ecd58d531ddcad00b7f9074677c149f2413be98b6f4e544cfc350692b20cb3f0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
Size

688KB
MD5

736d9b379dd719e83ab72087e049a926
SHA1

8c1046878e2c9552dfed5e669bd094912441b323
SHA256

ecd58d531ddcad00b7f9074677c149f2413be98b6f4e544cfc350692b20cb3f0
SHA512

f5720a9c7899c4506986041b8ccef9e8036d49fe0729b2a13b3d0163efaac1ce964fe13fdaa1f52a9ba7539ab63f6fbf470e4c59785b376f09aaf22a647b3a65
SSDEEP

12288:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlO:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrWx

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

736d9b379dd719e83ab72087e049a926_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Windows\SysWOW64\HelpMe.exe	aspack_v212_v242
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe	aspack_v212_v242
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe	aspack_v212_v242
F:\AutoRun.exe	aspack_v212_v242

Drops startup file 3 IoCs

Processes:

736d9b379dd719e83ab72087e049a926_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

2792 HelpMe.exe

pid	process
2792	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

736d9b379dd719e83ab72087e049a926_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened (read-only)	\??\H:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\K:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\M:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\Q:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\S:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Y:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\Z:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\V:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\E:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\G:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\A:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\B:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\I:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\O:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\U:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\J:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\L:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\P:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\R:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\W:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\X:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\N:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\T:	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

736d9b379dd719e83ab72087e049a926_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

736d9b379dd719e83ab72087e049a926_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe

description	pid	process	target process
PID 1512 wrote to memory of 2792	1512	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe	HelpMe.exe
PID 1512 wrote to memory of 2792	1512	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe	HelpMe.exe
PID 1512 wrote to memory of 2792	1512	736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\736d9b379dd719e83ab72087e049a926_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1512

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:2792

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe
Filesize
689KB

MD5
b1ed81858943300d7b802b93de2c95f1

SHA1
bfab24e15aae8995d412338e82254cb303e542d9

SHA256
6fb46fdd86876705a8a493f2f05a64dfe6a6515105b44fc01ffcc410c8e22f9f

SHA512
5ff2f29a5a1f0e6584a81b00eca9f2d7cbbb626c0d2760e1e28d1f71688670ea67567344fb0ee9cee7fd5c730db7094dc7f65091dd3a00dcc6ba5ea917f3a631

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
4c1ab9fef93aafc507675f0f8a9be0e7

SHA1
c0930f9686debb1ba02e98852f748ae15473c7e1

SHA256
ccf6f2fae0486d56699133ccc2cd5daf77c5a4d31fae41c20d4511df27f22800

SHA512
790bb00357e25bd69c3c5696d7702f395bc8b8d61d77b66487f5ea775144e1abe86b16e7c823f4b02e52fbd8180dbba8e85fe5f56ef159a907521ef26718dc54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8508c589abea6a4e82b5d958720f2374

SHA1
e6905d9f673c7a2941404b6233501f756530815a

SHA256
9c38164dc537e7c582d05ad9a2ad05c79aa22aa9076ee9d33059bdfd40e86647

SHA512
d70a6de222612bdd6a1aec1fd47a8fad193e72cadd73b231aab6034e0cd70ffd19fff1c661fbf01df5c7547af1bf728ed5e30e07b2cd6f424248e50bb3574f51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d83d1e13289485ace66497afb995690f

SHA1
168cc4aaeacfa82aa2c5c3da8e21d12a8beb5b3a

SHA256
2160502655d2412219a475f62f13dece06424b674bd6bc1b8a72f725bed4a6f3

SHA512
afd2d1c81d549bdb484bada29ccfb12755a543866bcc71adc46a063207c74efbe694658c7ea2341295230fc537439ed0bf4698dd356714ff23f78221a879b87f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
23a82b66beb0cd9f21fc82e637a59ec2

SHA1
1f593facc88a6b1f13977444e108d7fcdf7c08e8

SHA256
70eba3dd15d81bab8b8c926f5ef17bc70a17e2dc00c45a690994efa96c6b86c3

SHA512
a60f86725c9898e64a1c6dcc83a88ee6e22981459917d2d2494877ea29aa432e2ed46b0f557ee80aa9c856ed803925ccb67bd76e0da6e3af2264b43fe4aebdee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
4b15b6c0a9da90ea9ce24199ec527b7a

