Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2024, 00:28

General

  • Target

    64dc58bd24a3c99ba0cf6a9e968cf955_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    64dc58bd24a3c99ba0cf6a9e968cf955

  • SHA1

    644587fec32034690c3c644ac3c1c1e0c76fd6d7

  • SHA256

    d5bd5e131104a950d83a076005a7ce9e1685ad9c00ced88f3eb43da8b6c26dab

  • SHA512

    b841edc19995ce99d483737ed48f5c6a0f3491804f7905f213564d5879d02abda8c8461d134a784098d1985e6a3cf3be341d6936bb7b1171b89373da102958e0

  • SSDEEP

    12288:5MMpXKb0hNGh1kG0HWnAL7MMpXKb0hNGh1kG0HWnAL7MQ7:5MMpXS0hN0V0H7MMpXS0hN0V0H

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64dc58bd24a3c99ba0cf6a9e968cf955_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\64dc58bd24a3c99ba0cf6a9e968cf955_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:4800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.exe

    Filesize

    1.1MB

    MD5

    111daaacef5a617b5119757614141335

    SHA1

    2dec815251fa36236f52f38bba2433fca3e40a21

    SHA256

    77cb68cebad3b5ccde5e20503f034d20de51fe18874625693316ddae259650c1

    SHA512

    6c939f260e2d31787e16c4f98bddf950d672eb26bef8c0b7a0f2c8d0e9a2105b23c15d96be19e3d9baf9aae19a56477cdd2bedd131c545b129e026938d6af906

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4b15423821fd4742069230b722a86127

    SHA1

    f2c106748bf6d47b520057fccc1a4f1427f7bf42

    SHA256

    b70caa89c4bdf14b7968bfea1e316b43469f7c3936965f2dd177960a3a387e13

    SHA512

    d31338e060816a448d6f4507b34f7fcfbde830d8566b1252c155cb2c21b13a53ae4684adb7d4d8dc536dcac2ce207feceb089159d1e9cc9679cde304abc15518

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    02d551281f11cd8578640e9e26013bd7

    SHA1

    6b78578ed86ccda6bdd9070e464cd6663d810bbe

    SHA256

    276186cd6675d11b0098d29c27c9856ed43a3cf1a8e3814f3aced670cfea5d30

    SHA512

    13da5ff7c71229178d2b97c9391a26b8c3cebe8ab9440137fd56212a3b6c7b4992add9bedfa3c803c65959bd3ec92959d0db941a74a83020c53e37373302facb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0cef983fd0788537038c3e61f9887ef5

    SHA1

    3fbe446cd3b597d9f3248db7fcf5d66a4243046c

    SHA256

    889669071f0b17390ea1b209cbece8f369352b0b5aeeec92b16432436c4c78e9

    SHA512

    3ab93843c9ae42134c37b72a133da75ede81af7083983be50d796f926c8afcb09ef970d49d9405bc59501e90018b579c541a5244fc87980af4f045785909413f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    16c83bd0fdcf569b5c432fe057efbbc4

    SHA1

    06412c0b8e5bbe2deec062f5f95f0a2590fd9424

    SHA256

    1d7854b20822ce3b424f440d4a2765172e4a822fa46edd5aac14914c424493ea

    SHA512

    70df3296247fc95b28d68fcc18f89d6850c9fcc6faeedee3837ac602cc3094eadd06c82ec03d9c2923109a122df5326e6f272f007ad333e74d34397988f1567f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    b64b722a72409e4d1d273c8fcdce9962

    SHA1

    2b3eccc52dea59800bcee6c7600993cef83b5b9c

    SHA256

    d5d98c6e6ca02b79aa4f99a07209ba6ade32b69ffa31655fd9adc4e502edf7ef

    SHA512

    0c7c48812b06090d3f5de5568f800232383bcfe99edbabe6e3491da6e3c25df124c3fa0a78f3d864c425733fb5cd0947107494f38786142c66a678aa9f1910e5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    47ec31dfd2f1e45435701399e7bcab66

