e9a44a6ff70e5200eb7a5bb93168a7b1d4065d30761879b5119d3066d654f71b

Analysis

max time kernel
145s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
Size

3.7MB
MD5

02a18d897c930d9c1f74325e525ce6fa
SHA1

d6ea4abc5d761e68c65dab6c43fc1bf87349d226
SHA256

e9a44a6ff70e5200eb7a5bb93168a7b1d4065d30761879b5119d3066d654f71b
SHA512

8da4be895d35fa219861c06f6f1bf9f71686e3a2c6fda46377ea1b9fd0916e8b999779e5229f46f4fd38ac1cac708fbb4a90b6b208898d4f6b478747b4019869
SSDEEP

49152:iEs1syBadPOgo7kMc72k61TidyZNSLx4qtamNzM1nEAadHiXe:iE2snzMcBMNSLie

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

HelpMe.exe02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe

Drops startup file 3 IoCs

Processes:

02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

4516 HelpMe.exe

pid	process
4516	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe

description	ioc	process
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\P:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\S:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\I:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\B:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\G:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\R:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\J:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\Q:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\A:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\H:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\M:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\U:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\K:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\N:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\Z:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\O:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\X:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\T:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\V:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\W:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\Y:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\E:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\L:	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened (read-only)	\??\X:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 4 IoCs

Processes:

HelpMe.exe02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\notepad.exe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Drops file in Program Files directory 1 IoCs

Processes:

HelpMe.exe

description ioc process

File created C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe HelpMe.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

HelpMe.exe

pid process

4516 HelpMe.exe
4516 HelpMe.exe

description	ioc	process
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	HelpMe.exe

pid	process
4516	HelpMe.exe
4516	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe

description	pid	process	target process
PID 2848 wrote to memory of 4516	2848	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe	HelpMe.exe
PID 2848 wrote to memory of 4516	2848	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe	HelpMe.exe
PID 2848 wrote to memory of 4516	2848	02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02a18d897c930d9c1f74325e525ce6fa_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2848

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.exe

Filesize
3.7MB

MD5
e6bd82c4fda1e1f0f750b0d8b0605d57

SHA1
02bca8c19a0f53444148943bcbda0adef23fe813

SHA256
48a5f796b2ea14258d0ce02867395978d4257cb2c82de085c5a5e788086cb913

SHA512
a162c8e05ca755147ff927607a1c2404bc332b92bea2905043c9f0bbc770f2ab25241c84db694dc0c03910e14cd56c3d6b84c904a37a81ce232252c3a82d57be

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe

Filesize
1.5MB

MD5
c97362de8b3b1eeaab3a1c2d67fccd6f

SHA1
2e2d58a718414d14d3fdf73e636279d213617ff6

SHA256
b4a5e238fb78575f5026a9046d5b3389aa71f766dfd66c623f7d4e6b11bf4474

SHA512
f59b76e2142cb10c151e8147e5254c6dc4e97b32b5f4efbe16e0ed075f600656f9e6386db9f39b789e34b55218d1512fc904f9ce5a45cb1c2188ae97c4a84cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
069aba1040aab40821b791f8cf59609e

SHA1
bd23e28402521e397d146b935fde78811d283f2f

SHA256
5a73fc060a42d83662a9fb935569656251d515fe41c977d68816e193bf85b7d3

SHA512
4433c70c461a81e488e8230f10f2a05fb9aa2bb4501b3ddad0a12e8532952b7c67f342ca56388bf15c689ac98cda08e27dfbce0fbddeaf2c9473519acc56cc04

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
493e406496e002acdc16518de3bf57d1

SHA1
051d4991566a3feef80162f31da7e4ef7ebabe4d

SHA256
e4fdb2d335e3e41519592c38fc3a4a5ba82f06a2e31c81d4d7da8a0e154cee6d

SHA512
4e2aae49bb1264b3fd002d134bc6f0b839685de616afeab8327ce6f2401045829ec30f51d0d0054f7fa92b61805ebc64a07ba27559de95de40c47a3e5fbca4d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
326f9603b05148b2775f8cd5c35528c6