SHA1
6d2c252b3a33b7c43a110b8022e57425bbc19ea9

SHA256
f058f8a3140688497883fffcf18c36695865afb492ad346d2e8d2c7017c86b29

SHA512
1c62cedc2e8273323e0ef2773cd21dba900a311f3866a4711fbccbb6b84659638eb06db6118caa7030d07457d339f15c71d438ccb710d3ac9e2717f23ae58bcb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d1ba2ee5852b50628bc86dfde9dac0fe

SHA1
cc4deb4bcaff479ac54a0264100d80a01b69b0f2

SHA256
8e1922972cb6ded162f60ccc5a5a9319c2a1384fdd5a601e71ac970ddd954b7c

SHA512
d33e91607e4649969f53fb30cfa05e92fece5c6566fad951573d417e8c6bb4a6a0e18676480d55be75b3d4c64f185e3c77db82cfe3561b3419ac6348f02ee6d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
09fba809b7ff7447acbf95676389f0eb

SHA1
96037d4a59c4263705ae9005d9cf99399e8a7d50

SHA256
4c94d107ee180c98be41b3352f52f49607fbdaf56212d6ade5ddd7aa4c26809f

SHA512
f06632019a23ec9e506291e8cc23323fe8715a5c15332ef3ac3ab1552321696fc2f25965f8b6c59acd53a4da697451f1a5ae79faa33da5e3a5d63958d0d62f7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e4d914b90125596d9ea8cc1b0cedee98

SHA1
001e8406d1d57596b2c86c334f04e7181b3a0c93

SHA256
f91085728db74e7d12ba56107a749c33825f5d62e7023c0560a3e2fefb69b865

SHA512
1387ddb889f871cfa78aaa5472bc38f0733a60dc9195da0a688ac79b2c7407675f5631658d02b6aad427a87234717e04fa4214e90b42797999e22ec87a75396a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
0bad4cf922c0ddb4d766c7bed87048c7

SHA1
01adf062cbf2d5f0c8133b2bdd5a8560f7582155

SHA256
ed06fefcd5a680e5d71da78a7934806822f603dcb589e7557e08f06462b49eb2

SHA512
3af68d57184100496a7d260630d16bf12ae874722b03d2aca414e166df25ddb420dd0dd7fa9825fec954a92c3c41f3e62902dcc7cdc563cf53cfe289e643aab7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e9067c6b694970228dc6ff18201886b2

SHA1
9cd146e54c73e975963c6825fa6e559a02e4f477

SHA256
43f1c38f9b044ebbd7980d5d7677502aade33c9c07e07417598ed4424da2579b

SHA512
62a8b66fa188364b434d675fb6d253e04bf41042a7217da5bbc3b3111ab193cddf9fea57b54d575590cfd470b5a6b16fc4d69d03b87598ee8555e10da6f7f3b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
7e333e6bc4a5452afd096252f6f6c8df

SHA1
76457d050a28cdacd0d8358b1464d1a901b80c7e

SHA256
3eb5c87534c045fc05122e878c6b981482d69ca6a8a70882b3cdc8080c361c58

SHA512
f4b2b5181ace5add9a3a2c601ad3957ef3b4baf2b5f1ca67a821c4615b4a88387e00da8a48a2353943e798662bb1faf9cd97f453ff6e4e547fb9c24f33d62249

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3d15b426194190b468d0d8d448d59f7e

SHA1
57355bb0baa3d2f39baad52d1318609225025144

SHA256
0d00e0c90dc9a82d3608acf5a256b35a1ce2d6a1626459804c5fdf051f9a03ca

SHA512
74d4c528532e1613558f3fc711972f8229ac6d7d12404507e752eee8e2377152d2a8b45b0c58681ac285e976758ba0867d9b9c38b4b733d6d39ae378476ee227

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
491fc4337578b35cf02adfd69663fd7b