    SHA1

    07b6611991f86d4a3efebc8d4051e610224bb750

    SHA256

    399f14377a29ade5f1bdc0e8169f87f1a5bcfba2cd366a903ae6c799d28bda9a

    SHA512

    298d6db705ba7d8066390a87988779c70d51b87287ecac1f1a954250741defff8221f6361333af48794234b74ce635da94f847107e30271310ae577ffa8d9896

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    0200c2a33eacde7349fb37f1bd731fb2

    SHA1

    6f6d40e9a2efa345c0f44cdc2616139d86d8651f

    SHA256

    5d73a351f4756735d45c3358a975108641277835b37b142fe1747bb057c64821

    SHA512

    b611689b829bdcfa8dd8b5cda960a23d6dcfbd6add47bbc279093aa8628f4561a9d3c206ad519d3d9d3e9f7de12b1f61312943a288416d0851e1efabdfaf202a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b9820c3c9753f853f2ea9cb124ca4638

    SHA1

    a6c25d66fd38c9e3ad07fffff8d13f83370aa701

    SHA256

    4bec8c6803e7e6495f388dfa2579e24e4de603ee0efaffb2e6066b320a1bb15e

    SHA512

    a08ef073cd8182aeef1900ae9db7c0341f68be32d623f4a398a0e1dc94be475840980f4dbd1d9d9474fc2db5ac71b5d566016fcb39507dc8897954b4ae3d0cde

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4a4b93b8e960c04cff87dd37e763a336

    SHA1

    3c57d09c296902a3f502e7c3731cdd6852b2ec66

    SHA256

    65a32abe39b3f707bd3c5fc02b384bbdeefcfe77d50838cdd104d872731539c2

    SHA512

    4f8c21a74b95d64c6480f8423ef667dbeb953bbb5ee44b7b409c74651a4f63bdacb2ad0a2080dc6d51c24aabf8ae16341abd8f34aee3d1e4b478e725e6604b90

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    d7459923792f6e76bd7c55699c6fa65b

    SHA1

    ab0c22239608b5cd04182691fafa3f93dc74fd6e

    SHA256

    2cb17f7e4669049fb0a639a2200f87496a7ce518d149196a8556ffef308ffa9d

    SHA512

    5d20342ba46df4ee1988d92987ae7e4a464253b7059fe4dc558b874337d38f23af82bbc55117f2c7ddfb2d3bd0b29f90df4c786a5c0b2e26b3c47b70f659cf14

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    81bbc59ee2c477fe7513608d2112bfb4

    SHA1

    9bddf82c321fe4448020bdc46fe29d5acdec065c

    SHA256

    e50bf712164d1082d75e572e253542c93a500c0fd02d55daf39406379823403e

    SHA512

    0b44ca4a38d8e53ad8d0254288ce15c7e637ef9855fc108ca66754d118befe029e53ebb579e067f3b5defb7d611d6447790e5c2e6a95a344b159a55290f2b153

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    9c7ddbd14045c07b7117f08a8f56dd0c

    SHA1

    644b327897b3b346ae511d660a049132adbedbf0

    SHA256

    588951679137800929070dd8bc51a163ee5c57b743a7a48e29a1d4a1a2aaaf14

    SHA512

    e0b4ac3218354062fa3cad7b3cbde91e3ff9a0aec13fda609144de198e5710c099018857ab643c1eec1eee78a7248ae7adc5f1aa20c2382702064d326b3dca3d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3205cbed493d5e5ff29096d362e2dc10

    SHA1

    dcdcd11b5ecafa65507e2a0aca19fe6c66dd25e7

    SHA256

    bc782c6609a80498fa0f712d9e778b8b0c7a6049897b87272a4196f910018910

    SHA512

    d39bbf2db5d9dec5273347597eadc0603c3990a49b472799421d7958e262a6d781809090594830b32f8da4fa061c6c5cab8bfe14cf24203ac8f8cd892365a590

