f32c36292ca75ab680dbc00fd8bb32390ebfdba89763ad939fa88706db937b7c802785e7d4191c3215d5062eb64ea8c71ebf9d3e8593ae9930d07148

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    950671abc073084ae290ab67999077ec

    SHA1

    f00bc4034eb422af10a4848c03b003b464bb5269

    SHA256

    ab5e144958755d4c791dacaeb95a2552adf22add0501384192b7128989cdee25

    SHA512

    ebdd39f7ca6d67788e657682ede39bfeb50be63cce77268e665ad0547d85547b3bd0f566a1cf2f55ad29be98846f6fd9227f5225d2ab76ddbd47e8657126bc9e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    471349e77da02118fc3ae27f48127717

    SHA1

    72d29f812e05c145ca3e32eec761035f4e840a6f

    SHA256

    e5ff67ed7a1ba147ce48f0fdf6a95924c345ed258786a45d2c019a231e1f625a

    SHA512

    b365f815ad8278aeeffcfb5353af12eb1f6c8d2fe71983337c7555de5f8c7e52ef2e599fd766c1e2a6e9c8fc43b88da6cd44bc30eb415c3195fbbc474436021b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0410d76c71c1db63ed8e1f71a066815b

    SHA1

    215fab690d93afe7b2ae012989d71b79e12e6c8f

    SHA256

    b358bd28b83fdaf674a33d27072ccaab8610cbd5d5113acf652500bdcd9b19ee

    SHA512

    1a8fe26b49e21beb98bc01e2255e77970f846f44c30a2b66b055b3e224f2dc1383174981313270cd05f4bab29c0ad2e5f6fc63fc9ff30c2aad02cc33a4b8b54c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    dafe1b85e19a66315a95730f2ec78245

    SHA1

    3fb7ee644cbbde6e21397f3b92926d19a160aea5

    SHA256

    fa9eceefbde103cbdce0857f05ec2512736cb1373df78a7d5d0c9af3cd46af88

    SHA512

    e5fab877adbf90a9609a46a6eb7297f8b60e8505b9f93d728d4af946254b7b833e8b9437b9047f369bd708808c8742bed2a5ad7f85aee4a6133b648d8c4dbd48

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ff0b7ff60be2c9b1e1e89dafb1563663

    SHA1

    ddffca4bae8ae52af7310f177b912ee8c06c089b

    SHA256

    76be7221307a95bdb7c76b33b57bdcd16ae31736503720c4e096de5fe73b9c1c

    SHA512

    0c4d40a8c6b17027a5034b0109395e6c0bef985e21645e9b9092b995e2e09e1332c81b0f3c5beed37d74cdb4acc30b835423f4859f463d0849f49062fe5c12b0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    eb42d69e56a7945ab947ced2b33b6ce0

    SHA1

    21796ae6ff901c6df58710aaf108836154f11864

    SHA256

    e0858cf9b27d1d645c73843bce987b8f0227d76bb4ff0d6a57d0fd336c0de741

    SHA512

    b78929967c239c0bc8a00633e74a7f6a769766b24e2a3a64c7aa531dec06c70a6bbb2a23b88bb7c3c4e32c0f97f610757cd4aaa4d73f60e14420a6bb4dadb8fb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a9b3d85ed6ea41c8f7859cdcf4446813

    SHA1

    ee57717d773e9316a738364f2679ffa93f9e9530

    SHA256

    7f37d44e81050bbccfd4bee4267b2127c1d8ca8a42fe65a8ab575064f9dae1c3

    SHA512

    6c9c765036d62d9edc103d8402dcb2291d0e85f4edcd9394b98ff81adaf693145dd8143a18921c223d13a045be3ce4d0fb6197d52c3c5c3f2380cf16116fda1e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    38dd08fd556061536f01db4e55ee2e93

    SHA1

    5f3d0ebe4bc802f3543d401a0641ec77f187fa55

    SHA256

    10aa40f5a08020cfb77e6dc13c55b462a831604d0de691db6178584ad62534b6

    SHA512

    eb1bf309c4eb991ffb3ade30d0c1f5fc57e166fa098d1ea942a0bc041664f93bdbd61f259d12c61cad6d150730de234ea85c43277f3502d768715598cc2412a0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0233d45a7f8438ee9ff7170b9b5ec8db

