793c32d6660a388f837206d748cd633275ea1bf9ca2d9919f7994bdcef578cbb

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
Size

1.1MB
MD5

72f15dce2fb58c6bb1a9abb63a38e456
SHA1

e1ae8b2bc824aee591cd16a10d1506651b9d2144
SHA256

793c32d6660a388f837206d748cd633275ea1bf9ca2d9919f7994bdcef578cbb
SHA512

f841b6b0327eaa513abcc3a715a3111566fa0c4c04e72f1213f443f1f75439858a64ae86c1bf5cd0e3ec8c58bcf845071d1c7561f85ce5e1cb02502597c43c5c
SSDEEP

24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvQ:BEs1ly

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exeHelpMe.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

Processes:

72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

1560 HelpMe.exe

pid	process
1560	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe

description	ioc	process
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\I:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\N:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\Y:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\H:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\M:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\Z:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\W:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\X:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\U:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\L:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\V:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\G:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\J:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\Q:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\S:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\R:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\E:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\K:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\O:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\P:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\T:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\A:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\B:	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened (read-only)	\??\Q:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File opened for modification	C:\AUTORUN.INF	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

Processes:

72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe

description	pid	process	target process
PID 1620 wrote to memory of 1560	1620	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe	HelpMe.exe
PID 1620 wrote to memory of 1560	1620	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe	HelpMe.exe
PID 1620 wrote to memory of 1560	1620	72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\72f15dce2fb58c6bb1a9abb63a38e456_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1620

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:1560

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe
Filesize
1.1MB

MD5
9ec307635650335236b47e78eada2400

SHA1
3a99d6e890996be7c631fa5954ed5c7e2c539646

SHA256
10928e5f04fe87d06bed97984e17f67deedacf3c47739514028dc7a689309330

SHA512
9ba55429f1ef95b3a1b7beaafd8857fb91c6e966c2129c5c91687f049d2ef06720badabc32f9c85f6e31d5b95bf6c2dcd9cef1c44d0035d3089e49971c0ba485

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
acc20833e734c8560048c9fb0d830988

SHA1
c34d0be3a02cf824a3550c4975a0d2163b155b80

SHA256
8eacaf8991503403da8df0d1c657127937608a5e623c5da9271d39a05b7e235b

SHA512
5e7d2ba0fd021a17b0f0cdfda7934dc913476d42ba4115d12f3cfecae7fc788565e1e68f3f42e53ed87cdd5aca38b8f4b5afd97b5a03b2b3844ebae9b3560543

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a738c8c7363d3bb8db41ac4243c9dca9

SHA1
4d9ec2a5b073abf234e9613f557dfb1cbdad368f

SHA256
02ac6e93886978195e6acd5aadc7f96f5042dc50329297ef321039d26304bf19

SHA512
973aebcb6c52dc287b14b3138efd94adc15baf252b9c0b527119c2ccc248f159908f538641b2c1fc196dd7a505c55f28c4d618aaa7da0667d0ef90a3b29fd5f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
dca156d46fd95912b0547455db1fc4da

SHA1
3f89660309ed6c59fdba0fab9eec5d21c35abe66

SHA256
9c5581392851ef62a18a5ca0a033f58bee98d98c1467f6f0913f7a0aaf8400e6

SHA512
97147b91e81fb483f819f3a1da2a1d65c72e03cc3018e914af7f27296b2495586e60cf18c99b3e66413ea9fc4ef7d2ddeb16c64158bdfe675f0acdefd3a2453e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c870de281f02257a9126252a431e406e

SHA1
d35901794630c7e3e5031c655130e21cf6971661

SHA256
9598f0deaa70693b13f840df080f251ce704d01143f8bd46fbb407e9d2f916a6

SHA512
ac0b3c61afcf6e7d9568f65751f3c6f3a526af01b63c8fc4a418a07ce6ef5c9eacdf4553e50bc293a2e5b207edcec3adcc4e092dcb7b05ddaeb65fb49590fab7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
305535139b6936bf8c4a93f895042404