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    4328978cc4cc854b9297563436791aad

    SHA1

    81096096f43bf985a1562af557123ea8d802d09c

    SHA256

    5dc7e2bea8883bea51c2917d90694f1a45532812c5848bd515bc8b1cd01489e0

    SHA512

    68496f316f8b63d416118551fbda994129ca74728b02dd7f301fdd78e3b97ba8569d7f6a910e14c4aeb36a5a7a7ffe15207ca13a3a9c8f5e02193dfb9aa52e5a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    29e880f43db58ae41af6e7bf300ac1ff

    SHA1

    a8a0ca0c4a07c5ef74b9900bab86d112764c04ec

    SHA256

    c468ea23b3d33c4ba68da59c4a99dfead702cf66c133c01edf05448f197a45ce

    SHA512

    78ce7841ab145c159efce1813e2b5890ed6001385daa188eb0a53272b9cea661835abff4f1beb394843b86d28b48dc67feee5f524b0e512d0002d32fd945df1a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    025a3fa94d26c3a8fe6b27626b5ce89b

    SHA1

    f3849baf6d813ed0d3fbdfa2305020b48e6cb067

    SHA256

    3044668c830bee06be9413baf79c6679a912b739fa3a264cfccd26f7bd328f6a

    SHA512

    0fa5eb068f5f054fe2f2260dbffc1e94a0ee6637269f1a2f23027ad7318187e740ea067ed2e0e82af9c8873eecae106416c663d42b57168be623fbfae486d721

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    74e2568b8a92a8fa030cd1e6145b6c29

    SHA1

    ad0f04c5c85ca683dc32b55f6449fcc0fa642f1b

    SHA256

    e1cca9534246cfb024aec8951c9b960073d1696d251ffa5150f2e292e195c396

    SHA512

    12a012da92a6e7cca8b8bd7d8e77c92bf511def38475e83a30624496dd2571c485e9f580b626e75c8d7cf2de56f44006dfdcf6860df55331b961b108de64d700

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    81961cf9ff8548c7103bab0dad706810

    SHA1

    30776e33ef470628780e7f884b91f77c57e5016d

    SHA256

    e9a86532a2da9f4948012324a47170d78a954e6f393751e2241b3ae06b743991

    SHA512

    3b312aa892826011802aa36f1c28b25b7c6a096ac9d8ac9651c4f22a1ecfd6f0b757a6f4674129bd45ab7338c1d6ff61c6a51f34ecda5fb1dcd9dcc3057a96d1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    d8e2a080f388753cb3b95c7260aaf61e

    SHA1

    3c7c48c5a86dd1b964f11f790d5eaa185ccabd70

    SHA256

    3c6e391391d2dad8b80a75b0858fa309f7c5b5f3a4d02c480383584dc69307c6

    SHA512

    ed6c0509237cf04b4af8b25b988911e2c1faa0107a30a5118bbd25980cc45c77729908978b5e75ac44f29244ad256a2552cac46c84171618eeec6017fe88b5ac

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    df53e4143faccabf1e5743ecfc6d1052

    SHA1

    84a964c62520c0ab5a6358179c60a8bd91812e95

    SHA256

    0a70b2115fd650fb74179c5dca79d4f540e6c18e2a62eebbee6a54415b6ce92a

    SHA512

    63425c05e5c26fe21020f4c877bb0d682d78ea49d1ce9368d3510c683bafab0b64f65f9381471a860af2456d2c72f6ef942be82932da4485c5dc680c792e0ee2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    db56a94ab2fd6b6aa23ea149e779bae4