    SHA1

    10a229206abaeaa5c622b575334988ccf279af04

    SHA256

    3c6e0f70ab38224c930a4b764772d52d7271ded46d656b5b7b5c6a05918e51e7

    SHA512

    05faf562f27cd5f0ef7d1adc83e5514be66fa615ce9759118569b707f09785ee47ea11408573bcaed8cfeb137e0a4775cd9a814bc8c05c47149789e79c5e3d10

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    03a43a43008abea17796b7f7f302ddd6

    SHA1

    80f56974da90c6a3c98978fa6ed9381d3fa43075

    SHA256

    970d62d0225cabc238639adda9319f85468a28cfcf7effbe87528fbd6d8a5f71

    SHA512

    efbf278a61d13662390c95292aba331f8fc5b5c081be8cd4eea777d19408727b5d4e70dcda01cfec74a4476b21dc0c72997924c87e9c0ff3841ed370910aae11

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e4ea205b2628df9d18467a4c5f17ae05

    SHA1

    1598dce1166eaca01db260a90af7f7ba169012a6

    SHA256

    7b3660976ca726c05f313500314b2642d7af4e12403819a7bbf7efee88053592

    SHA512

    28dc3c757176f6e679ca9b9df2d941d69151cef8534d3d1a17d84644f3d7cdd9bc5704fb9e09fa2c17fe013510a68758345ac18551679e8c2f59bee12674aeff

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6dbbe4d0030837ff8d0037bfa96e7899

    SHA1

    90ae332b1ef410a44df84c60499ba73d1a0b544e

    SHA256

    b38c1f1d18664816616bb6ab8f30b8a7f4343573ce29387360bf27da53f660b1

    SHA512

    c3855c671668d75eedae8c2108d7146c15355252f2212c5522ff04a5886754334be54445a40587b62204a3cfa2ebae70643b69bb86a1585d7fc99b6018e21355

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    bb9405b5a8cf23093c587afdc646b4ff

    SHA1

    1383a75ca2753bacec9fefcbc4e5d803ddda558d

    SHA256

    5feba2f6852258bfd2b2d202085992d8c8623672a3ad75dadf734a76379796b5

    SHA512

    d0aeace1f17a7da7e0f6031f6707cdb89aaba1ccd9477b74d1dc7ade58798a64a4899be2bead9e9dba40e0d1c8d6ada13d9defe353b20b4e8ab4d7631eeadc1d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2c4344d193fd6d7e724b73d438415873

    SHA1

    63bf6c26f8db2524c467553910d8b281f8886590

    SHA256

    7d09d6a5c15b3bdc821302f5c9d819b411261ecd3dbc309e67349f4fdd63dba8

    SHA512

    a6f0990f7ab970db92f3a3bd0a4ff4c3a3b22bf4d7fd7d2596223abd6aeda7bedfa79d56abaf289a18708bda4a59f4e8ea63cfd0385036a85043cd32a572b70d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a53f010de771e666fd78d97cb834a519

    SHA1

    1cc7183997d297394f389aff08b2a65b8c41551c

    SHA256

    cf3b21b70403a17086a9b2b0f015e482833a7737e27618280f62f899a37e4af1

    SHA512

    9fee6cf994786892a38e446ac6caa8c276d6b286e7b7dd32cfab58a76b098ce620375fe9a32497ca76467853b681c54ee151ec026ff9c27b104b7587708a77d0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    074445c40ea9147d1ce9eae6149b7f63

    SHA1

    2c3bf27dd5f3a797e021f493a3c7200b494a0fdd

    SHA256

    dd1fbaa40b3583c278b95df52b3a7daa0f415305ba5e0a37f7239e12ebed19d9

    SHA512

    7cbb52e89cc4b6c2b8399ad9e528b299017f92b5e95f982a59da6b621fe87c3c45dd2ee97ba0d1a72d5ee39af8033be54edcf5abb3fbfa61641f6021b1a1c5ee

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    ea7761d0b3e7fcf217c02f6ec77e11e4

    SHA1

    4ed803717abeb3e0e89991de9ced464e28adf724

    SHA256

    82f1927dccfbc06bc4e3c38ca197c27dc44c7eaaab24371328480195c8812892

    SHA512

    bfd977102ec6f7b4e3c880f079c53e70b785d193f34bd7aa4b1cc1e919acd1b30b00051f18efe833e76128d564fca16c070596768ef54077386930da4b002fb2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5ca477cb43ca4ebdeefe71899b160598