SHA1
e08cd3fc0f95351e60758794c3f3938951fa956d

SHA256
1f79c0e670d1b58ca7a812ef1990ed9d485c012b565a86585f80f56cc8882cfc

SHA512
f3b56995fc4ee61d90ef7206a8e39a90bfc3827172ccbda0d31c979e1103fae7d820de4c89ea3e3aa291f6d167e40515db15831fe69e50f89f2282d7f322b52a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
631955678c813634aaadf7e72682172b

SHA1
f49650200dd0b2f87569a3f50cb7e6bfef26f845

SHA256
2c83cd67ad62cf5ef33e329f9cb08e4570e122049e8f3c5076c9d01c52079a93

SHA512
801b5feafd073ce48c707c0309a65adcf13d5d107aa43e31f9787ec900db4505ec4133f25fb492dced8e246fca78755740d47fd044fa8cfacd1c2af1aa145036

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
04eb4c201770e4d0b493132cde876010

SHA1
623c083cf818c5571bba5d470ff4db6227df971a

SHA256
54dc579dfa39187d8fc5678de2b721f41dda4ecac49d0cf67aa81fdec9230f95

SHA512
1912015346e41a756ce7c0c89139b8fb60cda0da8bcda0909fded7a08248a4b5d6aedf72566e11a0d5dd6ea561a82abf29391c4a961db9b85df368f676589efd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
5f7532f97965042a66e0b31e7439647d

SHA1
30bb0d2a6c4f493e8ccd3ce1a8048724a9f6a0c8

SHA256
dfa87050512844e7e7a379ad51aa3b60c4f1cca025521c887e7bfdce8e1fc2d2

SHA512
06a246089cee0ff7f59421104adf0dc9a6c4356ba9b5876b2089f06c286957e82fce1ec235d43d759be9ea0d234643407dea750a7172b1c9329096b00c40a481

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
0bb1aa1412b9223fd1fd91b3fbc60a88

SHA1
ed6e9420133a1036bd53f8a113b7dadfd05b573d

SHA256
8c6cdf7b5b27ef4843bffd945f5b3e63b54b699be8466bf51fc8d945471b7235

SHA512
1e3a9eef866ddeb0162cfc69c8e51896a2c3ca55c3129e3a86f5470d6da6dcd0e49f6a0a9c95bb258fd10e0d7148eddaa0fd4dd590f05774f5d8d707b4cecfac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
e247c70f6368f752b36520434f5d93c5

SHA1
90bdccaaf26a1b45669de80068a71e5df6fc43c8

SHA256
41442280984e14696f9d159c69c777e66815f8a3fbbcd2d3486b4792b0423153

SHA512
2a80c86ed30b1e8d8c4896a58758ad1dd57cc61caaf6a884d883a54dfe9a4bf46cdb727ecb53f9c73f4b8a04645dc588c3a2840381e8af61b10a2d927cd0869a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
2e5764074e5026939dc1c79745fcb128

SHA1
163e6a604eb3504e2df1c57c0362e53c608dec1a

SHA256
cd770e4e0c367357c2800847861cf909bd10f0615595d96b3fc7d31f47f5fa19

SHA512
fce67910df7bdd5e0202b5fd241d8a5af3585b7ea4c20f7ad44ccec273e594b9968798e2137f8ce5c4747147311ce743472012954bca262a9664ca35dd0da4fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
109f98f0746180a5aae8805e73273570

SHA1
98546839b7766360b63306ebbd2a339a221a9e9c

SHA256
697750ca522b10378288f8247f21f54c47efa38d22d643b21b2386aa2c325d1a

SHA512
64926c247c561b8ff06d0bd43aa9e6a7a678c8d5217a9d0ddc2a9e5d856b00d61c542eceb8f2bec3ee5542d166c2ee51b7f9c73c52615302d0a93da0b2aa8cad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
7276bf8b1a4216909a77baa9b223828e

