aa7c5e6e9e377301576f0ce37320b915d35f4c2b22eb9926f2ca5622e0fc707b

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe
Size

1.1MB
MD5

49df499ce823e33e888b896d894fd74b
SHA1

0f8b3ffc457df9f8221bdc21ba426c426bd22490
SHA256

aa7c5e6e9e377301576f0ce37320b915d35f4c2b22eb9926f2ca5622e0fc707b
SHA512

5bd721b29be5523189955bb59bb50dfd03d683dbb7eff80f0036da7e205449f164a34767841edb1140aa7eba2389ab52b913b876c527dae450a4f3b2e687371f
SSDEEP

24576:ZMMpXS0hN0V0HzDyo1tj9E6Ehg7mM+M6RkMkIM7gE6Eh67s:Kwi0L0q7tz0g7mM+M6RkMkIM7I067s

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	MZ

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x00080000000235de-3.dat	aspack_v212_v242
behavioral2/files/0x00070000000235e2-8.dat	aspack_v212_v242
behavioral2/files/0x00070000000235e3-11.dat	aspack_v212_v242
behavioral2/files/0x000900000002331f-43.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	MZ
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 2 IoCs

pid	Process
4236	HelpMe.exe
4164	MZ

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	MZ
File opened (read-only)	\??\V:	MZ
File opened (read-only)	\??\W:	MZ
File opened (read-only)	\??\E:	MZ
File opened (read-only)	\??\J:	MZ
File opened (read-only)	\??\O:	MZ
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\A:	MZ
File opened (read-only)	\??\Y:	MZ
File opened (read-only)	\??\M:	MZ
File opened (read-only)	\??\X:	MZ
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\I:	MZ
File opened (read-only)	\??\S:	MZ
File opened (read-only)	\??\U:	MZ
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\G:	MZ
File opened (read-only)	\??\R:	MZ
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\L:	MZ
File opened (read-only)	\??\T:	MZ
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\Z:	MZ
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\N:	MZ
File opened (read-only)	\??\P:	MZ
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\B:	MZ
File opened (read-only)	\??\H:	MZ
File opened (read-only)	\??\K:	MZ

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	MZ

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	MZ
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe
632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 4236	632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe	92
PID 632 wrote to memory of 4236	632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe	92
PID 632 wrote to memory of 4236	632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe	92
PID 632 wrote to memory of 4164	632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe	93
PID 632 wrote to memory of 4164	632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe	93
PID 632 wrote to memory of 4164	632	49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe	93

C:\Users\Admin\AppData\Local\Temp\49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\49df499ce823e33e888b896d894fd74b_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:4236
- C:\Users\Admin\AppData\Local\Temp\MZ
  C:\Users\Admin\AppData\Local\Temp\\MZ
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4040,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:8
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.exe

Filesize
500KB

MD5
60dfffd3ac510ebab4ed1fba33fd91f9

SHA1
4b50eb04c477eb8ba9065df574c54560e5e09240

SHA256
900c612a2e270d8c2c415825806c716a0b0a83dbc8e0e153baea3133e6712ba7

SHA512
e1d0447ebe886fc5cb07d35d5c466bc19d3f55035a1aa5140f3a31abbefd617158364df40133e0301c328d822f46057d87febde59ddf6b94a67c25b47d44ec48

Download Submit
C:\Users\Admin\AppData\Local\Temp\MZ

Filesize
1.1MB

MD5
49df499ce823e33e888b896d894fd74b

SHA1
0f8b3ffc457df9f8221bdc21ba426c426bd22490

SHA256
aa7c5e6e9e377301576f0ce37320b915d35f4c2b22eb9926f2ca5622e0fc707b

SHA512
5bd721b29be5523189955bb59bb50dfd03d683dbb7eff80f0036da7e205449f164a34767841edb1140aa7eba2389ab52b913b876c527dae450a4f3b2e687371f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
18e0e48c118a249e4785b506a2e1822a

SHA1
fa9018bc15c0ba52afae372adec30a759cf5746b

SHA256
0d5af068af7467ee7a0131f9731d2e7818f03da4f5fd0eef966372f71e21c68f

SHA512
b48a46e6880e4609091ded5474422f2f417e00005adc693e70ebc4176e45be76933b0c034c1decfc7ea18ef02840239de19d0bc871ce717552735d8f5f21f941

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
437efb14d33db04b9d3e8055a7653225