    SHA1

    7dc00a7dc1550a79b0a66d01a76a158a9964ea3a

    SHA256

    f13d3bad1aec711a51814f94ece23ca667648a5893350a52ff1a3c554ccb6cd8

    SHA512

    9b055cabaf1692d00fc953925a861be5e70aab8329d09c4c4f2d7c0d3a5052704f2d0f31cc6dda38585dfbd9f9a19714756514e76e5692e1e888ef7cfc0bcb68

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    b65295dca4e1ec8587f2c80062152e9f

    SHA1

    8bce607bf27523e19d79ad4323838d458afb0a51

    SHA256

    097c7b45704d6717e00604b1b6b54f74970be9bd4c2ac0f5b98d576b42fa41d7

    SHA512

    c91dd21c4405e7b7701e548b689a8f7f4d37be8cdebd894a5a0d7da6d5a034ba2f26f119b4b19cbc78a57964fd355e08c738f9e033ad5d5b2cc7351b72d4e32a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    6806de5efae2139bd5babb8eb11ebe2b

    SHA1

    9d8a26bb2a4fadf81f9c39319e8893de376a1da1

    SHA256

    98c05b269775e1d3f368acf6877665aecda6515f55b416e0685803dd34b180e8

    SHA512

    38335834cd45d384decef62f76bff058f92b099b00419a9835ce7ff7859355d89af0623789ffd3e72511c1f4ee170807c71333931f447c4e4716d5ab371cc242

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    82266c21b8de41874efcf7a20631e704

    SHA1

    22043d6b8757aa3c9df0b204dd7e323d1ab6eef9

    SHA256

    4a628904025baeb43096d4979e4dcca07aea05a1cc06da88fcf5288ce4e9f237

    SHA512

    8e80dcae5ac6d55585eefc97a8b9ad7a8aa4f73597d5e1a02188c92297590cc20403f57d2a2db9186fe626d57e820c798d29af7ce11657a1df0685ab8a8d9b33

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    1bfbea989c5a525a2b3d295120cbb796

    SHA1

    26465ec170c1792ca881e13459ab0aca033ccc07

    SHA256

    3a3891950f5250604c93eb621b74ff55719e2d8cc573892dd70e942ece9ce125

    SHA512

    482513bebd1ba656b48d868eed728805de463267e5253b36d05031860493778d8411a53c7f64f8c6ada2b4c1202c7af479bbfb781d31c9fe1b8797b95ac0fc80

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0ad01056e92fa9d8ff9064eb31e93151

    SHA1

    736dc2079071d0002c904be23be082915868026d

    SHA256

    aa4128fdb83e5085a8960432418b360eda175c8a988d0f1cd8f6766b16443672

    SHA512

    462bd7be29cecb9727574ea9cf3a0667bcefc720bf83b5b6e5dd1b1e347f4835eaa319034663ce5342325add3ea2c07e6bfbd6c4d06e41165bb611c578411f98

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9c3b6d150263eecb93de868b5ff6fa93

    SHA1

    7c8881f64f3f91475d10e3fa4a233d7a2f7b513c

    SHA256

    ded2a9e02b3a57ef95fb4090f085ecffecccf98645f51003da6dde754612d90e

    SHA512

    fc5e14fce2d4f42d09d040ec0d3ad13836afbf9dea88e6de6edd35513c3c363f3693add8ca24ce15db81eda0315e3251dde21c4b7cfba385a4af109481e2a5a7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e99f0c0f842539443c8763508538c25e

    SHA1

    4518d95ead821a874ce28cec9000bf776e0fe75f

    SHA256

    2c706797723f69e0d102a80088a53583d74986302d311c58809975be7c2b0fd8

    SHA512

    730152ffe3fd5cfb67785d0f7a3c05f863131d78bf83c83b0aa534ac32e411c3b09dc79c48e2ec11beea36cd925bbac14a93df3a9859e8202607c043a18e4d0c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0e7dce8024a92871be144ae2ed6fa73e

    SHA1

    c98bc3b07451307e22d8e1e3e436159ea6b78b96

    SHA256

    ef77edc0ce27a7093f2587217f5a390a950e079f693f4790fdac479f9696d4a3

    SHA512

    6bddfd4f32f1b2b56a19f5dcf5c461b046839a9b394fbf3cbdde17f4ba6884acd957c589c9a22a562fac165a67b53471ccb8066b383284803b12d0478860386d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    0fb7996518db97178d720bbd92fd187c