SHA1
c3629a9158a16124fb78028e44f25fab9f321fa9

SHA256
6b20eccc103a8c31a3c1d81ab601fc2b9ed37a8bac55357bfcc35e7b9137dfc4

SHA512
879d2134edef0ede52dd32e3afcfa8a53bcfb2233bfc5f775dc84f501f8a0505bd9a7a1b5c07b6b9e6587e861fc8863d016e0342948710f1ff08aec88d4e8fd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d0ce752dcba72ef58edd216a192a0659

SHA1
5dc982407742089a11bb12db4b967658edf2299a

SHA256
029e5987434963f5724799e552fc89467cba5b3d57ae5cd827ba8f8a1a9d7821

SHA512
646a029c0a312a5ba003cc5800940cf77e38839ef2360c953ed1fd28dc8a78e8e350c55839a7425b41297c0c85bec0853ca6e0a5585286a70b3f14ab0ea2e6c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d20c32ff587ac43dace33a9a813e14cd

SHA1
6268ed42537a6460d62c2a81fe0b237941343d02

SHA256
eb99509571d07c463ca17cd365c2615b249625821369b26c247a32cfe5ce1613

SHA512
0958615512aba479ec79a7b8eca83911102692cbf6123dcd5602660a4771c17bde5a82c7b01068b96eb3d3993d9b3cdfa2e33578a5255711c3b43aad8b81b19e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
fbec25ed19b258a6e7a0a2d52bd3f514

SHA1
013e7ab8ca596d38802363a8c06af13defe0b28c

SHA256
abe3cc8c154629f0371024ee313d892f49cd63c0164912dcee878b0d5fef419f

SHA512
ac44f96adb14ff516b7ed7e59cec7467de1c5ec09af86d3bec91c1ec9a111141182f3e3f69e05026afc6a4801dc675f4d253e10248dfb44aefbd2d848274c92a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
b98b89bffe2231ad8fd14bc57bdaea9a

SHA1
48621d428509e50696ebd6eade0bf909d54cdce9

SHA256
a718ff225f965810270ef3fcd5e932f6a8cfc47dbc710263456754f3733ef6bf

SHA512
e3a1618287c6f041b35c0f3fd5d5880f2909c67bce07046d2dc608c2ae389d2b3a08f908994113c083964bc415b934be1bef152d120d502aa82d805a0019b67f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
127315cf445036e8e0de00e7cc304bba

SHA1
9bc69c0e7970d1a294d11bb6533783462a9468d4

SHA256
0e7c49ce86634b5562a243b8e2b7612a7ede86c21b0f5581db3cdba2c47e53f8

SHA512
c653297ddb2b8871496e2fcf4a6a0fb9303ebdaec2a6092eaa8139cce4081f63b23e4e3dbf35f5a50258de8fe7aa9b98db377dd0975a4d55660031347250b99f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
82002c1f1d06622732c79f732f89a145

SHA1
4ed33f552a151657204f6f32c9f388dd21d90874

SHA256
d1a217d83c9788dfcac1a41bad6ab0cf16297e5cbc148b9783fcc9ccdd47c1b1

SHA512
dd768ea8bb547e78baecfb72a317730dd8198e7b7e398a36312e2ded9edd7cb412df557aa25aa97adbfd8e0eeab3d96bba86e2cb431479def8220edde6b59c33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
090ba3acd219cea780c9c95a7320ce3c

SHA1
f57029fa37ed9c1b1e52a5d6c6c4cd0ab9e08cfc

SHA256
1f15ab0793c1e7b0235eeea4d11f42de98dae69cc747221836dca92a3e7b0a6a

SHA512
de387848d10ce05c2358bf39316016cdf3bd85546041f617ad5d76897f87d44a6b41b86d11e84901291ebc749287fea0f9478289229c9c8798b860aaf4bd4709

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
13f6d1ceeb057c7e9e59d7c3c914c151