SHA1
8f3f12cf1f83a2eead4d132b2bfc50c4d8644d36

SHA256
3d7180693cd244e4c2ed020919754587527761092c3cc96ebcff326f7a5b2d63

SHA512
04b245de343c973785b10568a3d08302a42399209d54490ee022e69cd068f44454ff89c422521bdad7547e68c70d85242092247cc17c5e30d221c108c4c28323

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a0e0e4dd766384976597e3fcb5129332

SHA1
e555662f409cb3990deff6d588960aa6c3199de7

SHA256
9723ac9456757962436275b1dde1b56dac2ee6da1097abcbda9cf3c4148907ad

SHA512
156d52d056e7faf148633e0b4e4fface62f0df43ff7735130a53608d7fafd7283a9f8fbce907e09747e877fbb9142b9b46ae66f81eeab3bb40e7ee2287c7ad6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a19521e895c581f76939174ce9d27a06

SHA1
d428a4b4ea5d124d4748d198f188e06489a2407f

SHA256
92cd320e53e00e272da6ea20b5983331ea32cc98424765d10ba2cb150ce7dff4

SHA512
facd95125567dc114aa48a1baa97efd6ac0d2ba6ad111b1cec31c68e2f2b488897e06f52a63dbcca80537e687460ea9ac0a369df05a152efb9a779f405cf94ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
68be6ae78ef2176ffbe75d79167c5ff7

SHA1
a677e818765a56feb8e1f4f5e8962081ee7d425e

SHA256
f5412f1392d4aeb15f3e52ae95a70362dbc3004d43754ca6da2611c175e7175f

SHA512
3dc01fb31ac7b57039dca846190e16634f8fa73760f4d219cf66facdef4467855c88826fba25d551adca082a2cb049b3d62eebd1eeebe5cdc92fb375bc66e5a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
47a7797e07d5d1bf4c289ea9fa2c1a74

SHA1
544b3e059c23590e846ea48cf91f1acdbeabbc9a

SHA256
4296ac536363ea82638b0ceffa3ed7e8ab30467c91d266dfa37e8ead6218b442

SHA512
7ce97dc452d74ded20bfda6418f58da2b25b6c6e83f87b74b4574896386e25daf2a1761491708755a9fcf75762ca3526e881b2be50796290e19e0ade2ab39140

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2052c326b4816ed7fc61acabf446d489

SHA1
328b708159765629b6d70a18548cc23ce2be427c

SHA256
6239d3fc4d860f9da8885f452d807c5a73b767ac19588ff2117019d40092cdc2

SHA512
9f6aed1d3087901083d00d72402418a40826dae9748447fbdc62310bc02f135399d31902e6a6bf74eb82dbd157eb4c84c81ea8fa450bce754f5195d3c13aec26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a7459a3c7bac4aee83a6b55008c42727

SHA1
a0f4f782f7b42c77630b2b36fc621390a8a4000d

SHA256
2e554989323fcdb11eadbaa353ffa947ec31e7052ec5196c8a36c43717a42b9f

SHA512
afb0d2558d85f1e173a176c6c0e41bb960bc3e557132630b9a83781e382076e73b6b0d2d2e4f0903faaeb7dbd0634bc2f82ec034cca1ef22ee4bc2066a8096ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
716fe52d13909432abe677cce5082db3

SHA1
4d7fc91da8d987436841504ef57fc7bf24dfe4a0

SHA256
2b1c62d2848430f7f9632707cb9edb80e02d083700fead37190c09be2822d4a5

SHA512
0278950d9637bc9c01bbcbef1eb5e25fb0ba0af5273c1accf8545b5469a2d08296ebe7de1afdd78289ff759542415ea075b777f3e6a99b1655b6b2af9a7f85b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
505eda42184ea6041b399d0c2f0013e0

SHA1
8d1ce790da7d0a9bfcd6597d5aa84ae54f756931

SHA256
d7642ab039e59f1e79ea8dcb0f3287fd7f2123112a5d07e35056b81840641d5f

SHA512
19fec45620a6d0523c9893a652f65d23e334d16aac1ea60b8ab19f49a6fc55fe3357ef59caba6cc13fd4f31acf37b29ff6c368d5eaa6f4c7cb2b004b0b90cabf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
52693a8e34dcfc39e44dba4b416591c6