    SHA1

    f7d7f34fe3d93c4d19b3b481fb7c3c07c9160742

    SHA256

    bb689cfba63f7fa6d570bc2c697e44d15fe1e17171808a146e67e4a4bd183866

    SHA512

    b2a477394eae4d95a9445a05d7d9b9d65a554059913aa56599aa322c636f917e02608d9dce03678667cabeefbbf5c100de36ae8a398906c346da8df7fc67d0e9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2a09cb6225efb95b61b0735000d73ee6

    SHA1

    c7fbb9cc2b950aa6b0d78176a0cd060647d5ad4b

    SHA256

    155df2a3483b77a65310488b1731a142e350bba9068de330dc786de3c076e919

    SHA512

    879b70b1bf82cb90c4aa1d2c28a5bb149874fb303014348763c3969fc2307d3e511112908313ed9b8e90ec3d5b28dd89a12a73211871361f386b2d0e2ef36d5a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    93a05f24103265d1ddf6d53ec6c1fd6e

    SHA1

    c303a5662ae5894c5ee246c86e82438169e879e8

    SHA256

    b06ea2c19cb0d556bdda4b35db3126c4af54a1a465e2897bafe7f8b832f3463b

    SHA512

    b70b591054b2c90b8b0778efe7f38e94fb17ad4345ae6266a9571bafecfd8c63933723338f644cd3ee4a6f2caa06171b645411a5d4be57b18e790f59a6c493d8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    27a8b48302acff316920a3f99c7d3418

    SHA1

    e8b155391e8f5c426ab60cea1a0a3087c8d01058

    SHA256

    2fe815a4d8657d9cbd11ece2e630feeb5a623bfaebe19a6e027d6a1de9ca0fe6

    SHA512

    326001e275155bc276096cb84d5be6c3eb190cc6cd6b90c0c40ea4c6c951eb83fa7807a071ab5ed898553df9c58c81ec7f4b4a3e323067ce1d95a45620c20321

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    799d6cc08ec3a0395e4be5655771a515

    SHA1

    0273eb0d30fd741412b8904d8b083e630aee1588

    SHA256

    9436f79542d8d8e4484dc35b248dc7f1a96daa37f71077fb9cf41cfb8cf41fbd

    SHA512

    2fe1f9a57c3e3468a5918a5847521fa5bd56b5b5940afb07a95d58a9e3956f8683acef622acabb0e5fe47c5d6fea9f2fccb2b351e94b737cc066fba62a68c281

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    a3707278eae6ff10d6d17422f36568bd

    SHA1

    9ce9335cb35c939b0fab60174680026acd52d41d

    SHA256

    9ca09c23bfda117d349ab0267f8ca17e07cdce0356ba68d76fa6843f720a96d1

    SHA512

    e62114647bde0a7a11b49b984fb32762af5fd03287246c09117d2f5073120793fae1a8dd19bfd7db0d15470678383469f5fb5034f9c6ec9da297419c0498a5b5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3a528cdd7ff8ab9582e141889f101c4b

    SHA1

    7e77ba9bd1d3811bde92cb372df7e9a4644680dd

    SHA256

    c6940163781a9db5d25da91054f77f7767902dab938617afbef41f7c3e7f1611

    SHA512

    70fd8278e1743c33bc854a625c1b15ff5acb51d0b30b815bb2503f4c6906d9f8c08d71752cd1f7103ff206022b2a75e4b193fcd171e27adc861d860383e84762

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    073fb9c520a3a958a3c69a27dd808c01

    SHA1

    e8b8aae4ca322cdb71c0d5f21075ed641e8418af

    SHA256

    9182c8f021cddb7d233dd7b815a63c57a41e6a3b004d56ec3296539d42274564

    SHA512

    21fa0e3b162593668ce3aeaef7e88376473d0ebe5b88fb27c9c441f44fa804469b25948c4e389e17b67882d3f79a83eaf871936948a061ad8d974b8eec1a7d2d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    730db7e1a0de239a15498767d8c0af2e

    SHA1

    0731773d14c1dcc0c80e419e82fe358c07fc43da

    SHA256

    688bfb4ed5384ef9480ed66e4466df0f79ca85d6894e6aacf093bf8d551eea1d

    SHA512

    79fcda071435c7593df07bf3c49c89f6994cdca05f683621073548f48c2349f4f7469b83e2395a4fb8054d3ae7f9f93e61396c52bf7461175d70f9c5a63019eb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    3461f80f5553c40f6aa8d4356f9e0c7b