    SHA1

    6af814bed278fd0ff3294be73ad1f5109d765578

    SHA256

    f8890322287a7194a54bbb35a5858a18281dc501c82cba479da6affb7281dc25

    SHA512

    dcfa9a463ab39e15ac1e76d6794d226b2a27acaad310b136429dcf59fba032a935046985cc05cb6a842573710657f2485ef662f5785447ae99940bf2b124662f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a1e8b503d82e8de07e2d97f8bfce3833

    SHA1

    684c08f9e8eb08307cb658dbc95e834788e711b5

    SHA256

    0e3971d4aae8a5cff1b11d45f947cee232c99f094c2b9f153a605d7419a04bbd

    SHA512

    b8ec3050c15752101ea52b9ecbba7c1ad0280aff5057d0de1ff771e4121c34ce6482e3eb49702890a5109411dbb173fae2804fa139570818a775507c153857d2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b1a42a7f1288609eb3a2f711e9d88f21

    SHA1

    b0c50fab2698af781f739ce4165f3930a8009266

    SHA256

    c9dbeb623fe6aaf7af8276833154fca28c6a948bc65db413391ff498d9308ff7

    SHA512

    3b2fdd510c08bb0d4bd789fefb4281f2b5ab94b049fe5f2124d05fbc112b7fb6fa5eff2e3c19be1fa795d857e69ab3d302cda8043580e8a6ab41b81ee7fc6f37

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    889afb6f0ed6e32f011a4bf9fbf9e3eb

    SHA1

    206930706f1723bc63aedf48a95011ffe7447d74

    SHA256

    a3890602fb3e12b4b6953f2ccde2ec5c5719f9d5eceede33341e7d30a096800e

    SHA512

    6c101e4cd705b996d1a0796951cff81c253aec29b513b1efc76122b7a8524a621228ff27cd7a87d200ef8fab2a4546f9323b7185f64ab6eceeeb1252b94bb62f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    0d2e572bb75a158147caf0312135de9e

    SHA1

    9e06cb94e01e889e025e041b86d915a85b86a4da

    SHA256

    ed7fcee1883d453db241e6039ee7c7b85cd3b68de81f70f9a7bfbfb00c7b4343

    SHA512

    0ecfdac5b0e117c45f380fdfbdf544822bb1316125aa569926d1965af5b279f0d2f333431425ad5f6e4d398dbe8ccb33fbcb221a6bac131abd7db431f37df4e8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    dd1c7809f2f9d8d95805bf6bb597b1cc

    SHA1

    97e6155479f3dc6e3a5ad68c93752fdaa20b79d9

    SHA256

    c1cde7fe54154d5fd977524ca4320589c891e75311a8e1fd86e2d661b48e3af8

    SHA512

    e7562d11d7266cdcb8d671eab79e05f119821ff2e39fc27c920d70474db8da3b80ccdcdcb6cb71fc65d11484a3672ae31896441a9de82e89ee419fa4c0f46f36

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    e0b6d06376121d1da282d1c3e42b0706

    SHA1

    9dfe54317b31c945f26830791c5543c8a9b25586

    SHA256

    86ae368bf8d165561d126a6006eb78b1669b79e3ac9300d7c36df91403411516

    SHA512

    aa2e65dbc06b64a4c9277e710ceec85b479f260993375960111558eef73e2e836c3aae270d0878005dfb7ca56d6bfee47f7874c3b40e16de522387d09a69cc61

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    7d7c969d7d18b62ef79bbe0ed47e2d13

    SHA1

    11566f80b5e653eaeee9d0b6b7146f4ca7aa9361

    SHA256

    e7a351798d0ea8ddc5e9c3a364f881bbfa56db087a52f3a64ed5d158e8757a13

    SHA512

    592bffab8534e3d91f1be7d734568fcc0fc2ec895dd9b1e81e8361608579a382fdf2c26cd164a1fc5c4a426032fabfee3c6be17441ae5d368a79d082b5854545

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    7f1bb74ac7c3220ec80fb37e0265cdc4