SHA1
6eccc51927d2500c62f633d0efe1afadd077f27a

SHA256
5e52fc8336fc991dcd748d9b4bed767286f3ccf1cfc4a2ae96a06f6d74442a8b

SHA512
e85d3fe841724d29759d285b720986a398a709686fedfc32677a0521343b9ec7f1ba2c0b1c4e1c67b06f75cf1bddfffbcc7157e9fe4ff78b0641f6d80fd26d0b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
137b3eb7c1e105d258a19f67feb557b4

SHA1
18f4944a2c2898b10c5123e6e9ba3e8cad0a83da

SHA256
cbd84397fb77e8777ce8b4a8f91f0d83d26aad297a1f3646723e9bf66a59d772

SHA512
aed6bc0e06a27abd560056076dcc05077f16c370d50802f0a1f9dba2667b31bb1e81cc0168943eaf7b0125027313d54911969ba7fe8ed8f68b5d5027e1106599

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c046689f64497aa523276ae6c4ddb31d

SHA1
662f0628721ae9c4857dd0b8d1eed8800ac36ad1

SHA256
daeff2bb49b0be07b79cb1617c31501438a7ab6524863bb1219cd87f5599c011

SHA512
e651ac73e7647bdec7a12e29fc18b3ee47dfb619c0999f0c40b2b5d73b3e7c1253a9b073b00bc1445ffb17d10751cbdfa8376f131e27e8188dd013e057e187f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6e682c37ab38a183f855c460277d13b2

SHA1
f69bf414a009f480e836b4e5104903de094e7219

SHA256
bbd4ad46b20e7ccb78f81009faeda713f412e792b45115337f3335d586eb6d70

SHA512
d79b993777f86ba6526cef407f92f8f0094959e61d135a14650744078677242aeb4038bb6690de52974621efe9b437820a896019afc2e2c19037198e599dbbfd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0ea737513c17f5e7c577885a77ca15f1

SHA1
423a488654ca1e23d79b642c83cc4d648cb58951

SHA256
9042c32e75d198316e3b3bc4117f146bb42817cd7d5eccd30765b7ba517632f3

SHA512
056ae97c78a2df7160b94d5017fb81279ead71b321f8239b8ae08970cc0f185a6b0cd286db6bf1152af00dbc18a4c7b631d196d13d4719b6acc3bebff60b97ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7c7583199cdde17f61ce212adcb12818

SHA1
29775820ada867e3ec639413dfcd65d727837a0b

SHA256
66176539890f438c1c065a079d1a7ad118b70284696d39c37c5d2f43a048c266

SHA512
625f93f60905a09c1b8c907c5773bc9f4ac2f28874d855d9e1ac015d59988212e0471566a507df829a9762e770fd9680e8ddca93a99f26a147fe60827e4642c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
06a0d1f94c663bcef39e0364940a607f

SHA1
fc3e745721c32ec50bc0ae72ac9e6db371a1672c

SHA256
282bc372d623636ec637c47fa8505a3c4e1e37c90a22aa1fec6df027cf090474

SHA512
5e5b81ff6312ef0a8e168b2d5a84e506ebe110e502bbac9185c0f5632371891d4256d9e3f6440697aeef3d2bade690ba00884304166a2328a2a1f35dd963398c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c35c41ae0c8a7d3b8b5228640c65ced0

SHA1
94870b40dffdde3251c0f25bfa759927ecd94ae8

SHA256
ba85eb4d34ce7492ad2727ef2dad818d9315deaf724a607f1d6b8fbccfcc23f4

SHA512
0678eb71ac313c98373e23449f6d5d212346d62ba5b564d2cd501ed9d992d0a1b9676b1e363354933c40a17a2583c39b8b1bc35bd8c46507d63d4e070a9fceae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
fce9a564a8cbe4042b12ad9e71e40417

SHA1
259134e7be9071986811fa2a3fbfd72defd7ccd5

SHA256
07c2e120b4d78269f86b91efbdcb8744d8972948d4493c61ce9066901a8e55fb

SHA512
309b890dc32d7e0c8ea6b3dfb66c611343b3023b47261b1b49e0e565cd1ada1ae6e3930d751bc65fd0338e38d4a305da3457340033cf444576640de7b663d851

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
bd8576ab6139f6281dc78a7e3ae59f16