    SHA1

    1726d6cfc21c3203533c6a3b18c5551d29d76ee4

    SHA256

    ec7dc9e25eb246d025e124b58af772c5f0ec39acbadfbedad493087e582adeb0

    SHA512

    fa53cd55eb6d377874d299defdbbb36f462a2514840cb2e51196cb91ae1d9c8e4e8451b4cc1d5d809195a569812a9cef144e7134adad82ab5078bb991946dadf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5ef3ddc53e29fd997d2cc5a37aac6f9e

    SHA1

    edeec82e9b2938e2bd0802924e62f830447cf318

    SHA256

    a80d747ddcd78cd258a75987789e9b8ca74fc4098078bc37f6ec6dec1497793f

    SHA512

    e11f33f9e78ab27dade2b2bc2e03866a141d1f7a31cb22dcf2265ff8e12829343d3645e2b8fa9d47a36dd2b4b0e9aeed07e457864c8ceaa796137677ed171599

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    be5513ac613f3569dd89c79d83a08f08

    SHA1

    923f7064dc47e161aeb541dbafeb54b75ffd2ca8

    SHA256

    8ab827f55aa44f0c37b13adbd6b809dc6682f7c7f8c88f9e8d822ed5129bc2af

    SHA512

    cbe1f662722341ed0c410c869fdcfc051987d4cad7b03a7acb0d5682be395752b59dd8d7c36771b6eb72d7c3e2151bc8d23190526614e67aecf15a32b29381b2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    64c5d630b977089e8b174262885cef45

    SHA1

    03e405352c672f9ac4cb0f3c68495abe929de3fa

    SHA256

    d66a0704daa9e7bf6b2a08646c2152067f169d533c87571e78d023e99ac67522

    SHA512

    e70f6bd21682c30d729089f978648ea3cf9bf685846e8ce860df357d95764b4c2ce24535ab5969d64961538316d9e4ff89d0ca50684f839d57d7027d8b575366

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    6728e765145ca5f35f6d50e858f642b3

    SHA1

    db77e18b7d342e786501217c4a2cd9fcb928fd3b

    SHA256

    1a47613d28158657757f292377bda8381f29e699d0c502c4af2fa7b2a0aeb682

    SHA512

    dbb1738b864b312c25e54d3dadbbe081f9db2619620d3d210ca1aab89f8233bbda63628e34d803b5cf927642deaca8a0c40117e7ecab5d96a5686c3a9dd2638c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    ab34ec61d0b6e18af3cbaae69b7c2052

    SHA1

    2973334e6782331dad85906f4dac1e6b53e4e860

    SHA256

    833a8a52e647dc9ab5acbfe5c55e09eaff1d327f5f32972fb7dda0969ecb945d

    SHA512

    ec762259437b13bebae50472c52060873ef6fe1cd53925e4405e058cf867025df39b23764ca8488426b9257b64fd1749d5c0e61917b5a327d5103eeaa79d1663

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    e73d9586d8a04596e92a2a77cb9db17f

    SHA1

    3b569b149bf962da70ddebe63a60fc517e531f5d

    SHA256

    36b3be738c9e893f48385156441706e2decfe0e6b18c1b785cff3e9bd2a8827b

    SHA512

    a3dd5972154074bc353c7a5b6ad8929dc42e7bf9ce31f4688eef7e184da31dba98804dd0fb7f8ea5daeeeab790b922db4e900aaa3dfc1ecf8afb49efa584aa9c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    bec9bb427fedbf85e9f5e897aaa314f1

    SHA1

    ebe55d6f8a04cf5b288d3c207e5a84a7055f2177

    SHA256

    37245e5cb4f707ded1a1c8565ba1b68424a0f99e0eda25f1d7099ed76cfd88da

    SHA512

    7cf7fd61c3705b4619d593ad8db6602de3f613b7aa450da38c2d0ed000cd0a24a94d055ef2550f8499d7228eb8010a075be3e008ba189fcaab04522829541261

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    d58521b79a8582323fc9418009e82817

    SHA1

    b7b837ffcca04f070cfb7a07291a73ff9b9dac68

    SHA256

    d160d64112f3ac35a74192c6120d3f6e102ece11fab9d6bca7827a84b6053d07

    SHA512

    6bdfa6f90ca3c97aaafd0d6596660c7470b866f789fb32452eb5b23ea945e7418a35697f63065ac02bce79af50925eb40d4a8d04981a5e4bdce95bad01bf3c73