    SHA1

    35f3cf94c5fb8bc2171742de494d0547ea9c55f0

    SHA256

    89da9740f8e0f787ff99bf8e2e5fad86b86470c14d0d0c8e27e62f54051c35f3

    SHA512

    e506b360c6789dc6ab934e6aef64eea3fb9df38b9993b79806a456b587b45c277c539620038b573e99128672ecc0bded41d9bde435e658a10bc3f667adb4683e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    bced15b7a0f774f177241f84659920a5

    SHA1

    a216834b22652fa67c7f539359d92cee7ccdd188

    SHA256

    03904d57ddba76b4dbc47633c600cdd082fb032432bd02eb3d4eb155a8012b1a

    SHA512

    f3efe057a6a1451a3d6c8bb5125fb086a40d2719f518b5e7a668bfab6e289959569406b6c6af47f161f2ed1d122ec874a8e3328e0470ad90ea25dbc0c735d3e1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    abd4bd09db9651a1642c6675e366883e

    SHA1

    139c4d562d74abe897b4f73a4e614f95de6e4613

    SHA256

    e2c3eb8cc31f5a9e5a7cad8ce626a52bdcfd5b470902dceb16d27e546c406977

    SHA512

    9b91726e81ca12bbd154e8f32b7c760f8d6271302f9cb4406deb1ae590897d94330eb69a9b78ba5d4856c734dac649f3522d4a62f7c0293076b59fdce4a3f3ad

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    f06d44eb4a4e2614d649e15ec287d6a6

    SHA1

    5824a57096b436fc195ef639329e6db478ea4ed1

    SHA256

    78ae1d8209ecba9d35c6c48d02ce9b70ebbe69e95c1c7a004eafd639bb8de0d9

    SHA512

    d3aa8ecc89883688ab273e6275f2c3fda43e908d545ee45ed20cd83fbb55e068261aa803cd0376691e8a230d0c6b3301a1949cdc823ab21f29b4046a2559618b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    b5dc18d6f799ab1ed4f4b971c432a0fa

    SHA1

    4a61df8179a270c4ce8dc5531aa083e2fc6838af

    SHA256

    cad1a188b42788c3b6866ae1b24393f296082452ba76a8b85b17a0c8fe151fdb

    SHA512

    8368f5a663ce0aa95c47361f8fe645ec0a9766160591062983392045e22ef6ad8b88a3958c999ab02ac718c8b4517e645971279271e6a41afc74254d7625d026

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9a7b4be40ee6b6db8445e01f14314404

    SHA1

    a923dab67707630697d0483d7ffb3f98ddf04808

    SHA256

    af22700642bddc6fda72ec1e1890311c63bab76b75f643690c624809e3317bc1

    SHA512

    af8448066151ed27b8bf209eef8e1d44b82b948078d4464f4198a69b69e97c598e81dbc489ffa240d554b7eb80da3bb006a07c53caabf3a860df647cf1ff2f56

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    3729807978155ef1b5a24fff4c0d218f

    SHA1

    20a5bbc758cb8d86ffaa7785434207808acf8f92

    SHA256

    d450474485bd8e3092e40242f093c48e0e34973fe77e7438c881899d03ce580c

    SHA512

    283c5ff0985a55de0b55266886dd5072ab5308ece75a400fdbb05082ffc9a267cdcd4d76af7e53b104e9d58e1e27b91c33e3892213058a2876bf2ab6f2f122fc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    efb7759889435a15bfabccfbb35de88e

    SHA1

    6cb3d90e5f142d930de0a62ac3996bdeea477a0a

    SHA256

    6fe4c399c3312144434d28ff36eea6e6f9480182f0e6989d8d61bc2c7f319076

    SHA512

    8018424a5f2ade612837cdd4bef268bdcf3a79f965ed165127bb25f051d5ecceb88c896e3f8238df769e521769d178a7b2a08464c6bfd406a0018b24d13f755e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    20e34aae2bc0f654e06169087a9128c3