SHA1
6b482c8fe6a039e10dabcb58ef74505c0411f223

SHA256
ab1086ddf5c8fb3dbddea46dfd4d94b79b92178218ddd30c559a36460453bcbe

SHA512
0c8ae51b86cd1854cd712549fec3254f473f1b51bf082e58cb3dd44be64dffde27ba69292964261c93e02502902e2a21c95b01a64c4f12fdfef754d6c9ab179d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7bf12f25e266955dbb5a37f99036533f

SHA1
73ebe2f2b0210e1d0fe2e1719871801e9b148a34

SHA256
79f38fab031cf178b034bf60c1d4e2e2b71785f192cfcc9f9bfa5744c284a8d1

SHA512
ced266bddbeb1a7e5fded2e0a9006b6f17bc48da73c6c55687716b488d0a589adf3c752a590c69e5de0cdd0f64f7a37b0320e856a22e792c951ab2898a59f203

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3c9455ce8f562b56b75fa96e2a544350

SHA1
2c8ea3d83d27f2905a813134029159aac5627c55

SHA256
b5ada75169cdf43a18ffb4474a8f047ef1f46bf90612cabd28dae0a4e2fb29ce

SHA512
35b1f34052aa54883eaabebf8102a24b0d53799571b0fa4424f39f8621bba5f1a0d26897278419020fff6016b42d15eef58180b25412e338d09df6ed64560073

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
5009e6d9df6ec222a6036ff8a48bb43e

SHA1
d5f2c83640f1ccb032c251def39e8bf17cd228e7

SHA256
3f8bfe743729e676fa3d271f4a7dc5c216e6a6fdc3bca35dfd1f1c9afa23cc62

SHA512
cf254827a25ef36f855fa171f270d63f8d9cf76437029eaf819f56d4c1b717c4fd60c92c78fe7c99277fa99f2d18f046a811ff2309b83d39b74264d0ca224d8e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
abf1595c938f8b6280380e2d1148c63b

SHA1
4da14fa414557d844362c82f14f9b4e790e19cc0

SHA256
a7c43cfe7898867518233f7d7dbd4b761ac226b5fb56360f576d7e61b6fd2407

SHA512
dc2a85c14422bcc73e2752828182e9815fe5e992ee131d01ab2d05df2b5557dd2040e2a5e2966c56998b2f275c4f8df2ecc759e6fedf873c0bd270845289a159

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
73a1e2c671b8fd72a362d5d40bb68df5

SHA1
d117877dba19f48f0201c0cf67c7318159209071

SHA256
40eaaff306ecba51ddfd77c3bc1a3a69b4d76c272dc0534d47e5f2fae65f58e6

SHA512
7f4abbe6b5c795ae84ac582b490e1f417277718844f3e0c735573ed9fc46737e5f414835c3d6e0abfae8164a7a8aacbcccc6414c11de1874c3f023d05a2da36e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
597a623fb29d855f6d12f1a1bd94642f

SHA1
05d07aa495b00c68537ca2dd5dbfdd4fe0be1812

SHA256
99114c63cd8ada25842a8ac9ae90a116bcafc84993dcd1d6aefa78f9eb061bab

SHA512
744ec99173366d57b5af861bff6da762fced12b9d1b38470b74da625226af85040f3af9919acb1a02e5b9f5b8dd310e77d0233af961b3954f7aca427dc7ff1a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6a5130b3793caa70e5aa0cc9c433b13e

SHA1
860353a37f6213f22ce296855c6d3021f4e51b7a

SHA256
9801f56864c4cab16ca8535f0b53f62e0ef79b61acb7031c19b3346cc4c80047

SHA512
f3dfc26fe43cf02ff83817212a694ecdbbc624d3d1fc324991d88ddf1c2a84d617ff484fe1ad0ac287a27d7cd79bc1eba9b7cd93f237150ae59e557f62455c0f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e597b073c6cf795310ca226e20aebbaa

SHA1
d1ffaf7b7f73ea4933e85be0ceca09a1004dbbe8

SHA256
939077107d7e009849c8caa192fe1731ff01a6f75bb590b25027c09b9101174b

SHA512
2d8fa20e3bd8fb395ab4ce7d350b8bed291c8b9363629fa4a7ec4e6a22ce48ab28322176ea06cf5905b1c6b7f7d4fbbbfd65e77cc14d79fc80c2a9f8ed64b0da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
19a89d96014fd77ee4ee5ecae75a7a1a