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    2428ec81c06c3a775e22503ec1f2f3ce

    SHA1

    2ae381c31af20db331bafd806a716cd4653565f3

    SHA256

    da225dd8aca516dd6664561f4116e232f0840ae1f1612f70ed1828bddab68ba0

    SHA512

    53804cf934bfce76c15ac03e333087aa607450dac60db72e0933dd02a5a59a2b95c0ac24541dc956dd38336c271242c89c8658fd93db44cc51f5d0df8c3b7c78

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    efe1cab1fa28e1b76d3c5b354f807a7d

    SHA1

    42fc81c2660e7206bcaa2823c295aa3459bd17ee

    SHA256

    9f604bf7be603917037be24261d1d098315cec9adb3f6ee3d356e7d696049826

    SHA512

    097604aa488d19dbbdb619a61892838592cdeebc2c2774acf3e2da48b95878e592a7eef9b40f135baed4abef0be6f1d8e294decc26f447ce4a57e47c86832f94

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    340e84ba05c0efdd4992c9afda87c0e8

    SHA1

    a74f1d23fa19ad0c3f89a4a4535e2ea974015c9a

    SHA256

    ea718c117c689b30399cdf92b4b151f9f5dd7054a9fb578c8c2e89fdcda6b8cf

    SHA512

    ec1b70dec1fbc5f56d641f6df1a59a081774cae834c0c9e28bb11ed7735d7554cdefc27755b40d677e5c2b9f98dc1030a61fa430ede72d7ef9bbe8b31d532809

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1019B

    MD5

    8bc9c22c5cd6ba778fc729200fbbd464

    SHA1

    1b05455d1264873f2f717780ab928f3bc27caafa

    SHA256

    4af7b9d39947429454a8dcd3987fb8901024dbc13660ad18e50d3f6321a0cc59

    SHA512

    ab3dd5b36d385d023a7d5f7dd88fc51c39b9f7d84a7808a8f217565e9fd16811dbf988bf362a7bde2a939d42718fea17fee5125c5c4112495e2bd443869bbe0d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    23cf91867e92beab3609461c4a637b1e

    SHA1

    aaffc181a0093c0c81aab5982e5eea53c529ee4f

    SHA256

    77f11f77d0f41733a039cad73a7dabc1f9506adcdaa5e12da8302305bfe80390

    SHA512

    8d417890769e38991367bbaeb797628c1c095963f249050a2686b18a9ed163259dfbdc3bb95ac2f48203e2e9b0185f24bf466750eb8737193d06399bd417825e

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    182KB

    MD5

    5d112b6fdd48b412d4b24ece28eccff8

    SHA1

    0750b253cc5b881633bda691d527d39bc20fe993

    SHA256

    884bca3eb7d1121320baae9f5f5d30a102d5a62d42ce958979318ec687af00da

    SHA512

    1cefbfc316692bf0cb1ae4d60617c889cf76021bf2cd7299030b6fe92ba89b96204faec607f6d0ab4b73d95d8671939470672cd28e226ec728f05aa1a63556b5

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    182KB

    MD5

    600afc997d421b9ed14064b2759879de

    SHA1

    3f83c2c1b304b7269fdd2bf6963b738ca19c74b3

    SHA256

    bf6acb4359d2cc3d8ee27fb9093bcbb478dcdb919a5a05dcf80039aa21c811bb

    SHA512

    1ff25a2ec275197e5177ab5331eb5cd3eced7f40908d33f643e292fc051885cc6d6b16d1397ed0cab7acce25d8165ef134d1b5b94aafd5b1ab30e5b2df0d353e

  • memory/552-73-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-93-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-141-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-135-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-48-0x0000000000670000-0x0000000000671000-memory.dmp

    Filesize

    4KB

  • memory/552-52-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-125-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-183-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-151-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-115-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-63-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-0-0x0000000000670000-0x0000000000671000-memory.dmp

    Filesize

    4KB

  • memory/552-104-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-171-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-161-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/552-83-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-84-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-166-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-136-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-74-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-94-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-172-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-156-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-64-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-105-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-54-0x0000000000730000-0x0000000000731000-memory.dmp

    Filesize

    4KB

  • memory/3104-53-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-116-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-184-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-146-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-126-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

  • memory/3104-5-0x0000000000730000-0x0000000000731000-memory.dmp

    Filesize

    4KB