    SHA1

    8bee6ae4f504cd6299f7011d6fb29ceae0e9d52f

    SHA256

    41320e192e2aebbe8be7377ede5b51986571ff4c0c35661465511368a9b41762

    SHA512

    199d47a7ac3a2779b135f08f72219117c1383906e0228b0edd49b67051420f434ba90928d9e5f054d922024dfde11c11384d80499875e8af6a7d6e6a977f9dd2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3e644fe5dc2caad3c4974e29ad7e0563

    SHA1

    5802bdc4386afebfd94b8649e8a0143c2d7b8501

    SHA256

    f1477c86227a52ae0182270f73ec096a7af2f77c9760f17dc95cf0fe91d676d1

    SHA512

    99339299f61667d96230cbed864979e09cd8879c28aee0fab2e142b4af12554860bdf22f91feff39ef0afaf1389d524bfac4610384b28d09ed92bf100412012d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f517ac9a3fae6a9e74427f78d6e6bec5

    SHA1

    c4c349cef07a575cc3765d1206212e1ca70b9600

    SHA256

    ecc3ad78394216a53a8a049fc21052daf985567370888cf2aa37765f16e5bc70

    SHA512

    9a60f048d6fa7c1af91eb4281b6ded556cd1d05eb0236849c922f4f621ec9e31bc8a07fe1be691120ce392176587cacb9aff22ed7fd93a017390a59c52bc692c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    9140e07b500b025e1fdd99e127b82d58

    SHA1

    81b07e3f908eb1176942a439bba5788f888e4a8e

    SHA256

    5b6c4be36c61039d0000e467bde96bc55b244efb57dcb01e83676e5c477b8c60

    SHA512

    35136d13de58ead7c54652653d778b2b9abe1d5af0ed09a582317c4eeb1e40c8caaa46508fdfd2bda9bf67dcca03c7bd53fc02925c84b770211d451e9d9ae8b3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    abd0894cf1ecd026905e5504190bfa0d

    SHA1

    a29e077368b9c87a99edbc2443047cebc2967375

    SHA256

    28852a6c7b861e6053728ae84305c3cee6747ff5363c3404cb6164b8d7dab323

    SHA512

    d0396c90106ca49eab8845209dd164df07c22cdd9696bf2ab0641562858a2f368ec73eb736d36c2c6ba8544c537380b40921ad742d67d73d12a36b194167b4c0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    c9b42f932d9274963333d9ae25ffc230

    SHA1

    0129d1107e297e9eb4d24cb0e73c3b78f4f544b6

    SHA256

    4b0170b73acee5522283640c01b343f55f8e86d52cb3ef5a6537517b6fa98a43

    SHA512

    e6e8b0aa24e1434d5c42df380944d32abc6421c4dfb44f9b03cf594c77d7b218b7400c2a67ecad5fd380f32d7241f6219ede6c7ca7ee39d4a24d51f711c7e9ff

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    78ad34f645fc1f770b798d8df49e0237

    SHA1

    5f8776fd255c22189608484aaa4beb757e08c449

    SHA256

    d2fe5be3d6d71b0e905525578abe31d8b64e2ee30f424af66c1dd8f5aa5e4a45

    SHA512

    e72210a5ab55ea199fee6eaf3278eedb22dd6380ef275d8048cc39a2d3db5b74b38a63b717cfd1582fab3bbd8a2e803868c58f21a3bbb875f9abd740da206947

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    adaee6722d63c4f4047e1c329a06dd50

    SHA1

    3af87bbc6ef3761a6fe85b0b082f9ca98634be77

    SHA256

    003afaee24a5ffd580ac6925f35a0ec736bbd534cb5f9085251d2ae30435b27a

    SHA512

    e4417e8aee212694c664335de361b95ac8107bbeebf00363547db512cec30f3eba2398c7f1eb0b595f8d5d68ea1f7157e0a3eeb732675132bfaaeb7381acaca9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f736cbb034de34cbd254da400851e657

