05c4f0504bac495cc9ec6b30355c01bb3574dcf24ebf5f73ce2bd68316b0d492

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
Size

677KB
MD5

6ae36280ba9af6694960de5bb55aad9a
SHA1

24ae746e94b195dbef2079f89db9346e2695b14e
SHA256

05c4f0504bac495cc9ec6b30355c01bb3574dcf24ebf5f73ce2bd68316b0d492
SHA512

56b71d8cd15b1cad6f56f6d237b5ce2eb3dabc12b591524da4fa9bde1a80dd5376bd4c162645debc9ec2ed1dac5e470a6af3042a2649362f3c8cb532f9870bc2
SSDEEP

12288:ZMMpXKb0hNGh1kG0HWnAHU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtle:ZMMpXS0hN0V0HzSGB2uJ2s4otqFCJrW9

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

HelpMe.exe6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

3592 HelpMe.exe

pid	process
3592	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\N:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\S:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\T:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\G:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\O:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\E:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\I:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\J:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\M:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\P:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\W:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\K:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\Y:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\Z:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\V:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\B:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\H:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\L:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\A:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\Q:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\R:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\U:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\X:	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe

description	pid	process	target process
PID 4612 wrote to memory of 3592	4612	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe	HelpMe.exe
PID 4612 wrote to memory of 3592	4612	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe	HelpMe.exe
PID 4612 wrote to memory of 3592	4612	6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4612

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:3592

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe
Filesize
678KB

MD5
c4fd4aaade66e2fad9627ebda087217d

SHA1
ef31913de86d7faf25a50535f78df1cff4850523

SHA256
9cee6f802ebf4cff61911a820d1ae3547c35d759527eec247013d43e452834f9

SHA512
ca10ce73d0c945b0b7dce8c508c164b54ba844d503c51a626cc1de1b006587804ea0f8712d3efcd4770058dbbac49f592e4203c0a8a777299912cfecb54f238c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
71aa6d1bea3ee601c9bec3efd23f34d7

SHA1
04eb5e2165e5ad642a5fe253f9a29ebc68388e68

SHA256
50831f41bbd4ce480144932c1de060f618571a2a0543bfdff1c8001dda140e05

SHA512
d850a263dc32d2dbb6137344d4cf35fda8fb8643124389ba227bfbaa65a6432e0a52a207362f2bef8499c7710f7697a09f52a3fc18eed977572ce6b5f1691d71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
1289d12f62902f3b66d6cf7cbde0cff9

SHA1
edf0e79b2b3f7d0f03cf0ec325b1448aa56ea8d0

SHA256
4eeffd6d3b269988c48e2e6abb68d13d46d50689c8e819061453b88758a8517c

SHA512
1e556cb20041a349e00d3fbbae133e3e8a38d61d85c845ece0ce2f9f234749ab815a5f50eb3c2ee52103889b7534fd402b287ae91551005700d8aaaa1925e641

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
811a22f4f6bcf42d02f5677506b9928d

SHA1
2f2b6ca3483a2b754866af6da96b03aebc40994c

SHA256
dee6b466bd24058c11b09712915755bf2522e53c35e019b2890b296fccef0c32

SHA512
dadeb4c6422f31b955aae96273cdec12e2e4f2a8b5032740a821068407de9c7805223a0ca3dbcd04cf683ad341813ba00f3bdff164daa6ca289f9e9f4cd160a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
508c637162ea2d89a55fe633d32e2e39

SHA1
3efd82251f86f8bef7b1155b136a46ff0aeece10

SHA256
bf9ebb657269770ed100506e02a4e358dd01463981cff15c11e356c108e0288f

SHA512
e2e2d662d48c6c8602f243b5e244989cad56db817a483cdec0fccf17c27eb4015dcd43a9464533b62475c85c4ed1724696f4b87377ecd1f3d3506be931329eac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
fe87af2ffa9d1b9a874bad35c382c7dd

SHA1
ace3d7494e2414815767dd6d56dd529b32193353

SHA256
532d0f0f9b1749a2fa427cb6a19120550985852323819217cf2e506573c5b4e7

SHA512
64e33f0db44670301d00aae8427e007b121fd9105771dd109e748673917aa9384c532ee7a1c7c4cdee5a95170681e841c23b7648f65fb48753f54461b04371f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
98a5b301214b445d03072c5583627853

SHA1
39a8efb8a3386c4a56be28017f19dd38641243b8

SHA256
886e786d3e7489cf981c2beabf141d401e19c78f093da38f6bd0c0b15bd07189

SHA512
e2ed18e47da8fdc588723a21537292148bb3aa121152c40e6ee2a2034e9ee3f6a5015d330c699d12097a01456bd92e63bcb5d3bfc0a3be867f8ee20ef96b6297

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
72a5e92e1f682dca82559f08aafdd162

SHA1
ee597cc1eeab38318902ffe82248f8f2c98d7e3b

SHA256
8aedf1c208d4059d2f8a97c4461fa00b545fd50b34da3cca16f24b1fbbbf584f

SHA512
e8a475dc20f3d16f09a7f165f11c3b09340ffb8a04fdea7f98faeda086d97fc93569082c5f7e760917a584d34eedbf07a76313ffbd8bbe53080e702f86f9ef1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
ebb3c55b1bb1b348adb0032c1cf22759

SHA1
dca0a551e04fd36ae77c2ebbb9ef2aa8a077bedc

SHA256
63b5f97232c9030ee7fdb899493b58947eb216ced9f3395e68a9414c23223069

SHA512
27b0ebed41ffee24e65da7ae4efac1e492611b45d62df4a03cebcbb2806eae019390373a5f57fdf95c2febf75c0ff6bcbddb086662426e554f19c758ae8b9bed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
8f0159e8b2583622ab49148bd3fa132b

SHA1
723b1b6df14cd0e8b60e711e44cb237550df2ae0

SHA256
53623669902dd32b5f102e14abdceb01d9be3af9c2a1298e45b218574621e31b

SHA512
eaf5cb05abe22798eacbd987723ebd7c637d23f65d59407f63f5f776868daec57ac5cc4dfca6b770c8321cfc805d48d67416e9032afaeb75ea59d03d9750a2bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
786b3a84494d6f493d11c8caf3d6cd8f

SHA1
d48dddcbd0d875fd71c17597f1cf571f7d1d1d1f

SHA256
a83893c3448aeb963cfe0a4e447d3bc02a70e6bdda702f4308a6912788fe4a5d

SHA512
e5944bcdfd05c245ca0916c0de764afbfd554559cf038c40be1515680a3d4f6d126c1734bf4754d25322e542a031af1d6a9401ffe4ce6ae527d80c2f5660be91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e38f18b9e2bdff84189d402e68bc8e4e

SHA1
01a12e784ce2d7c50bc9d472224df8525fa34bbe

SHA256
8fe3308a88dc6ad1dd00d8d57f46daed236d90edaa1bc0965ed06e40caf60600

SHA512
4731164a76776c97c4077c415e3e122dafa54c7c1501d41be36855a6da95ae3f585645acf6aaac8a6eab5e1b8499231c016f64ad8b7a7db65713e1db7d648a59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
0a3768963b98baf7c2bb8daf0bf72a9c

SHA1
6a43c61505a17aea2f76dce6655698fb547a78da

SHA256
c45b9e6db967682f7f02a50269de48f93bd504dba9ca4ff8830f1fa55512053e

SHA512
e6355c3dffaecaaf8be09ba62f360a65c0e66e8f39f4866be975497dd2cb7fbe365bda71a7cefb92b4034601d586162cd8a5a34d37662faa159581069b28d285

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3bda68f619e0048957fbf07886ac8a39

SHA1
e23310a02483b3bfe646db577f22f678e4ff13a3

SHA256
274c89c4c990647ccd5363a1c4e9571c9692b99ee3e46f8845c763f10afc200a

SHA512
440ff595ac1e30f108cf4e394dfe13ced0644c511c042f80004d379e3d367587676a4c2b5ad85edf8d1e9b6f61bed67e004627656c3c10f135c54980c189aa56

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
6a3b9a905858e0eabac3977ddb21622a

SHA1
59a86535d891d78f90cde0e5e166955b647f3b2f

SHA256
7bcbf391b8b18533e27e433dec445d3832d9725398fcceebbc01aa5ab1f90d17

SHA512
c5a4756c6fc788692afc5b07e0f141adec2e67de7f4873f551df8ac217d6042ea7fef5ba0849c73deb8427f8906fba65e8ee7547ad9847ac17ae2eb7b59881fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
303b17fc32ff0c3e324fd27bca79c259

SHA1
fc3520b6eb6b441b0592fff2853b54ecc1d60e39

SHA256
ea1a333aa90c70fde1bebabb131d8ab6f8830cc9f2d979d561196d3448e3641a

SHA512
d02dcfd0578a08ca6fa8e00e7104ef36d0bc0b93a1ba6429318c836fca0c6c3cd65c70ad297cdcdd5b116e3b381dc6aedb9acd0b61e6f1fd43c78d77c3a115f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
9bdb3a2838ecb15e98b6dbeb800ee55e

SHA1
e9532a62e47f299233516d45ac134ead8acfcd38

SHA256
c9abce5d06ad96a1c9a5efe1ad74f2b164ec4075e5d0d4929ad999961d096b24

SHA512
0b5448ba2da4c83402c28a94a83549cea14361ae3543de92e0947b34e508130652b6f0396bb6458684079f6726bd4fa5b08200bebb5ea88e253ef508573271a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3e02a99f4f81245d7d9599a113ed24b1

SHA1
a65b9c9e5c348c40ea1dac6d8dcf63a4c1cd9ca0

SHA256
bcaf06f8ab886de97633a549b5d03270b1633d2f3ba8836bc967fe5a750cbfbe

SHA512
46c2b5d766d054a76ea5eebfa051be31120a1445c21dd495466a21352fe01bafd03ad3f78304feb122506b85989dc34d20f1e4765a6471da955fe85d90d1c356

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
760db412e4b229b8c8bf267c99b0703c

SHA1
2c92ae19a05809f5755a81273bf835b14555aaed

SHA256
b30b0921ba77e4af29844c517ac5c708ccef89939c97ee3ce474599f528d88d4

SHA512
db8746d1c84c07fca8bc828bb4edeb9aab2205cadc6285ffebec331685a87086edf1aa3ca48719ce989a165947e17d10be1b090144c85438733026b8613a0b54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
adc162c39fa103f70acd9c4c78ac5a76

SHA1
7e6208327f2b3dc5e68beb54df2f9a514f81242b

SHA256
9f1a6a0223a70826f836cc18597d2eea4e8b7f50a4fb6bce4fabbde73c188247

SHA512
a8ec7a1bbf8ddcc87f3b97283ca6a90c290ce976b14d21fc626b213a45597702c7e36a072257a8bd08a0799ffae1dd74b2c424aa3a70819c9e834be1505fe055

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
8c1c7ca66915d9b21702d0f6dff7e76f

SHA1
d7fde4f04dbba8abe47f07490be87edf0f338634

SHA256
8621112ab6d8378b2c0b619cf136556fe0afd236bc17161907feb421a6725eb4

SHA512
8bd4761fba681cc22301bc42376541eb943f68986b6f2b3a506e67fb513deb5fc203aa75ad37c1423a83a7c8cafe6009310bcbe37b6025b084ea95a40ec4002e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d0411649f4234e9e15bfbaabd4aea9c1

SHA1
390c4d9617e6815d8f79d8ad5baea8d143f58a3f

SHA256
c7bfbc287aed3b61ec4a8cc8680fdc1b60c663bff15611b59b1d6b3145d87b8d

SHA512
be2f5185d4f1129e945e7c484f337fd7ca40ec4fabaf1c08e290bd8b980bb54a7ebbe1e4e2cead238a7239ffa7a4897aad968408661752f7a4c75fb398d6c8a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2c405e91f9dd299344093bc392dbb3f5

SHA1
8d0657f3c29ae73097e9e625d58de894ec34acd1

SHA256
000b2b2671f3bec5311d469444c203d1dfdfe1ca952ff2bd14d82d2d913a61e9

SHA512
b8ae0d37f9895e9f977142f599ef85bac9edccbe2214502e8cf7e257fdb128d7f70ecd0ee3faef4bf94ea9f78db782efffed2f4db774f079d2672f329f7e5a49

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
991c1ecc4a9abe28dff8c32de474ebf6

SHA1
49ee191c058328253e247f860f620e7e179c5e58

SHA256
39d6da20b46d80682b5f7205a0ad9865be7587efac5291f3ebe0d15760d7194e

SHA512
8a1b13e9223cc1b544c2899e77eea45171d72427c19113505d655974711ac39c5d3669f535bffe41ed2c5a91ae3d052b98d9234b6a47e11995d9b2a9765cc23e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
288de62d485b416872421b1312077415

SHA1
c687441000ceb8252e9b4c2f0be8dad9f4b6ee29

SHA256
77fec684d6351768b566b12cc2b4f7ad465028f7215d1786c7cf69a7d367a12d

SHA512
eb550e1943ca462c64ebcaa7357eae670364f39eef97b86db41ff1ffd611bd1a4e07fba2379b98e52a2b1b9a215210cf7b38d45349fb99d524fe9a91a51b72f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ec6ec645ec711e4825b73b88d26586cf

SHA1
3145110858106e9ff31dfe14420b8e852d2e40fd

SHA256
42996683fa74cd9fee929c13d60a0139b0deb919f06353e86b1c395ebbe8e320

SHA512
bb56a8b8b75fb7b13083c9fb72740020fd6c1a91b56cd6333f8e854187e9f35117b92dd92f55b45c5afa5ed352b493b8c0fdbd29ab922ddbfa826694ce90436d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a0ee22bd56107afd2c4965d02d56cfce

SHA1
6c8d9d91b42de75f57f263327afe7977014f75fc

SHA256
4b9c0aab235b525bee4429503098a2c0a6cce62ab5f136fbb1510e75809a3311

SHA512
706e7690c947d990c27fad24122ce251deb1f6c3b0389cdbead0641c579b37c6989e10c7843a0186945757089fe9e42b81e1fe2119b7b25ddf819191490761a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
d3cbe0af7bae57b7dc4a1048b65b0483

SHA1
76fe320e670cfc3f32302f04351802f5defdca08

SHA256
e946a79a992655e9de9e93e523e532b7559f62196a4aa8894510ab9f5507efd9

SHA512
400528897ed25f9732ffcf77cd407a50d309dc7a104154ca517250a6467bdcc0a70fd374730180a9fe7e0c0539f2656272862b9b6e6297c1b2e1b2883e85464b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
1e555e406e040aa8c1207353966db4e0

SHA1
23f18c061b597634bed6aaf9d0d12894e1db839e

SHA256
de914c37fe68690657a06900afc99cc8958550118c9919aaebd279f76c5ad1e5

SHA512
77dac5c92bb8ec0a84a9386278f5a0ed23a404c06a06d29d63e822c3c9d9b88b1851fedadb6da6072f68234e3f958b800dea0a51a3c7bc69809a64cae4b875e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
8035c16f814ae051cd1a1d0372505778

SHA1
432a2169dde31421229ff5cf686aa9969f0d599d

SHA256
a7c008b9bd077321e3b396dae9602c7edbd081fe9d0f1bba63fb1d226db54dc0

SHA512
ddd5c8b00526adb7e6c1799d840c32de7f2390cd78e84914698a75df0f8217058bf61c93f8444dc7515303686e28319bb5c19f445d598738d5b34b2e721e24a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
10862f3d4474563d0cb1a8897725f7e4

SHA1
0bf463a7c223a876747da0febe71b47bf7bbf726

SHA256
09a934d6b9680e81da80347a90b1cd5b5e7fcf07feb6769c6cef7ebaef1ae096

SHA512
65b3e5f21b51abefb097d8bec1cda37ed745dbd4581df45c9ff07228c4804870de0bd8b5d9efcbabd3fdaf53c23b7ff7d14416bb3da49814f5bc6e78cf3ebafc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d28ff51e60ad67aba49d4d37f02e297d

SHA1
b6cc9adc9eb34e0ee9fc0a238290f3174f6a9cad

SHA256
79dcb00d590e7c606a40f08c68bd65c36bdb057c6db780d177038c93dc9b647c

SHA512
f3e2602b6788422d7bc93261771b33736d2e0d4ba2466f3024e2d6a4b4b20013005aac001bf1a36ece0052e8c8cd92f91d2c65256b4f5aed4575ff6b61bd174b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
1df3abcbe3b59c58c55950245eabfec7

SHA1
7e6781defa9177e1c8381be3c0bed112ce5db5f1

SHA256
7ba9d22538af65091f5a9e407f64ed931bdc45d801324e41cce90f2e88faf075

SHA512
221397a67329c619dc852982f40642d622b1add2d6aed11376ec431c869d73a4e85788ef511ba2578ce4014d820e97c73fb65e31a33c052f89817400dd0c0f18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7ee7d0bb80b783ab47e512f837054f54

SHA1
7c096435f287d8e62407f132ccc06b652becdbc6

SHA256
d2670d3cb75030580791ee2a4119bc992c49a3d510bd025282719cf1342926d9

SHA512
49cc24d0f62e3ee7770d996e9fab0385fe36730a59629e7435db9dcf92fc7b7f963b252229a58a9c51aec9f0fe9d2b82344c2ded173cfe5bd3ef29878f27733f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
97d8801676eb1b3e15080a44a2151843

SHA1
8791fa04d5d38740c919071c57101e3561691423

SHA256
df64501342b0004812ed9853ff0efd63751742eb34447a79c1c483e03721d395

SHA512
d2baaafe85ebe427ece3ca386e7378d1ee460b0418fbb4fe8c7ebdbed54ba4e349fb354d8f9c5acf295b22d3ce5ab8d35200884db5adbebad78851f0e40631b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
f70de5ddf756f56282cac7e9b33952bc

SHA1
324b4b4f58ea3e399bf12822fdb54faa2b9d22d0

SHA256
037892815050e20470e44ced8660928fbe2244347fea43d3ce03853248ebedc5

SHA512
44267545c3ac00ca59f1ba151debbb5755afcae248b714dc5854ad46f7be8732784457197d7c3d17ee261f3089862534501e498cb8dba57e657c82745bce452b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
35971684f2d35a6b97efe7b16b2586ac

SHA1
4f1454b8fe0a11587ff16b725af86b698b3deab0

SHA256
40f5a8d71d944a67fb0d3e20c5d3d2e279cee9144046bdf4480ca8dcf1c697bc

SHA512
4d17ea1e3a1bcbe69731705db97ccb6cd3e5eb357e7ca22c97df44b31f508b07deec4aac15be70e045b6b915ae2abf4b4ed29ad145f89fbd927acdd1fd6e8867

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d2203c8ec76f9875e1ba0b66b950ef17

SHA1
77893aaff6340e56f268d117192c102430ec1ea1

SHA256
d0167c7674359654f93206ee2b6bfecb0c7c3fdceea905e08b34e9df3ad81efd

SHA512
f3df9c6feb91b082a45dcde6f7a19d214131b3b037cf91bde68804dc3af240e14c0322879169908d3d42430177523e89f540a50a8bc25c0d33a34861fbfc187e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
1c1c3048a889ad1d1e499707c87e7915

SHA1
3ced90db4ed8d8fc1b489198934699df27ab92ea

SHA256
fbeba8ac0a5f6580b8643d318d2248c2ae762b456d95141a5996ae78870b5ae6

SHA512
5e4da3feca96df929c3e83266684646961f7cc01b2b38e7a94231d5a141f73a16a4e1119e8e4622bd927393bc6277fe5b90004e89f43bacb344e39d7732b0ecb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
316a2d929ec954b80bd52f9c96f52534

SHA1
2fd4c81dd098c9a68217fe24e1f0266dd2fd3c92

SHA256
2464d969d93f1c09c2705e87a8a60e9a688cab92146f42e41b553bf7e9b018dd

SHA512
889a1b3a7275c0f8ea48f10b9640e196e09e887eb01f4a6d18ccd1e0d4eb490ab34246f0bd8bd716ec157c9a29eda285419b166eb59a5c503efa85a7463f479b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
183e49bcd2eeda3bea6a53d7fbe51713

SHA1
6d79d59f6b741c4df9bc1a07be42137f67b14bf1

SHA256
66a631ee3b5fe3631ce6a85c1af2352ed5807c2d65f921a9d39449661f8df85b

SHA512
0843813e347ae67a3b44d65e5b70342f6bb86162b8202f2f426d5033e45ffbe4d9886ba658d7a47204f84aef4cce5d16db9f6ce9206998e3c3b5f1c123a13bc7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3c4ffe13d539514f6637c5550945bc16

SHA1
49fdc137e33baef034e722d34e58bf5efd889945

SHA256
079adbdde5789ef4e281f6e8ece9e2faff5e41889654f386c84e2d9fe0512056

SHA512
4f27f4c9135a28ae2e44e7778f650644c316775bd0b9b06098fce1f254616b2131e81220f2df7707a62e18ffe34e4b0a43e5f87ca1d8f8948d2f67c800603ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1019B

MD5
7c97ae8e5f1ac7b488b000355a1845b3

SHA1
c867a3ccee6d23e3b778fa8e61b23d072359d7d8

SHA256
bda92881a3b628db5c0bc8eeff69b08d1240cac693398131365f1fcf3438b4b0

SHA512
82b33244817f7f5eda03772df209466c08dbd74def6a0c2b4af4f958819653ce6ec54d47629edf30f3acf342dbb5c2e4e436e7e564f781cb46dae4364b9f5f49

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
660KB

MD5
016169ea2344242b78031593b253b9b3

SHA1
7e382765b4082a0e04b0df26ea8e588668d58873

SHA256
31171ba31d85fefbc894e14478029b56d2e3cc5bb9c3b63310011a568578d58c

SHA512
7b10a0889de6ba892caca557f2db7b3cc83bb9109e255c012420cce0ee715eb1a0c918a7eaff5327756b5eccc6e728db146fda6d0b21c1c03f89706357bb0182

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.exe
Filesize
678KB

MD5
3f7133d8b8a99d467f5604715672226c

SHA1
3cabaa84a87cc93b21efcdb5f85131ad377003d7

SHA256
17125868e39898c6c11b7f67c7c6126fe365e7455e0d737d95f3a285a3acc586

SHA512
e37d8a9f3accc0cb3753fc3d142aaae5e1cd318675c10f04b607e5064c71b072fc3d9552d6786d112366497b49274a738e13f0b294c758e0d272e2d43db73eb9

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
677KB

MD5
6ae36280ba9af6694960de5bb55aad9a

SHA1
24ae746e94b195dbef2079f89db9346e2695b14e

SHA256
05c4f0504bac495cc9ec6b30355c01bb3574dcf24ebf5f73ce2bd68316b0d492

SHA512
56b71d8cd15b1cad6f56f6d237b5ce2eb3dabc12b591524da4fa9bde1a80dd5376bd4c162645debc9ec2ed1dac5e470a6af3042a2649362f3c8cb532f9870bc2

Download Submit
memory/3592-68-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-5-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3592-150-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-120-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-110-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-130-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-175-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-166-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-48-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-78-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-88-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-140-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-155-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-58-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3592-100-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-129-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-149-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-99-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-154-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-57-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-139-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-87-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-0-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4612-165-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-109-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-77-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-47-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-174-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-119-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4612-67-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download