SHA1
4d0692b2395a47773221c26a2a4654fa6e57f4db

SHA256
3851deb162e05dd6adcb9c8e7bec5f09ae18d98b722c58bc5f682b7568c1ceaa

SHA512
618a7f5cbf941d97617e331203d32c9dea423a539c23913567abe52118ddca8d3d7ae6db36ba8b32edc90d75c17070096eb4c0eb03da07277923826109b1d9d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
ec57c171916a769574224c1e02a7ae28

SHA1
817ba75a32baf4bd54ba030bfb601a091696bc1d

SHA256
81e8660f73fdd5b3b1a25ad8c3f597f1a0e160cde5c66c31c2af8beda5148b13

SHA512
8a3fc3ecc649d4b38fc3bad2bd9faea11467197106b6827b60e8b57f81091a8ca1127de2558103c12208c32bfab8d58b924319d6bb23515241d80707096f65b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f826864cc242716022bd036ae3b07e69

SHA1
dbe4e4065a10c05cb65cd08db5c371862ad88870

SHA256
27988abb98fa4ca849276c4479ab0da636c7ef34480b97aed409a754260456ef

SHA512
c78c591717d378fff9e39cfd6ff38239e04e6f08c2cc7378efd84662f99007783ee8fd9dd4b43af597979efdd0f297f9451923d8f484c06c5f9f6a264f952763

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7f722e2f2f079522f02f66cf6faa023b

SHA1
c5b9e491b0cef3cf7f0d9aec334280a33ca07e56

SHA256
ec5e02de834769db9be4d47861b77c0471c0449aad5df25adfa39564d2b6c917

SHA512
7dad673813d45e5d651db7c101549edb284e0cea30257a4a3c33908e8dd68ab5a6464f5e3c52c393ae9896523d0743d648d10e749eabb68f4b711edebbb66503

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
46b72a278d27105f9a7f748b4d316309

SHA1
46f0ed79d0f281aa98bd222c8e4d190c9637753d

SHA256
d73b1d7d732d7a2215868dd15b6b45824b1059cb8d443489acda07eb832adbe0

SHA512
e9800c69a8f3cdacf8de71059740b2559137f3afad25fcc4d202a8d1cae9ba1b0433353d29943c4cf038d524096b6b73f902ee89884fb3eb3e03b45fd0a7af10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
842083483499d806c8882c3462da0320

SHA1
dbbdefcd3d6b4a084610b37da77688bef8a994dd

SHA256
b41d6c90447ce4297f3ac24c5ae90ebdd741b1994ef529e950eeb01798d4945c

SHA512
d72da8ce6009d9e4b2c733dc62d9a5fcc7e969a5379e38a5cb59e55721cb85b118063ab811966c573df0f564828caab1cc773fd80fd3a0de51d379e17a406ae2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0f16a2b544a2369c96285f9c45af218c

SHA1
6f122c06c93c97d8974b6d361c8331a0f2553764

SHA256
58a427bea80c2bc569a1dd36fbe53ae88e7a15f9e81bc2a7923746ef9c941372

SHA512
0bcd27e414f614e8a20c6efe52aad995e0baa1951aebca070602a152c58bcc8972ad85d9b47a996aab4b27294d4e288d508f81500c9ecfc5feee1c1b1d0c2d02

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b88fe77389070b3a36b6fbd8a8a1f551

SHA1
65aef43e66645d5afb5370d5531fe25f07dafef8

SHA256
f6b9e9af86106e4fe016545b184c705576324e6a10c11cdbccea52fbb6671e71

SHA512
f97dea63cde1ba0b9eaa026e3a706efcca39bf2452f33502e34e1c345cba15dff427a3e87060f7a9269dc9e9e9515e302008ac55e22da161306dfa416c8ae18b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ac0f70fb9c512d35305fdb82ca35220a