    SHA1

    2843d067539d747c5ba655416448d9017fd8c7e2

    SHA256

    048dd580cc7ed03db642f7120f5cf58f04f6d869e5ffdac763e5c4b18c0bb115

    SHA512

    07ffd61ed94f471003e1baa3c3afcb4f99c635590732fd833fe991417cd15030bee94ef521745ac1e076ff8d8d04d3b96b32bcaf1c191424ccb3b724d62d2e36

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    bac3ac64a8bf2d01118e1e5b15bf5ef9

    SHA1

    c3a0abe6e404b2dc4b5792419d4e487c71bba03c

    SHA256

    7e9f66f73b7691cdcf0c5bb291ec98cb19be284730d93dd0c3540f68338b77d9

    SHA512

    f29111874df216dabefd59b2bb485341c3792ce759045d37596426d92392d3dc9f9f5cede80ba501fe198b8a33d64fdf2f155644edbfb02ed2aa9a64cddb591b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    a3a10580bc9bbae80d0010b5782b30d1

    SHA1

    d63ac4232d859b7683abd4295ec1343da5d74efb

    SHA256

    10e8cf6573c01914f164d22b3cbf0e81ff797b4465eaa3a68fbe8a153828ff0f

    SHA512

    6e84c17020b6a6789660a50e494b04dd69e5f5622a4bc7585c4392ad56dc63716d1dc76e8111c647a84e326ab2e4fe5a0fe13839ee41537483316d77a9105cee

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e507b5b727ceec69c5cb9b2175ed960d

    SHA1

    f870158cd4717df5fdcd97132229437d6592fe36

    SHA256

    0d170319df2c05673834916223aa20c4132714c8745aac283ca58be23e15356e

    SHA512

    e0d2b8bfa8d69326c792932abbea31db19469dfb233f283c08b48c3215a76a1801a4ef65a7ebf9a10de471362d28d9d881025fa266f1a67dee443eff99bcd423

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    5178485540b52d77185372fefe796d0b

    SHA1

    9301cf8fea800c53f5d48fcadbbfdee65ca5cfc9

    SHA256

    e21c917bf2e0988cfdf47585ed4398c28a9382d1520713ce4aa895635e71053e

    SHA512

    f1f97172e26c790c0383bea41df25e4ebf31c5897803c335144345fd12791d6c4fb8d0ae5f9036cd6d0bf1e76dfe6b4e05cf6b75e1538daf6383ddd411c4c11d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    3d5d1f2c76ac0353e17056417d11920d

    SHA1

    aba4643e3f96d49fbb5826315eb2304b73285442

    SHA256

    c7091a8e3e804d11dbe19e76de135ad42f41b88590f76ca7c1738b36b0042b66

    SHA512

    ff3760c6d22407155a90c42fa67cb6b3040272c0efb5593bc7ad3f8db29dbf2c3efec0ac27931e3b9bb806bc58118ab84bf6cf69e47e53953c3cf9b6b6c27f4f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    62d613d23219f32f3215bd3edd5759eb

    SHA1

    5eff3c22c5aab64720cbced005d6a09ad25d3239

    SHA256

    e33340773c81dafd4a2835a0bc32cffcecbf68e0cc73278fd35776478d75657c

    SHA512

    181b0b03459f7bbf49d2af95a60bafc8d4fc2102f34fc097cf97cb5277139aa5777269839f0be11c2f29382d4981119001d6e25f6fba5c2ad8d7ca93a3c9f240

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    4597cb67ca5e9d8282fd6e56f11a3653

    SHA1

    40ab8e901bba1ff177df98620ec9c86dc36b90c3

    SHA256

    57b4006b1442bd990db4bfbf444a7cf978ff761dbdf04ad22820619d31715aa6

    SHA512

    d263cadc35215d03ff610182f8761ce92f878c5aaa43f954bc5f23a0c0effa8b2430a4031d13870a6a0a590db77612acce8e73de248505b78268a0ddf342158c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    349400f01240e0ed32f695c64fb326a8