SHA1
e7a93fe1cc28e2917e280668ff2fadfb9776e275

SHA256
0405ea68e2abadb2068d40233cc5279c9f3934e63d1bab22df2780ab0d38b7c6

SHA512
c3285d36a97b76b6f7c2a364305be3019474d64ce8f5110231c55898845991a575daceee13122e71bc376ed65d4b31b0340ee4d8a0364aad55b21ac7a56d0cce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d497c723492ee62cf78d40ddee794bcc

SHA1
993041674b3f18f16e83b910a863d04ca535608e

SHA256
d8a0262839b558416cf0ebb79e2df9f7da7d9b24e479312a01f78ce3792a9f8d

SHA512
fafc60b7028606fa77071aa5baa485c7470dfc9e184e09e38b6e323bfd6dbd9a14d50333f3bf92a8f885472336eed9e3154e9b78091997432e23f19ff0a0a81f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
50144b30ca64ed2a465af9921f0e161e

SHA1
aba35a22b1a48eded929a079f550a85d13d560ff

SHA256
28186f3f7d3fbdb69d1cc818accecdd322204b5ea9e13301f92ada5c66edd68a

SHA512
f48a8d49f94e6581773130851a83a0d493c1164c810c2af05dd9b592e783973ebbfa9969d501017a4be3acbfa891a1ec40e2369fa1ac96cd6e15a4587bd98e79

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
affa8a2545b21dd766f1f0d568e690f1

SHA1
dbfc9f0d68269f45dfc4af8b721dcc097574f792

SHA256
429768b78de2d4d7b5745d2ef56bff19e04a944464511a6d8b4211cd49ee826a

SHA512
c105c2c653309411936c4affb64c894dcb584f445acbc6786c65082b5a7d3fa7cd4a3fb74b774327bb3e53b4b6ac5b4874a41a98e11fa0210734d5a747f83d95

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f80e73ee98fc3d4de12c8d399be01995

SHA1
94b40ca66e5baf526f2984ae178a5a5714cc0dae

SHA256
a0909782d1f770cd42e149858b3c2de3e053debbb160662e2681cc0077931aff

SHA512
66aba85e366f16975abcae02629e8a42c73a3a904a88d0930818aa4f207ea35208d904ced89b0383207a60e6d4aff4f5a4a457b1b34f21ddfdf3ab5aca91c44c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2d98d63e1c30cb9a19ce9e9d8f2c773f

SHA1
fed5af781ddabb62adfcb091f65db0c0f05ed2f1

SHA256
29b7c42b4dfc9e1bf2d3839669c37cd977e02aa3bf0fcaf215b836ac348932a3

SHA512
918d6e9c75b7cc9f64c5484d833cdc6a534eb14fbb4ee64009648078081dbb3cc1b230421fe6936575c0ea68b22b6994640ab7dc61d7b6cb4f59c5e85e0d2bcd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
0b4abbb52426093e26f3af2af7556d61

SHA1
134566bb335a3c5e4e58a6bb40a7de3526382e91

SHA256
95d37786d050c94839face05bcaee710c4f09bd2d5ffca6229643aec48e0bb5e

SHA512
30ecc2a34acb3fa56030c86c4ef2df95d463fee2a04375858db4f1c1f3be0f91c0159b6aaa28129bc615c2ce21aabc82c11ccdf61d9e8705ea09ccc2cf2c01e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
de96893627acd52b6c93255b5239fa12

SHA1
6b563f12dc83536bcd56323c19cbfd4565eaa58c

SHA256
160434706bf295675f1213307f78117e1adfa984195d19283be38c3d6da98125

SHA512
202d0d7aaa55481d75aa4cc846e16e24988e65a6be09bd32f1e9928d73d3901a29396f0f2430fed01c03537607a8d8ffd045c498b74c882495ffbec87e2cfe4a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
0347e8fcdf3b65ae8c81e2608348b3b6

SHA1
f1c8fa9284ccccec30842b4255e6721fabb10871

SHA256
272e1a65eec68e56e1bf4e64f2b9c39ed84aa15a5f0b522584a12e2dbd54ec6f

SHA512
5c44e7f435b5773fe20430b2ab688c1927ff57703a79b6e6b2d566e251e3d0a2be32f424793bad64333311546ac7058005fb241206b22ebe0137cc2d46cfd4ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
80f57d3da851786d4ec1429871bd7ea3