SHA1
a6696e917e2c86ac01631583291901abd92d4f13

SHA256
b383f5a135001f2f497f4a9f1fb1fbcb5625407c9bbd631bf75e98a1e3975087

SHA512
3ddd5a5a8f378002fdf4a758f45070b562f055a2c83c19741c7e07cbd264efbba7591b8177f43342dc441ec1d9f62a4ad15a054aed6fc4e9dc7303c178bfa9e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
49ef4996f1b48de957dcf21a43f0872f

SHA1
bff665152f9cbfe87ef8867dd31c3c9fbd28c8a6

SHA256
0640c0a120e129fed39ce2822aa39ac826ca0cd878e5cbac221202feffaa1764

SHA512
ddd8d1e409c6264689501fb2a882dfa31d610b8457f898e4f5401034f0ad9a7ab5253f9018413e62c60526b3883596bbc56299520e21284ceb01486da89cfe24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
5baeb4351ca6ef1ac6e50185dfdd3455

SHA1
dce202fb20d58be86991c9a09b693fa3f9ef4cb6

SHA256
3e1ab55cc318d1755345a1b3a329a9f166cda7d8da6a1a8495ecc81c7c3c714d

SHA512
2f9945f30ef714561bc01a772db219ff2cc6d3bc5993721bc1d4acbe9af6c5ba9994eb5c4853e57b9c05152587721f53620a149fa1247529d35dbc39f6487763

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3a811032588780b9e8180f41ad7f5602

SHA1
19619f3d164dadbea72bd188735a6d9a1f21e2ae

SHA256
c26382de6876318f6d0105e2a5fd69bbf45eca1273fa6f47bbd311829b58ff82

SHA512
0897a9182c75b02f6e596e3805bd362ce063191f5f158d08c1888c8c941c907069ea083f8af7b0cd463b7b0d8fe33db72e8ab3bb34d714c3995bf841714f59c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
7ddaef01894d88cc73e7504d08d67af7

SHA1
0075eb3ee3f20dd3e7c7f95726e13c3ad955249e

SHA256
41ec881ab7d908d9212edbc50790d458ffe2c1fdf501c24baccc23cbe24bf025

SHA512
6bbe4d7cca13ef41edc9504c43f7fc1902895037ff336eb251aaccc259f46e7b0c09cfb0cde1973b6214cdd743c0f78aeadff06b845bb736142920afd16256b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
49606f16618ad9d097560b8d7804984d

SHA1
99c0f52fe2ff8a52d1bb4ad8e48aceec24e9dc8b

SHA256
e9f1b1b0e72bdf1b275d35e3b25d5e22f011994348e35485292fcea0954f37a5

SHA512
f60197d92da90d7db05a02380e5d4e3b5ba9d107039c512b489b94c263066833c9e00591265e52c8017ad0a9489d3cf2136a66b4c901df883c7ba916fb94a479

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
52010c6d7b36753f734414d4429ecf65

SHA1
461b73fddc3961b764db74671e6a1580460a5155

SHA256
fd13862bc4ae928aea489b1e08dcda521f32edabecd1366934dbb98f179eda77

SHA512
61b17cf68ca85709214b9629995502dcbcbdc056fa7533d30a2378e9032b04910d21393c58f2d5711028ecf971e3068e99c969ca2d251feba550d84473900275

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
34fcd9f6311d449a73ca0f38800d4bdb

SHA1
cb8fed77d1037ac81ee2ca28adf2fdc5ef08577c

SHA256
d256e42f96f9b7fb3b04edb38581d7fc3f6d517f199fd89bc6868ec43bc2c854

SHA512
14b0da7ac981a8f2477546b16c70f8d8959b3e1ed633a44087c29f9044fc41ca27f0b94eb5e932c792b33777b8007f33efae124b8e4094110eba69677905ce06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
1b4a6332df649cf1dab303b4e62a3faa