SHA1
4c1df83275ce1d4741d4e75e2e1df4810ed35389

SHA256
e831edeb9a8dd26d690f1597ab8de83e4d7ad10f3799314bf65b84bdf1e0a494

SHA512
7b5efdb69a0893ac0a47be0eea2164e68cae5eef09fe856781472c21548e6d1873d579520cf512f41be77bae80278169d7663d186c531858c2bf7c487918066d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f249e5d5262046bf01e35c134bc0d507

SHA1
c9b4ce0d0b24e5b0734bd87bef85279477431207

SHA256
667d40c3d9f35b0cf16e5f6fde3c2f2c5a618e0896b71dab8378da12c0bb702e

SHA512
d91741d5649aa3118ada175a53e7351c47f77dec5f7d030cb503b6a4327c2d7f94b356ccbc8959d0ba93a2d76679745d206224b83b9394d968193bbb29ec5d83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
581964ef20fc93029ef106966f471d0e

SHA1
7273b374eac1e0b1b51b5fa05023d95e86f0642f

SHA256
bc40d8c3f76691ca5b81b5e72204f564bc1295b522472f2fbda5b60a332b03e8

SHA512
f1fca6754c0017bc78bc76ddb5d87f92e2b56d8724d5ad085fd5f08b66b698e2cba0d0e0ad7f51a55d4fb9b80d0a548a622f695292001e57fb13284856289e46

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
49277ffa81fbc1f88df3683bd2990ffa

SHA1
c90b2befbd9491a08e692fc686cbb52be8b2575f

SHA256
a28de3136de9676e7c93e16d64307cc91f973805118389be937d72610ccbd880

SHA512
34383e3f56f2ebc91ae6e7d57479987c91d9749233f9cead77bdc828dce1b6141a63434a733217b0688c73a08e258f520ec2c3aa2f4c3d892671702b04ce03bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7e9caaaf13856ed2d0304fdcfe58073c

SHA1
352adfb53e67b4d5764be48cdd8bd02f77ef7ee7

SHA256
59ef5735ecd8ef48b664472715aebcc1a04913ea6582606c207f6a5330c3937f

SHA512
a63f27e28736a517e03d3c0fe5b1ad9d84c88ebbe4834229ba06da1aee3ac44933b0ac45d3efdf487e23cac7b6069a3f9bbfb8b6746fa129755783210626928f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2f57a997a67d4e640751d61cbaf0d5cb

SHA1
1f1754ec35b929af63cbcc62f4ddd1177db0fb94

SHA256
f1899759131f25058212eee2c93ff4e824c6463c93f87b74eb0cc463213bf1a6

SHA512
01274321b51c7cb383e494d71f78666808b11446e6893a0dc34b4e761c4faee26a2074cc4a5775b2cde682af8d8318a7fe5fc15c714bdf99f992bcc76eee0640

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b6676972b1c4bd65cab437269d12dd75

SHA1
526f2fb5eec9887a73aef47c1ec169e6cb52ea96

SHA256
743593c53dab1dc91009ca97cc867a284d285c4ba27c9493576f12a34cae33f0

SHA512
baccba895913825027a6a7587608d2f45c6cca6c9ca1b9606c25d3e3522caacaec513060cd8bdc76cbc62e4afd1862806b59ac4b7632a1b08ef58c86b01441d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f92bbb121bed677d63d0c70b79c87c95

SHA1
9f524f7d80726277bd48b64b9aead0aee6ca68ef

SHA256
1859f1d9c06461bd3915e3be01cd48fcffced172b40643e4bf76fc453f0b02eb

SHA512
9d4ce39b30981cab945a0caa1980ccac073161932509e0990520ac1b2da8f1fc8ae96b4b113b2e04a4872d39604ac952a4e426a35f36e83ecb2fc733635f11d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a72588885beb32ba326490cf7b47a4c7

SHA1
6d4e2e8956a03b29ef8e87935d0ccdbe626810c4

SHA256
ba64b8417ef4da24d224e8d3cd611b970b3e08670562ad0ebf80dfeb180f1900

SHA512
92aadabfaab837c02a947faacdb7f0a503889e6ca953d31cddb11cf3e84c564738533b41867a2513c2242a26e76a887045e3a3b869a84d7b9f1f6bbaaed6c689