SHA1
3adc1b21c3fae9510b53d4579f3dd876e2fcd158

SHA256
6dc23186eb008278394d3716b1a770ab7e688d5a3f90880f7b7e95f3a91a6ab6

SHA512
9286a02ec8896c58aaa214d1aac85f8ca850fcb2c16ea8b8d386907534e3adfd8ca743d5a7b7bd91374c8c46f85f5c1cd4bdae6beddd9c37cd145e30750d19fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2ab71f5f4aa5fa8a8b2d0ffe5beeaf2b

SHA1
0b1a1e2e7e16519803f5e2e83732156cec1a303a

SHA256
c698aa39661b7adedcbeffb2d28f865280f3b4e2dc8b092099df5acc936fc37a

SHA512
3335b11f8bbe496b4b6ef403af04fc5228645e014caceea3bafb56a8e62663217504f5683edf449d32f31865bb452c9e72ea605525e6a8c3edbaec2b5fea01bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7c074664ba9374367b5324d02431365f

SHA1
26d6b45a49844c8d478bbcb524451afe36c28214

SHA256
0bd9e53e80cc509fb03b8c817b5920574db844c3ccb0af740940255eee18ebf4

SHA512
8ab9922b4eeaad71fa07a78c70ed904007a980587ade508bb05cecfff5a610845f517e1e006fecbf4901a3ad96a4f8e71ae1232452e42e5946919118a46b17ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8bc359507ad7da3beeefecc19d6c53a1

SHA1
3df29265cbf710a3faf7f9e5f367fceff27fa0ff

SHA256
a77c686fda2a236e9bd43bba74b6fb00abf29b8122907ac4a15cb0108ef0e855

SHA512
fc50773ac681bc46df07c2e7b9daeafce9911c46674b05e98547acf44af4e7616cae6f39796da1908b8bc9d98211b29f85c059a4db4f2ba52281b80f48227f3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
05274903a4d65cfac2097976df3e9f44

SHA1
39036cfbda40460652a3c0ca95f38e5caf09bef8

SHA256
b67dce6c46b8e441ef615ffd0a9d7c97536a63bd4eec170b1b426bbbd7e36db2

SHA512
119a157c889b91b885c65337322eb2073b978adcc5cee152d3e69f9b37d36c33c2ea86d2b07a7f4a4379063e1efdfbb5f74bf7a53576c04406eb06978ec17e48

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
9b3629602c891aec9c1dad6abe79f5c4

SHA1
60761234620080b099b439bf3fdc460a0f532ef8

SHA256
b318839f7b14ca81de3abc26bbcf460cdca8539e5abdb46a7262f345636c139b

SHA512
b38a8f3b6a157385b5d6dc675de1138d4b679a1595a1f607ac1ebbc2ca848c149e2d1a82ba35e8105ed3915c9af05e38767f5e02098b02ff40799f34b9e83f83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
17016b80143db8fccef265b3c0bad519

SHA1
ac59e805dd982e14fcfb6df31ff84694a2db9fc4

SHA256
646362c8f1105a0c32ae3c674474b984ad09e4e2058147ce7e35b0da951c34fa

SHA512
45fdab9bc43334ea71c3a56174a88cc39000d0daf1e12deca961fd885d1675eabaf9c7ea5d1667f4e2b02ac0a10cd82243a0a6a8f59d16a5301a6e60b79027db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8b1c048257b2da87db30528002f9888e

SHA1
65030a129afd9b37d803984f00b858de3b96d6db

SHA256
b04b4725689cac8ffc97fe655cb6af6e69eb76ad669d94a55a586d5756d408fb

SHA512
9446a4a1bbb9633ed029cd2dacd6e8d92ed1c51f055122021d1c99228f9bf8c61c5f8aaee008b8fafcaefca14e143a2e20f0e4e4eb79fd2831f6cec89a9ed882

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
58be7487e0c619afbd38ea2e4c30c6be

SHA1
214acd75f351b635811e297ae1caf00c85a17013

SHA256
0c8de97ca0101e8339f0a2abff171cd16b0e96794f53652732bf19e8006b0267

SHA512
5755034984e3bf8ca85a9ab527d1f728e3940ffce4e43c7f15e7510d37fc07ec18201d5b8e857fbc743e5af69a6a58501bc7e44682e7503ee9b8c731ad19a2fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d6eb8006ba18eb140dff9a5ed043bfcc