SHA1
f97b69e9992dc27cb6ff6c3b98e2027fbfaf0724

SHA256
cb725705e358799eec8019af981a982045cc16e77f05e5b4e7f56e49207ec585

SHA512
42ad0b9fa2b143c288512ec98d348661da614aebce74bc12c1de87b3cfa6bf1b1692e38323f62fc3f2e5e24ec3bf2e17ba8e0cd3a099d9dae9e9117fbb68f9b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3900fff8401fa2b85c063e9fbf172696

SHA1
1c98ae3d6b971ebe87ee51a5cf189f1a8883b9fa

SHA256
49bcfbfc9f1da71aac1426baa28b48b433a9e043b8e2fa5c1f5fec7b3af8dc93

SHA512
6ab0d28f8e802eaba7c63375125e80b5fe560d44e5ef90482e9acc4cd130bd6e5bd41af48f0aa36c33514f5d4876fa4ac5551ae98c2869db798ded5dcff72a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
6467e3416ca6d47b74779f3343502c6b

SHA1
2dd928f5eaf56eaa33dda721ff89e3b91e6be3cd

SHA256
2c7aa4fbb6487ff64446281f6a17bf80c63422c7feb1d7715ce41d77404a15c4

SHA512
ad6fd150818ea2f55508d07ddbbb9d961917bf580733536e9ad4badcf6465687e34e264ce6e1dec3c2a1addd1647812215c627ce45d927b640dfb929865e53bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
be9c29143b394d8f130cb500f422f9fd

SHA1
a6fff9438a29829b6e958a0b4327b405f0764cf7

SHA256
5279c10e7b069b8ed0d2a20d6dcf8a6f8c16f275407aef9d2e77fa81925da490

SHA512
5dfb6a571a3220243c93a0523431d021bf3b59ec74f9340120b05d6f8b847761b15a15da075ef346aca8d4707065b6195f6cb5518f057ae395b70ddccffd11b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a45690baf4f6b2933221e0c907063b35

SHA1
86cf5feeb03d62fa8dbf8939415cd6ccac7eb653

SHA256
eff66c7ce026309e833c934b8059bf2c5b6602e2a3f0392e94905b7e25e13417

SHA512
a419efa7e9b632250abac4bc80cfee650ac25ac09a0cbb8fa080d65bca51a075e975b5efb405c19a16e0e09cf382dddc5c4b46f9866e9bc76da929cc91bd0770

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9105186234bbe35fe4f493cf169698cc

SHA1
225f61be453493e6013941181f30aaf8b6aaafbb

SHA256
193463f81e0c52c3ae6c47c9eaa1e062c18302d22fc24e2d39b9c69855318fdb

SHA512
07ab1eeb395114de845ac04dd1a359b83ec15f6341ec0397a40310690a2585eecc2c51528328de2d724e3b22b10353ece60853ad93d933f370b9300c1b44b7b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f54da7d0b87d4b924024326b9c9b57ac

SHA1
8db9b692565c033c00c6db739ab1889b7818bff0

SHA256
3ecbb3fa2dda6cf7e069f47d663c59a652b0f0a4a142ea9185a340c9ae6a4485

SHA512
ff81243cd07f1a7494ea8badb099e8def2b571d1a416eb067a233f6d7abfa630cd8166398eca018f3d1c3e077b7ff5116b7d831d8db97a1f18d6ed829c935769

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e1a525857dd0cac905d007ccb6392db1

SHA1
76b23e5b65aebefae8d84dfdd0fea8a2f696d907

SHA256
734971138cf29fb3e5cf902aed92732a56cbfe98b3b3a5bcc384dec8899e166f

SHA512
0559f195804380ebc22ad42d1e0cd52cfe3da8b908cd5c1fa7bd0ccce4755dbe70302da962070030cbcb215cba021437984f725a4f075c0ab46ed03c02c30435

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
59be08519c787cec6827fd2c3c0696ec

SHA1
3271061275722b1b929ccd740b71343b305acd43

SHA256
775cd201e577d8665bc2a398635e2b4a2d10a5bb874d33cce05c3932df30f743

SHA512
ba9ffa2801959d8abfaed2f16acd318917031cc3bd5c31e5cba60e54a8569fcce3b24ddebc363a9dacbe356dd34a924f4f83267327146d63c3994e2f02ed54f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b22c861dd886cc1a8a31f02ba5b43ea7