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b6ffcd287b844a7c3290d9d1d3c3cde0

SHA1
a940ec2af31cbff938f0e29d6d5b6de2abeb1896

SHA256
ebc32437461a00ba22abfc8061f771b8509542afda62389600e7b624c722a078

SHA512
655b8332c206ab57a61fdc685fb61b6a0f593319c25dc40d24939fc6d8b27eea724f9d333f2a68dbf43992c82b8b9e3424d2dafea414f7efe83a4d766123066c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a4e0327b1024342dede223c2e76e70f8

SHA1
3e69f69d203699bf2fbe2dde92704578938a90df

SHA256
a39a6323e9fc8b269eee974d94f84c5ea645db5c0d4cf4f16456de36f48211cf

SHA512
c353f0d03ed95bb1a292ad36987f9306960d0a9ad84d29efa18bb3745990bd142c2f0d952440cf8c0096d9c43d2401f463f80d17656d3669865e41026fa323f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7184816af78b86693dbfdea838d6360a

SHA1
67830d68590dcefb8dc6ad41d6c897e9ca1082ff

SHA256
40e5ddc065571aeba283c77e02d1c2d949709fa68568a7f2b7ed04854cde3d3d

SHA512
91f3a6be1f7e93dea15a05f0d890618e89e27e843a80096f0e5b4b24ddc37dd005f3350a1536d89fd7ce1e89bd8c919728b24ad9cdd7a7983d66a0d23e375288

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
228a75aa09364d836e188257684699f9

SHA1
5ad44be6aab24fd7baaa7713a6dd1deac890c6e8

SHA256
77bcde8cefbda4c5b6682a0faaec52d1fcccf89f9ffeacf033a796daa3ad505f

SHA512
e85ab734ff0a0b6a57dd4f4a269fbbd3b38f752085fdb5c074f97525bc2b98d048b6461cd33c7e66fef5d1ca21b70863ce31bd729a7bdeb76089a6ba2c41443e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f5951d9205f7ce989e164d5a9b803fd0

SHA1
0cf17efc15a0c2fac0e3add484c64175f05f6942

SHA256
f3879092c9ec189b024a74784f07dcad534860f565134547ab967c300223bab2

SHA512
fee805152e02bfe111dff2fe3391df306da82b2930231baa9f751fbf1c21cb866b2991da236b4a208dfb83f250c113e913d21ad013d9784d62b15bb8534e00f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
4e2b2d8a0541225e888b2528f2ab2805

SHA1
a755e224f8ad39348775ed78a58e77b89562e8dc

SHA256
f676d7f467b5b015e350ff5643dc59d03cdd3ebe0f622a8f4799f8a0052aec84

SHA512
8c7c7c23f9b36226dcda03c106313f6c41e2411a91725cdf281e17c07975c0991771fa8de4cd336a3b74e54439adc036ae059a9c0ac6b3018a86bbf28baa1e0a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
50b71c2838ad9f5066c8926e2eb1e21b

SHA1
933bfb21ec11e3132eedb946278e1944b0aeff3d

SHA256
0466bd3a5977d63bbb449b5312d85703e4e7e050849cf45a932ef247d0764603

SHA512
4ce02f978e5685d2fde0cbf11a1805d200c3aab8e1c90f693735c7615613151b5d117cd0b8933c1b35321bedd0e05aa2ce0c0f11b34bf71a4101731447322e68

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b66e44cf27463d799fca337ba7ec9288

SHA1
72dcca92761d19dee9d8edc9502b9b9db3bc93f8

SHA256
f5a41bbd0dd3925ea2a43155175420bb5526fa7096f0918fc0acfc01f38175fd

SHA512
3e1d759f7e47ac6f75da1dd8a652ccedf1db783f9778f1ab0f42811a81ec4fb6f119c12a70aba10b87ffc806befb4b7f919a860b4015419e8ed26d7c60bf285b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1a62d72238bb3ab4b32dc517f7665f71

SHA1
b969fe3431c9506fedde8583fa454c095b6cf364

SHA256
1bed734ff947c06536b5f4b3cbee7406de0dc16dcdaf2601ccac9d6a3a112097

SHA512
55ee0960c4e74960fbcbab7a0c549e24a807677306fe09fcb2bbb136cf03a2b3417a05766671761052b9ad487636e22f486728d211e74899babc68483b0ca130