SHA1
4fd5f920d9715e3794c4664fbd7ecb7a205d79ae

SHA256
c51ee877095e4a540f10954e2a0e67cb15bbf80bcc1b76b7b983f018d85aafeb

SHA512
4ca5a20a1bf0190e312143ab9aed1303ac32d78d09bd622260610a56c580df080ece6a9870e9661b8896ae4f95e48c9910bd30e4f68d2aa126ca893dc0a1460a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d617439387e3b60bb2a7587e0aa72a1f

SHA1
c07c3bfa96c92808ca1d46773d070c67489fe69c

SHA256
189911e6b4ebe0f847233101c1c994b3a2f46697f3151c21699b38442a9d9bef

SHA512
82aa903fc85c787116062e6856ba5aac32a3f4c90da397251f4421e15f5c92e87938ec83fc5e3fb56551d103e624cc0bf3e16e87215344d358e3d16a10e8de6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8a74b607cab0d550568da4e76f342b96

SHA1
e03780a74db4d130ae484f0c8e33bf4308bd3813

SHA256
08e8502f552a963fb3887a053ac337a5390a7988c275d3e3f6ccd196c2ca93e9

SHA512
eefc6384bb31a9753410897cd8fb57c716cbe3ece867ab33c804955ecf2e92e4971b7f8b559e54993ce5d28df3f44c173297bb3f81fac565dbbee73206810d61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
995fb0be0ef307548faf2dd899162f4d

SHA1
747b9319e44f64a6156a31698cba30b94491cf31

SHA256
b702ed03b0cca779647d51f667ada83e4061c9e833abb54830150473ccf9c428

SHA512
c157fd7e8e9ade9fe5c7c0bcdb088a13a5cd6b13603d45f085fb8af66b5e7948b74ecedb904b6261cc77fa8180ffa4250b3b41dea6cb0c713a20d6bed339e9a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
143453bdc7cf3c6035b0efaf0f06b11b

SHA1
bf1cafc76ef1824260e3583c5c6217db748bfae5

SHA256
a72ad23da0189e689fff7fae0edd97a4f9c86c47746eaa05c86f5311339e49d3

SHA512
9f1c6256a374acb407db26a764123ceec24a9fc529c4bc37d59e8ed207460bba2ef4dd64d24bc50e0bc081835c518ffbe6cb9c05bbd9cee20a4de3fcff84ae69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2d61e27e9e312c1b008fc76117b3aec8

SHA1
6f5cd1a0226d7c4cf47a6ca260df53a0ec68c498

SHA256
6bf6ac4674294b5b3e14149f4012cb62583c0b9e0d75fca62e73980b7795bb2d

SHA512
7ba54b15227d9a8a6a7bfcfe86f7caa022276a6ad4e71606f75f12a79ee440f77a70cbfaa973f40a565e8664e1042d0a4bb3447c64169d5f43743a7cd40f294c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
597806f2f9203f159b9490526f5b1881

SHA1
f9230ed1179636a98620aff3d5ead08baeda0571

SHA256
58bbcb516cdbc2958f6636491b10183bd8cb4c6a52bff01d4d46e660213afd95

SHA512
91c61536eac2b6986817849ec3bb59cf194132aeea7f25a11e0857a554a74bc87680ca7328c50f088e10f8fc923d3c8b808d047926ff04410e2661be80d4e1f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
88132292812cc33c07410462152ea32a

SHA1
a10d29c2dea65e5e8bdaaf6e2ff061d0b200d781

SHA256
b9fb8f36f319b6ca964e4bb25f082c6c543d6bcd922249598b2617747e062ea8

SHA512
12d5e4e79c5a18f5f544e3468a4b6665dda3c5226840ad912e1b6564ef771d80fcb9012a7c46b054af8df26d193d4d4864c91773803caa14e1716fe305e09ee2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
31050f9ca7d71575c9df93320a3864a3