SHA1
c6456b998e9e12da77f1d4b890bd664292461b4f

SHA256
d41c70be65b2a1b0af26af8853b8f4538067f98d0ca8d009d9f5d619110be19e

SHA512
40e9d96b6408096e2f96fcad2203e31274ad9cb9d950c94fb1bc418b5130619eb97892d276d3c416a5c8153e9f5b6736daa1165885fffd21121d8aaf48387d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
55af21a8f71838600dc7766653c33827

SHA1
b5c55a54d96e2e0ad8085a7d377aa93f66ff84aa

SHA256
cb1b0d9d8f05ec5e58164e2a836611b8d00877e925c4d81c6a0e131a4985834e

SHA512
b7b0b32ee1ce07bda113a74e5c9886fcfe583acaea839a031208ba99676343daec1e72a28701b173b0c70a64244e6797f3e4b73b55abbb7b3802af41c2673b70

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0cb29f8c6d6e4dfba598ba80930f3979

SHA1
ac0494c756f05f96f451a3613b9b0b0f68df1934

SHA256
974c0687f7f83ee707bc5c0273f4b42e96cb02dd0d47650291a20a3dc25490b2

SHA512
929a5a0fb5b5d9fbdc879b8e9cbc370baa90a3a0d53712408273b1b3e30bd7c8e86d14a6ec1c9b769a75ab25692ff81158a0e8f6d893514a470dbea2f67705a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3b09874ef945fc807fd1e29a3d9d3189

SHA1
a54dee551d9e1f6000b147b1ebba77a789d9906e

SHA256
1bf49276173fd57317d0061d18d077bb89e036f587ade25eab0d95ee247b18d6

SHA512
6da928b3d6226744dd065620f07f9a080575271522df29f43fe38dec32a830cd89e2c50ce7ee2f71ddc68aca02e393a4807298337fa9444bf1fd456ba75b48fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
12abeec0b7203e00431da7f6e0d51be6

SHA1
2b5135ae81143c345d5add6d41ab3f82e4bc6fad

SHA256
48db7c899a9c03040520936df7a09587d551b6385cafaf8110c9b43085cd2f6d

SHA512
a66b6720dbbff954cbf677bc361d7e6110a06b334a775df36f5fff53ef035ab4131ca9cecf645caa1a1efa16117a63f302d6349575243164ae251e3e182838d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c0c88d4b126a7bab5f1c15a163a34aec

SHA1
24ef4816b5673660a646f7be2a8e4a97fcbda823

SHA256
98e7722e544ed2fa07e5aa7de29dd6775274fb37aa2873a274a5de0f8966c4d4

SHA512
11bc881f823d73f99bc56a78b8b25a695b45ddeb17abac2d6a86cfc0648b5d5c8963c4c1f310b76e475c7d668c9f6e2fc79ebbf45e66dcbb6f179803279f0dbe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ffbe5e9d0f70be3f4c42d021e2c8f18c

SHA1
ec3730682907dd409447562ffb5ce9ea7095597a

SHA256
217c2276ce8ec290431225d49ea64eaaa281ceec728aa26e6417ab4c42b785ea

SHA512
0c4b919ee231b345fbe199c4a8ecf3b50d28818e36fc4dc590b8f8799a6223f1a3895a54b0e7d0bf23da20dff43e21c8cc295a5008a9473d1bd437d5acac1b3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3f1e335f6d0fa346de0973b4ae2475c7

SHA1
9bdfcd3b67361d269ac2eec6039bb54a013eb186

SHA256
26bb1f27fc80dbf9b4f8269933e73c535a1cc0863ad331f294bf263a1931c50c

SHA512
a519ee82b7d46c959b815865e144120bcef1c9e7cbc171d87c2563cfb9867496ea4ae0f372bad9db9568421462ccf710a7e58c6d3d3bcfccbeae3eb495224d5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b88877eba83d0390c60c24ad6d6c52aa

SHA1
b494c2e4ab418c2070ed43edc398bed4edc04799

SHA256
fd7ea3606a08b1dc338abc374dbdb8445395a2b9cab37d00c101fb3504fe37e1

SHA512
59b069d315774e88bcd7d0940b0b4e88f8bd50d4be71849df5549ae00b6a6c2c9458907391a41914ee3ce37f3a452a88445a9a852289fc19529819d0c4eaf7b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f58ae66143c022a4ccccee75bbdeb5f3