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
29eebbcceea4b20a68b323f4b59ab3ef

SHA1
4b1271b543e34eee030143ab7b43ec8cbb6ddff5

SHA256
bbeb7bb39c1597a7af6307f806696d48b361232f0368cc63ca81ef3683fa2e79

SHA512
fdc0d2c94ea41517c340403bd17ae07bd3dc0bcedd7149cc690d651ffddefc8b7642e87ccd00c6c22113119d1a99284e592d5ee2948fe9baff7a0ee89835568c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6f85fbc92d151fd8b89d4fe3c7a61311

SHA1
8bbc353dd714f459ca4fb375651cdc326d45a817

SHA256
24d807dd0833e9955c3b83825396aa25e9cec7da04716bd664c5107e05e8eeb0

SHA512
ae063ee66756b3b67342e21d1e5973205f4736533d5258b72ce007f20b25652d4176d3d265009980ea99045e0895b90186a9b19ae5ea65a4e657afd12e2fd396

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
25492055de7c52325648c9b0627ea90c

SHA1
50f25346aaab4eb9ec6e81b2920bfce1174cd0ac

SHA256
05e869a6f95c421552a1b74cf6ca2813fdc6d0ee5e226541511f97eef9feb0e8

SHA512
7c6204aac2cc2c186f400cf6d5aa1b6833c88886a2bc3a025d0f20bbac759ae46bfc1a231fdfd50b25ed6a40ead652741531f402193e81f66756d5208e59fed7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b73715b3e567cc4380a4a5b2313e3772

SHA1
ff5e397c24401030f167628cb71e5b5695fa25b6

SHA256
2c3b0833af75ab0f3d4a0fc95ad9094e26fa8a76482e28c975d5e1598c7daff0

SHA512
684861c0347fe3ec31a573be10246418db34c53c7a5c03d65fd1483fc76bd5a4b9d4e38a56d2522a3cececa9346343defc755f872b96f01f2079c9bce4c42e76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
1f704a6bcb7272044fbbb12a36ed8986

SHA1
85a2932fa7e8a60b33e22487f5ce9f61e35cb82a

SHA256
f43ff4b17471b76e34aa00d840028844c0da8e4edd852877fd7141412cfaa474

SHA512
27f7665cd4e34c4389b2b13f9e208a1e090d5b41e8c15e62ae0eef2151bb268eb8950243514da3d8a515a7df27f298a6d8f2d5978e5b8605e5c1c680b662aa27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c9a9b7c1fb61dbb630bacbcaf8038646

SHA1
9906af63352edbd2d11446a4ae03193025ba9d11

SHA256
e5f754341a820dfef3fe7334f2a3dbe7a3f58062a05255f5a2b7386ff1a51684

SHA512
a75af90c4967bcbd0900218252e5582336efaf3b9a41b98b7aef0162be3dbfed169d451c36ff362dbea137d0239d2e2fb91d1b6816ef8b762c81e65c6669d5b7

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
740KB

MD5
7a6792e7b74caf1d7b2bc15de0d6efd6

SHA1
c5f8892c0eae77f937b61bdf4f4a7c0f74fe1392

SHA256
3f689b6bc94796f538b26107b9125f6a351eb4f57dc1b93c667f9a016fa888cd

SHA512
6a4938b65fef74ea98fd7ac13c7cf029d6556412bb8121527806fb8ff288db6cc13206da993bd5f3ca5f0e3627027e1b82fed76c7a289020cdb8f786bb9d97f3

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
3.7MB

MD5
02a18d897c930d9c1f74325e525ce6fa

SHA1
d6ea4abc5d761e68c65dab6c43fc1bf87349d226

SHA256
e9a44a6ff70e5200eb7a5bb93168a7b1d4065d30761879b5119d3066d654f71b

SHA512
8da4be895d35fa219861c06f6f1bf9f71686e3a2c6fda46377ea1b9fd0916e8b999779e5229f46f4fd38ac1cac708fbb4a90b6b208898d4f6b478747b4019869

Download Submit
memory/2848-0-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2848-60-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/4516-5-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download