SHA1
c6a3ae4db81fd90d210840fe08b4f3e20eeb2137

SHA256
752c253c9f34b1f9c17734d0eae0d30cbc60432bf71b7601b5d48d19852c9579

SHA512
1ea121d4b00318ea039a05776373b8a3e7d68ddcc86232eae886fbc1d796b7e9b2ccae73ada767d3847679a859bc7c3646d2c129f238d9aaf275a2d431e97426

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
8cf16cccfd6fc62c81767f1ff4298e2b

SHA1
4815e7b938fc18594e018755d726c5e1de3cef39

SHA256
f0127969b5a4ee49cb5d672221c51facd01cb5975665b8c9470d465365b5bfb5

SHA512
aed5fb1dd7f75d5bf10e697fc1f0fd9811afd0a77f82af7da52853d81be014c0b0f613a0944c1e8a602d74e6af30d294986b5e7223d5c0052052c17a8f9c3032

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
5f935cdbd0781279fc73cb938138f387

SHA1
52f4a6477fbef05ad217f8da2dae3d280feea52e

SHA256
134a0c640ef520dfe185967c6a5c058cb7e4b3545fe16c5028caf51f17e534a8

SHA512
fe014d92e25f9740ab77e0ef98bfb34e1c32b43685ac3a779e2a709da7e3946ccde9d191c6d6b33168e9558b5e9233fefad718bd785f867836ee9e7f5936c878

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3a3d85d38b90a8c8935cf69750e0be82

SHA1
a22c675afd50fd0c01c5fd0b519341ea4aa5e4b5

SHA256
009778e0360c2c5e3e07f7bf9ebb6de82490921cd3f5a93ff19456cb04e93f9b

SHA512
91546332736c989c9fcb70cb8058446a603c521b0d747ae3fb62e48d29d9c51b49275c7b202ed8e4dbd4876d0037653c0974e162425fbd7a3bcbc5ad94598364

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
4b284fda14022ebf2c1f747907d5fe1c

SHA1
239d028d05f8d7d4212dae525c64fde59ff2dea9

SHA256
a4875a2a70998a34752cc18ce98be25d8f153705436fdff4f2f05068ad75df78

SHA512
f8bafa11b3a0074b88ccc39e73473eb2cf88655b58312a283bf957ad7f606c2c0a99914a8fd2062a5af69f9a9027529f57f50ef87860e40c5d3038907b37f3e9

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
688KB

MD5
64a8098b4243ef9bbe8f89d37ee100b1

SHA1
9b03863ce1fcbe8ea2c41769f2bb78bb416bef39

SHA256
ab294b842c138b608a02c6e5e014a4bcca89922d4c92e177adbe4d4c4205ea54

SHA512
685355f5eb2587e3a520a9280b535c77fc2a617fe11ee6a410392cf61d0edcc9a7e824a2277f6b6aa9e35131dfedb4346da58e4ec028e6dcacf38f778090a794

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe
Filesize
689KB

MD5
571a96348108d45f8b803a0980433275

SHA1
bd309c17e9097ae15ad2b98f27ad1f6de487782a

SHA256
7a0717080a044784adfaf2cc2c8e2165df50369f9d9bc14aa62e537f7f8ed46b

SHA512
ced594b71a998b0a500f6bae0d24586882707fc505413945864e734e1db26557e9520c7b2a6873e55a3ec348f0a3c30ac3c3f8c914f2bbbafec74b4f19c9c6fb

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
688KB

MD5
736d9b379dd719e83ab72087e049a926

SHA1
8c1046878e2c9552dfed5e669bd094912441b323

SHA256
ecd58d531ddcad00b7f9074677c149f2413be98b6f4e544cfc350692b20cb3f0

SHA512
f5720a9c7899c4506986041b8ccef9e8036d49fe0729b2a13b3d0163efaac1ce964fe13fdaa1f52a9ba7539ab63f6fbf470e4c59785b376f09aaf22a647b3a65

Download Submit
memory/1512-130-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-149-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-100-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-74-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-116-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-177-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-169-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-88-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-68-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-110-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-0-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/1512-159-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-140-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-48-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1512-58-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-69-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-89-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-49-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-141-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-59-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-160-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-150-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-131-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-75-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-170-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-101-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-5-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2792-111-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-178-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2792-121-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download