SHA1
00e0d4bf0b368ce63ebf80ec410afd5b3333fe70

SHA256
fab9867e729ba5b754d53416cb6d4b98e7ae10f58d049455c96a6d5a825cf159

SHA512
56c43216c7dc391a33eabc6cda4f56dcc305a4dce9b300a92c550c7bc3e3038ace32dab3027e7d03917fc976febe3875ff11f9ba91c7a7c41e86a84fe3fb0579

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0c49188cbe0a2e65fd583f5fe104e030

SHA1
86c0e5847dd362c7255ed2415e28f2fd5c615b8c

SHA256
d65e3c610cce7d51bf731b7ba0fdc85f8f5db932e8c24843d22a4ecb34af1414

SHA512
664c123066fe074bc6359d5b55d053805086e9836380538f47297cedb41ddd7cef7fe5f857e34e29c404bbdf3d04db1dbd2a9b49604f332c2d2c83be64650e6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
eb1749f43727090ade0dcac4bd7e6ac3

SHA1
3310f572ad54f6f3b6c6d6cbdc0ecdd7d9b00557

SHA256
2eec07faa711ab47a5d4733bdf57730771045d3b3fac191857771d2512606f67

SHA512
5e6b1f5da75f900eda0813cb584a959c0f7095c1fe3a8c82edeb88fe03c0b29b029152c42cf138b470c5a0dd97a257338286c972a0368afeb5a7a18b2c6fea74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
5cd1e5a245bfa2b0445956f4b37af769

SHA1
33e8721ab00b932b4923a5affeb4c9e24fb7e5bb

SHA256
cc89134f39e0224978b9a7f66e352748e27b4cfcadbf8eb99b1d2a87f7c996a5

SHA512
df95f149f28585ab4461b6bb4cc945d0eeee7dc8bb08fb179c9322a5a899ea221c9857c9007f9e470d296109933d0e12efa9bd7f2b1ea2e845b5044aabb0c1ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
da6709318d200bd124fc8afe6bed08fa

SHA1
0c177ab98c87085fba066cff35bc560f2a09f026

SHA256
39fb5088a985437e813b8bc5b208189207c56e757e750f4e870525c5969c5d0e

SHA512
a7c3c5c9326b101ec27cbf09ddc13a25a3bee826546f454d4c02f1d97642c2b699d5a5e5babe5ac7679dc6e697193cbe65852634c9b36079e269a5a867f2c554

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
d1d71a959cb8a0e39c0059a8a4f8259a

SHA1
b5066363a6d4fbbf1e7cb2992ec21c4027313823

SHA256
fb2fd7a0d35633854568351edfd70362f30bac6fe4f51031cd9126e57f9fb4bc

SHA512
a3cdc10c5f7ebe8cde99d83fd168c4631f6431c909b22a2d0cf7bece8ea40973cb7986ef2e8110bb6e35be10349da8db6956ba5c9e6fc57b5dc4ffae0c4ed0d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
9651f27c94448b0d879807021ee61299

SHA1
b32a5fe97b31fcdb9226d93096d2ae2830b76598

SHA256
897f5f1a017744e6ed49e5840e37774e1c603c767f37064975ac180c18b7d8ca

SHA512
a818913b0384e35b1585cb8ed62609413d7b23c055e801cb751cfbe1171ef9d11d3fa1e7541f971ee849630c587d068fc85ad90fde3f4a52c86caba444b9e204

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7966da41cb2d43bb4f1fd72eb6d484d1

SHA1
a1a4d7436d1165fe53d927a73457a5d00d15caf2

SHA256
42ec5257f352c1eecebef9b4cb038a2e56061f6db363511194cec1be30d59e18

SHA512
b80cee309c3aaca447d27a07ededd0d30804d2f8d4f2016a275e924008aa574ba70c1ae83638df52ea64682add9a821b9ccb3fdd45c2df6b12763780942fbf73

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
627fb85b4d8d00bc5d5de35d2632a835

SHA1
56bf1af1652a4959be31cc0cbfc53bd8349faca7

SHA256
4001d55ab1c6300b664215a882725afe5e41ab91119a2987ae83c6b1cfe73e1e

SHA512
a450848a4194d0de96aa05280dbb596edbdd139171370af0d172bb0e0cc7d5169438d558efa4a71524836f1b44231859220d6628736acb394b46f9ede0270cb9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
69d11eabc0499803239821591e3e1bb8