    SHA1

    a3ad395caae1cae728be5361a0f108e263005fc7

    SHA256

    e39792188538f7fd8794201fe6d7d21190c614ed26712a4807107084917e6c1d

    SHA512

    d321a207693f21ba0c8b1c3bf79acac7afc8d328a4075afe8c98bb339425f87e8c4030e27fbbc33bca22f579a3e9ec6efbe18fbc8e8972ea6a105ad72cf262b9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1023B

    MD5

    e08ad1946e775422cb0e9b5bb20b15ec

    SHA1

    47441d7ed49f637bad3beaef63cb040d7dce8c58

    SHA256

    3199beb1968401c9746eacb3a197f8d9b36753562a968d0664bef814c907e2b8

    SHA512

    e715d59e7bb9aaa6ecb5eac55118913b6186e1a946fd5d0192ce9716eb2f15e6a9c63d2d79fb91c3899c0370790d3758d4ff5728d3afcbcefcfbe4fb5baeba33

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

    Filesize

    1KB

    MD5

    f58f40bf2df5b0dfae2b558e31c14480

    SHA1

    a8abac00db3d444be05e9cec98071d7d13be4581

    SHA256

    87158c45c3e375759d073bfe9978f7e53b6389089006c63084fd3daf7a6bd9a7

    SHA512

    b6b6d1a4f8715abae5813147e8d5cb8bdaabe4369c3fe74b7b326ad0eccf77866b0ba4493a0753f4896d5665f7e9ce2f61ecdaa371e557dd03728667a0ccb12f

  • C:\Windows\SysWOW64\HelpMe.exe

    Filesize

    1.1MB

    MD5

    6b10d2a8a979675036ddef0f3760159b

    SHA1

    4ad4ec3a4eb41d719153c691ae8fc0d3af0f5038

    SHA256

    f0a3a4e43a9f46e62eeeb2f718343aeadc6dc9672f6094ed7a130c923429b030

    SHA512

    eb9142a037a93f5d873496051bc74ab2bd8c2cb58a2b9d5e2664325661d31a98378860d492dd9532c72c20b28feca3bf0ba412cc7b88a2b98b514c67b19f64c8

  • F:\$RECYCLE.BIN\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.exe

    Filesize

    1.1MB

    MD5

    af01ad2b0b086f8aff6afc0170fd7d98

    SHA1

    ecee5230e4af1c6b850d445460325157e871f261

    SHA256

    765a0f669cf12cdf96ddc1f91e0defd8435d34c5c95e447104e40e5e6cc4075b

    SHA512

    0e50df5f309152575351b728c58f1bf4eada307cf25f0a4bf74559ff45b5b6b0edbc3c4c08f48fbc70655fbc5493eae2cef316df4bba2ed94d64520cfb29f7a9

  • F:\AUTORUN.INF

    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

  • F:\AutoRun.exe

    Filesize

    1.1MB

    MD5

    64dc58bd24a3c99ba0cf6a9e968cf955

    SHA1

    644587fec32034690c3c644ac3c1c1e0c76fd6d7

    SHA256

    d5bd5e131104a950d83a076005a7ce9e1685ad9c00ced88f3eb43da8b6c26dab

    SHA512

    b841edc19995ce99d483737ed48f5c6a0f3491804f7905f213564d5879d02abda8c8461d134a784098d1985e6a3cf3be341d6936bb7b1171b89373da102958e0

  • memory/2588-0-0x0000000000750000-0x0000000000751000-memory.dmp

    Filesize

    4KB

  • memory/2588-45-0x0000000000750000-0x0000000000751000-memory.dmp

    Filesize

    4KB

  • memory/4800-5-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

  • memory/4800-52-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB