c25d84c7ff7416d1dc1466ef04bb93079d96521ddca53b5f94f0e89446a1d9cb

Analysis

max time kernel
145s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
Size

819KB
MD5

6c21a45fe14032a24019a552ee571570
SHA1

0b73192ecf7502061b59d14808750eba47a71d90
SHA256

c25d84c7ff7416d1dc1466ef04bb93079d96521ddca53b5f94f0e89446a1d9cb
SHA512

0afc7f7ae971af6d1d2ac6041f9e218733517c775622cf770eb2ca1d622b5c812ba8db96fbf0fc84ed42fba19395f9d9dd7b8d38cd90afb39063d9340a07107d
SSDEEP

24576:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0N/:Kwi0L0qks

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

6c21a45fe14032a24019a552ee571570_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

6c21a45fe14032a24019a552ee571570_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

1664 HelpMe.exe

pid	process
1664	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

6c21a45fe14032a24019a552ee571570_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\I:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\N:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\M:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\V:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\B:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\L:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\S:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\Y:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\A:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\G:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\J:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\U:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\Z:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\E:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\K:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\O:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\P:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\H:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\Q:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\T:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\R:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\W:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\X:	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

6c21a45fe14032a24019a552ee571570_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

Processes:

6c21a45fe14032a24019a552ee571570_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe

description	pid	process	target process
PID 2252 wrote to memory of 1664	2252	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe	HelpMe.exe
PID 2252 wrote to memory of 1664	2252	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe	HelpMe.exe
PID 2252 wrote to memory of 1664	2252	6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6c21a45fe14032a24019a552ee571570_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2252

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:1664

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe
Filesize
819KB

MD5
11a49b88e3d6a73c625a7a0d9b02294b

SHA1
725d4a1818be57558db632284ebd8477cbe8cbd7

SHA256
64df94f2f9f89b741aabed80778d55c81dd8f013cde75001ae2797b490e92c49

SHA512
69bc9cd0e4c8c7f90fa02c6ea7af93dd1afd76aa6a9f656690f0ed2850be7fc885b346590fe47b3d93e3a223204b1d36738d71e169396b6fa8ec8926de789937

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d33d9e7af4348074fb03f4a207cc98d4

SHA1
066ac564eb77a27ccefccfa2446ef3e9d86a2708

SHA256
c3b09f92eedc1f17bf313f1663a7ba89189c337631e9ac7d8667fca8d64e6c30

SHA512
64255bc67f13990c94e94ba4c891d2c65e480b85ab32a2b515d5fdce6329ebe3d681798f8c2683f28209d17a642a11dbc786317a10e928548861ec9aec1618ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
65a87c471b715d33e2d7edf837805821

SHA1
cda8372208b3696c7d72ef5dd0c67b569180a6e5

SHA256
1504d555de9bab30c56a1432ce223a5556577b40cbe97e14a032ea05cf89983b

SHA512
5faad826a9cf6c859e2dc62f3eedf37227c801d8965517a82edf752700c081664edbedbb1097748ed6eb3aad1db44e447b51c89b29debcaba1b83a175ad9e32f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
790055d583aa888fad058f8c6af1587b

SHA1
0629aae426755a79d72f7d994180f632cf516e72

SHA256
c280e8c794d1ee3285d975f0a83ade466b17995105d788e78c690ff1902732ea

SHA512
0889a226cb5c5979a49e363998b7102e5ab3b9c7dc1ce70d56a16c63a9ba8eb586d98d28af622daa9b2652821305cfbfe93890c3a1ea73c00d15dbb94b4eb5bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
4b7345452f4550ad95d0e31f52b4b08f

SHA1
6f6704ad4897098ebd25a6ce542b7cb476909b98

SHA256
4e4c2951bd5fd1c66e578ce9080c887755055e1c670a751e90fc583fd62e7bf7

SHA512
3ff37e6d4cc86a06a3590eacace2365a32e2427626951d105cc8c92766679581f81942b94176924325e2033bbef7e2eda05fe54d0522a8cc0e4467fd86b25c70

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
1bff949a4223b79363620461491de173

SHA1
85611bd16824afbdc7d139ccbf4b87b4ae2d0042

SHA256
bf67df15d4868135efa375c0ae5c2cb127ba90ffa34a5b11cb0a7f4dcacb6595

SHA512
b3ebf40946e76c20becc906c8a81d57278fa30a1232757839e16778422febdf05c1e3f209f4a9a8dee70b16b62b1dd54e6d3ad85160201b85619d69999bd96fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
1294ab9fd47e75c0abaf0430f6ffd258

SHA1
7dc6dccb0f6015243922594bc1514195cdccb04f

SHA256
0f5ee163a1554bd4a1aa090d2ec36c59328342d1c58b113c34e8c191b13c99a2

SHA512
cec2bad09d7eb30a28b7c21576f95d4e06575137a963dc393dd929f55db37a58bb69c547defe7ddd84fde48117854c2fe6856805c574cb4922c11cbb7ec57969

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
09215f39a47fcc47809a840bd257afc0

SHA1
d0189689d380f0174f27e500144e33a9164f19ee

SHA256
d3ea9919f4fa4c394802a9cbd71ed9bb499e322270ba9047fcb8c84b1827a757

SHA512
d526d8a3668d5e347f8b1cab05395100426f8a9088402cf2425ab795b8b49a1a0e0779fabcd82ce0d345ff064941a432fd99af21e03a205aef4eed2cd1ed71f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
481e9d6192ed6e3afefb3c86eeba0dbd

SHA1
059e03badc43487844a3c37a677866b4b6d6080d

SHA256
70fcd2961951ec219b35f609500a5ea75999f9bbbbabf31d4647ecc2a2436105

SHA512
c2ace03eed3709fbceb2894276dc02233e353b53723fab87cdb169f58ee61d9fa6d06ab13c67a7b40175498bc8eefc67517be3caecbc634f13a4dcba55cd17d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a1a431404b93c2bbb6a25f17a3a426b8

SHA1
7ebea7c9933cbfb62cc48a39f041f53637249074

SHA256
99ac901bfc9323ea98a6bc2b781cd8656a2090a41f19fa83738b6ec5f30b39bc

SHA512
86476dcbb09ea5d2893c7b00ff81f68a1c445b8df9f880fcf0daeca46fd1b4ea004202089f3b56242d66e68e43c3ef75042227d16740b2af10bc8c6a364c5940

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
2267dc2f515e79c46ca1560b4e87d2e0

SHA1
0c4476db019250d0970e08e6d4d0c3af05658ead

SHA256
6b087b3028628b610f4ba82843bfe58d90b01b8114b7bd8c8b3b4321a02a07a1

SHA512
745803b42ea3d61b3c79cd4ab52d64f6d20e3b798d0f7e683a119f0fd20f099858b9c1715ec57b9693cac87e37ab9431e2a2b8d3f50a27bbd2b31105425580c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
4fc385a401bb2cd4e05ab285e2ece085

SHA1
de2e2f48054049f171491ba61d0a30c569440853

SHA256
8ee5b56238c61e933b0d675d0f1f031cf30d806b36a35d6ce2c7d69e70289422

SHA512
289f533618e9edfdeedfb779b9a481574668548850a375072f30d957cf77b5bb339f72a4fb7967bb3a09bc0643a0613fcb4a136ba4339c0f0b2ba868ceab299d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
46b14fc10b55e2099af4b9cfc67083eb

SHA1
2d77a6b52c888f3c9633b532cf50c0bc4bdcd789

SHA256
ee4c7d96eeba36065210e793305ff9916645ee09a52a94f35908ddfd110b1a48

SHA512
1d9fdbb093ce179bb8ede740f3e3a7fcaf4463853c5e67114773f5a095a418e78878e27e75b7453f6c53abdfc4d32c42de553003eae44a4729ffb5ffb1a478de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2cbae58a0420534bac5041dd5f0dbae5

SHA1
e7c8b63e57a540f1889e87dbab5ff1f29cb65601

SHA256
ee1cda3a2005cdb158210bb3f21235357328c82bb17b54cb8b98e8de1cc4e041

SHA512
84c694034e9e2c08b35aa492075786023914ae2890a9513aea09ad8ba376a98a9503ff0331c098c5c36102f316cf258b0296af49ec24ba88008123a67275e782

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
4053c187ac8d8c4ac856719b3564ddbf

SHA1
fece6d05faa60d9e6ef367c783b23fd8a1c4038b

SHA256
e37528d2d512a528e9a3582b58a35c8b8b8d4164e40b28133aa1965b6a5b548c

SHA512
27740325f6cee56ab3972702eff3577998c694a47fd17683baf2f4f9c5941543f44a18029cda78f69af13d5cad97fbfefa115f18f570b37d96131f8ac4d1a20f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
957197cc977fb7c7e6667a0dd409f542

SHA1
565145803eeff04fc992c83b6c899a870fc5e254

SHA256
232ec780245c4e1fff9fc45bd14a6d6c3e079840727a9dfb59bfe12980577804

SHA512
8087be3fd11baf2587fcf9aedee2bab7ee15b31459f13435ff9e1d20e0b19318c37781c87f89897a300eaa15df21b3f89c01840658a100fb43a8f114f1fe35e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
38f658df7b310760d889aa1caea2eac6

SHA1
53d6ea4289bf814f675c1dea63efc6ff202db13d

SHA256
02e0812c106bab2e3d892e2729398905f4f5436bc34091c5f524c776aaf7c69d

SHA512
4e368d4905951685291c2743f8720b9ffd9b71f327dbd3874b346dd2217c461000a417208ff67dcf34ff735753fe8412e6d8584d8a87c19ef2a166362e752490

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e74fdb2ef628c8e2aaf5391506635f9b

SHA1
c8710d6356eb3ef58ae9181c30180aaac324dda8

SHA256
ce8f7c10c7e4c4812028306c8324a259fd00ff0ce87ad50fb6c40e0a1b2e48b9

SHA512
0a9579c3ea6f127ce84b8a5473ada8b2fe75e0b6b0753aee6412ed15311187a9c19a292a6fbe6e58fe445040cb4ea17c2dd6d53909a3aab1a6eed88cf1a23dc8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
ccf0a414a04dd0d8edd0aa407a4338ed

SHA1
920faf4e8ffa4c17dc24677313bd815c96cef6c4

SHA256
a006817b2c01c3328d530791f0313187f5b59c1743463f7a7d5b0af59bed1196

SHA512
0f9c4800a31b157c01e7b5151f95adc73d8536ac441e56e568d1c6e6a6309173d72b4af64744b42df5ed3a5d98a527ee3bd6b22d9a5682feaf284f636859099a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
971235e36e5aa21d8b0322d5dcfcdfc5

SHA1
f02a7aec3e5d691ce4870c687b3cd3d96315eca7

SHA256
4a1d110b16648b2f5abaa4ec97c468aa7b28f4d514c6777a4909cd942ed3ebcc

SHA512
8365a106f85fa56e191358dc723ec6389d600da9f3d721a777b8d2bfd71c23da71219d9876e14b2e6b7694c6095d0b142d9664bb837e90c5f7565b58418bf72d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
feb913e5a17f133872546a0988d4b7e8

SHA1
0d514903348f9587fadea827eb9fe5753cd59028

SHA256
f94fcbf0c7c247d95978979dab0dbfb71e8f00521f83f1f85f446855ac7f538a

SHA512
b221f5ade2e7e1d5c42298ac4511122b69f694af2deaaddfdb283d1b18fe0bce6ed555fe813974f9bcea357516a92408c2f4dcc7d4f865d194eefd391cbf7c4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
43fd62b6fbed3d09450f974134149e99

SHA1
b8ddb28c3f4af38ae4a4ba5f8fe26219441678aa

SHA256
7f52fab2de6b463417b874b3aa61faa89015e696ba49220c5c4b0ffc82850962

SHA512
e4187f9a9ae38c3c94e75a4b5501a778908adf7a69b2adf6ba97783932b01de1bdd830034e3c8370fca9ed7771b868e2046ace6055c00c7ae94c66cc510916e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8020d5006afc84749dd1674c25bd60c0

SHA1
c6c53b7e028bfa5ad5daf3e231d1ca202fd273e7

SHA256
76b2ef21f122c4782a7b8d11cc9c40d2a0e1a2a604061893da06440eb1261b7c

SHA512
7f1c400800c5fab5194ade6427c38ce861fe21288835137d30b20b16565a95d4f15a3be228ff445e1ab21c0a32626b2240b619b6fb61fa77ccc45ac1d0b837f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7d58a044502b653531be8a28af8279a2

SHA1
3daf930b7f5188d3320e035ae275d30ea8c8d26a

SHA256
622bd51687fc25a9c3b1130cb1a05c7520ec5daf1d9ad23dfd5a9b9d3af0bec3

SHA512
0681b934c119bf266df1cf19cb0a19dbbc3f3f93104a46edfa5b38dafa83cd97732f026c84d53761a571f06252122c5e9bed97cefff1633f5a590fc3c7f3b70c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
203dc439cee9deb1048f226e4e6b9e78

SHA1
fd032e839099a2cbcb0d09e7d63cd83a8bda5192

SHA256
2257823a53584a6b980e40a46b6fb32a4995d7ec0eef20a6dbe6ba1a5ec82c2f

SHA512
83be22b3e87a5d3b337e6801750c6726efd1aecb7cab3e7bbec7db1a60ce128f2b0eece72d514bc8a6c024cf19f84d3ab23ddbf501de9f926385f2491cc5d0e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d4d07b578f087687b7d57ecbe7be87ea

SHA1
b42b5be8a12a0fdfc8bcd16f3b2c9e69bc0eb449

SHA256
50ee6785fcf7b1592a8fd63090c89f0bf8c960e0705ff49aaf7afab2ccb20d9a

SHA512
b606ce1afec5b278ccd61ceebbd0260a9e8af508d84ca3653ebb7fae8b4d6ce0c426402b75eaaeb04e5caa488bc1c50f5ca8f02de704800eca908ad45408d6f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
42813479328852e582b8e891614cc021

SHA1
ba019f3d482a42fd884b6fdbf46cd3f4221f006c

SHA256
484e54843896703e217f9b260c792b208c31db89f11a49a4432fa17e818f92e9

SHA512
ef34e082a10a12b9046d0f824021c79473f1051c0cab754e11f673223a5b5574332c7b455713186fb67cfbc1c00ba860cca5fe574d1dc8950dfae8afc52aad39

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d52f645ee1c50241e6d8186b84a979f3

SHA1
1b264569af140f8f783c8d25aa78034116a1fed8

SHA256
c77d9dae6a02036c0cd4786d09f58ba12280e555bd5bf9bdf0d324f258640879

SHA512
502821e166f35f329667367141b4c199b492d370022c67fca087f9564b1098a09aba2a2802cd7f4796b0f96b3230592a1dad22a7892a00c07ee909e6934a89d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d8a3c3feb477062d2402908e60a0f12a

SHA1
4bd3490b2bb5493dc61f921bcf062753e728948a

SHA256
1307960c72caa9a25846c800f6a79445698f764480d05c0f945932554c3325e5

SHA512
b039e6e434ee400a1808fb2adf21226da022952a2e4b0e0156820747e988e9d2b61d05c68421f695dbd1257e25551a88ec60f5eafe1b0f88e331e5b25125fb5a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
b4e22e708c036a1888a3b84109bbf568

SHA1
966f3ead49c2bbb0d413707db77ad251fa255b06

SHA256
3a730f19df1ce9c166485e80c1c0b2511fff638465bf91eb988f5ca4664dfad2

SHA512
556ae66e0817ed53e4df2519452e5da7e5490c1116134050a419d069c12045f4f445852521ec2bf646b5af6d3e7e694a0244aca82331a1936cfe5bf40b4ce9eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f06a23dd3207f33eefc0a54e2c3e248f

SHA1
c587580c455476473b3dbe2a7cea09a86fdc78d8

SHA256
19f3fa203566d3fde11bb31a0d6dc272932f423e16e8542088de6bca2ff6731a

SHA512
84b92121b57dfc4ee40d0a7274e8edb3d917c2816c346d7ef407fcb459d3cdb6211d95a79afc1d9c4e9f8fe870d2c20aaeb27815fc9ad0f45848114d80fbe64e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e27c0bf52b39d1130b4467a6f951125f

SHA1
730d9bf9f8cfae739f6c54df1abb386fa95f5e24

SHA256
fe9cf6994743fed9711313d5b21f7aa3a603e4e2281752f49432682e09c0bc46

SHA512
56cca24cf44cb7d20e7391899bd30069838bb090d5059fad141b53f9c5c640773282ab2d329430d2e709e23ed65dd5121f0b41c9d16e5942519c7a3701523f55

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c61f2b4693a636ce8f60d35890d8f2c6

SHA1
6127f14f88c39fe9c589e566c217d932f8982370

SHA256
da0096151d5e83a09b18137dbe6120b056a09a3d32636adfdaddb59887e167c2

SHA512
ec4e1ad3aa516dfb749b9d14b78fd315ed90fb6760498f2ab3e5ec4560f856ba88a619bba4a1b46b30150ac53544adbf6b669cadb83eb2b04b0be77c85aefb06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a5e295a23f9301d1c0417c06d5ddbb27

SHA1
cae9116a93de51e4f46ca6cb2f306f2c0025a405

SHA256
cea0e7857c50e29df2f061da6ad4e9ede41b1609a20c1eed6f0086540e622de2

SHA512
c6cfbf2cce870b13f93420a72c803751ad394e5133d7bfdd015e7532b4687ecc06e493ca81acc6e52830b469521b043664fe1f0ab7e5449ff8aa4a3b5336b3c0

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
761KB

MD5
848fd00b27b3ae9c5468ecde8715f2b0

SHA1
2f4f6760392207894670dd0a95c3e0be40380012

SHA256
213f8cb0f668957718d740c67ef977e9c729378afda13242aa21dc977d6bd1fb

SHA512
6554f94d88c3047d74a46b89174310969dd51fb242f35c9ce4228d7d48a9aed1dcf133f1960a687262b8c7ccb2e37ebe213bec2b833dffdca4266698dea803c8

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.exe
Filesize
819KB

MD5
47265ccf49362eee0ac3cd72818f13c4

SHA1
4f470c632b5fdce8d514458200d8fc7c2f72eb1f

SHA256
5641f10c21f253ad91c88a8ba1f99ccbccdfabb31f11821a487df774e9bd1575

SHA512
b24f6b171b6e269f346b7da3b703794a886747d019f50e2a74cacd650259fd0fa0d5a9886a3bf6dee1e91d4e9ea7cfe23f080008f9e2869c7347a3a2f3352ed8

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
819KB

MD5
6c21a45fe14032a24019a552ee571570

SHA1
0b73192ecf7502061b59d14808750eba47a71d90

SHA256
c25d84c7ff7416d1dc1466ef04bb93079d96521ddca53b5f94f0e89446a1d9cb

SHA512
0afc7f7ae971af6d1d2ac6041f9e218733517c775622cf770eb2ca1d622b5c812ba8db96fbf0fc84ed42fba19395f9d9dd7b8d38cd90afb39063d9340a07107d

Download Submit
memory/1664-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-70-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-5-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/1664-99-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-174-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-118-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-49-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-164-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-127-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-89-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-155-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-147-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-137-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-76-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1664-109-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-75-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-146-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-136-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-69-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-0-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2252-154-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-88-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-60-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2252-58-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-163-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-126-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-98-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-48-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-173-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-117-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2252-108-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download