SHA1
40c4da3b9057e90fab060dd9015d06f461ecceda

SHA256
5c4a84e1110686c41addf8abc7c1be3851918a3cf23d314f5a56cd04075ab577

SHA512
a3486b455acd04c8cb90a21e7991e1ee589a436dbfad819ab468d0e31c28c4c9a727f56658b1072af6395b01a8fa2c0c57643b96a493a6764b066832dcba3032

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c90be9f81e42ae9657485f77a0ebc72a

SHA1
dfa0005fe995ce152410c523d1247269752f633e

SHA256
0ca1fd0830f931e1a86351f65a391fb32aba53bf7de5f11de7b37b64425835ae

SHA512
e29c10f877870c9167da1bf5c459269b4a0b7fa1a5a42776af14a0ad2329b6b62eca6942144a62842c7871c53166d7305921a4325faf90367abafdab44b3d870

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
885e4879ba98aa1f6cd87b989ce23a52

SHA1
f1928c037aa94cc45bf212edb0360f9b1ec57cb5

SHA256
48115c96b50599a38db15f9aadb555264ac4b130b7e4f0ba13ee470b75616a51

SHA512
a2c6e97eb4162556b9abdce229e6416fa4510c33ca70a123afd64b8259d2bc7a57eea565669ae0d340f87ebe08755076a1016aecfdd260a4b258610354c4b33f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ef15bd010b1cc47ad06e2a54459b0ccd

SHA1
ee99e297cc301667b1d959d885ee35f9cdf93d80

SHA256
1ba3b14a326dff55f3c7032da4c46fbf1fc11e1b647c307c9b7869150e9e6c95

SHA512
e5e518c9412867016292e2cfe6249ac75a0812a08963987bc3b9a7c7fc57492e9e6f418fb588b010529ea79059a5c95a55aac1bd5d212bae158d729f512cf87c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
08511588c764846c174a1d943a8a2b85

SHA1
e92d8c22d384968ff8667daddbb56775129727ba

SHA256
8ab748c96db0c20841dd6f5f55d00f7ec00c99a9fe40708d61eacdf76a6784f2

SHA512
cc8c510f28d1b7ff3a16b4574c8b0b85b4081b68f698901c683f6a8641b1bc7446f77b0649fd999475ad09f1856ed581eca7e70cd32306b5cf50657f5428f935

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c3d18788876f25d20b38c68bfe769c7a

SHA1
825f7e45408bec2382c12532df82f7b54db42069

SHA256
88493f0e2bd69b4749349a36571cbe7b1731374ca390ec086d76eb6d38d93cd2

SHA512
ba862cddd7097fa3629e9dcfd8849b95b22f5b642ccd585271726a8ee6a546fd38b273104490b642bc079aff649a2dfa20b405e0ebcd85a655a1b4abc836a0e1

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
500KB

MD5
1b24107c65331bd345824657e63ac30b

SHA1
9dcc11e7252488266d4e3f0a6f91b9bd5ab7f7a4

SHA256
50e25be03315cf2f0c4d7f193d092dde70128b3d2ad7dfb601357cbf1d922855

SHA512
58b11ab4ce4f7153f499e7b11530d4661f669e245c079dc8ea36268e812c933cd6020d70dce4b0b7a2e4c356fb0577cf39de848da1de6252982eaf0080ac888b

Download Submit
C:\Windows\SysWOW64\notepad.exe.exe

Filesize
1.3MB

MD5
509dec8196a1f6573477e32e0285e27a

SHA1
6127ba46b976cac8b9b5a12153eb52ac4c9d25e7

SHA256
f6755f93c92b203a3636f474857f9e582e38304761f1cea56a26ddae0b9d8aed

SHA512
0b05b1a5e025fa960f9e9c4c625cb6a05a3adc704d9bfc30861e78fbb03436ecf725d8a92305964988cf8a8b5a0ee0d72d893db695aca08c074fabe2780e3598

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
memory/632-0-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/632-15-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-114-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-82-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-10-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/4164-194-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-144-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-124-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-60-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-184-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-134-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-154-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-102-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-70-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-72-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/4164-174-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-164-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4164-90-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-153-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-183-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-81-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-163-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-89-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-101-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-71-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/4236-169-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-113-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-69-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-123-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-193-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-143-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-131-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4236-5-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download