SHA1
1d7750e3b4b9ef2ff49e0678caa6f4360feacee0

SHA256
d45069c33074bb7fb7b2de957220008dcaf989772a1f280abc7a4fcaf3c9293a

SHA512
c10ffe15d69b5c09b5ae5c2a58988b3615851ab222189c1d3d13050b71f509ef40d4785c9642dfe3b601ade5bbeaa71d24b1f200f4e1379761319572a9423a34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d03a03e15ad885a8dcf972f40eeee805

SHA1
13c6c6f4f8dc9f846ece35ca97d996331758c636

SHA256
14f1b87fefc934c4aba6b763d951d47b065c8163c1be8a8b24739fd507230a7e

SHA512
4f39994f3dfd99344e9ffaf0c780313d64d5c55917ce3ceb0419256e024be90d722905f94edd7326f0d31fcaa300cf4b8c6b17b4ae7a630471499ca92d6e13b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
29a700f754a1c53975165ac4b12e23e1

SHA1
ea2d3a25bd15adc525fb6a53b5a01a05e78503b1

SHA256
e16e1ff80f7d76205e63fe16b4ce0faf721b23d96f4824d94c5669407bedeff8

SHA512
8f934e6532011bd85267fecfabf528191143b85bbd3dc02aa0465f16fef2168b413d86fd8536abc2ce05f38706d05e2dbb5524390d0f2711ed9e682bc6d6caeb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
22f2b2b5bce76ada3390fde6279dd620

SHA1
75330e773c22ef9fae7f9eeb136b7898d9b1790f

SHA256
705fa4279a0ce7b4bc5e3a47f91805bea0ba8f80c06d222ecda04305f4e59d06

SHA512
8671f8c93b153738cdae758a85d2714a6aff610d8ba1d0e61717ec1362ac8c0dd63135cb77aa4f3372513909c8867166ac8fcf81f524c1949f70d5de9783bb6a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
6af4614b06ba17c499c6b916d6ad2f3b

SHA1
e5bfb3752cebdfcbe545db80e435d7b5a199ac88

SHA256
d177effa25fdc74d08edb48fa0b782f0384706cc9c449d669946c4ac2ce39366

SHA512
616b0a6526d6bc05aefa675755f842d7d8fb8624d017301a52c6c8d1b4ad2ab2b586698e6621869f9bd05494723d6dcede78c390bf92f65e77780f229dc16fb6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
bdce7834d83d40080931fc0ca80a5ba3

SHA1
34291be500bab6b019a8c166c2c1fa9acd70af2c

SHA256
4fcbed69c2b5a54f0184b74d6cbf6249da0ed80d0a97fceb5323fb480ee48181

SHA512
2846d105ddc0a0f1a44a304d8a576f27423a871477ebee73e082d1525e9a4d0bf047dcfd79ea2b16606fdd0ea52c180b19793bab93cea5947852cf57e1884d9f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
6c0591e1adbb4dcd65e968e1675cae9a

SHA1
409b7b533a6b753730773ac3d830c4edb616fae5

SHA256
464844938e559280ec76f341a27192a2c68be5a76b89560d3c921f085c679dfe

SHA512
81161e9518d7499078de1d83f9de494c5ba2a052f7616ca9a9573aeb87f25f4a7ffa9506be11d183043d281c174aff2e342cd23328653f88a4b4c45800993361

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
514c07f89dd114701cb7bc6a8efaa468

SHA1
7437a9fd1c0e8fe9b66b9331201e369090949570

SHA256
8798d71adfe2d85b61edfe146d331187edb84aa1a231e1a532700ca6380b9831

SHA512
0a8af5b5e062231fc92aedf2d61e85ffd4828461c0be8b42697082fbb65cb63a6bd4fb3a1627673fadbc84caf6699c8fff1239733c04e146b98fa463430290a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
82a2408929010a3a03a62da0b8b013de

SHA1
b0facefa332f8a984f59d9f61b548f7d08dae721

SHA256
14346ec2a187f6452e6d0f71393d26180791a4d94adc2a2aacac9d53066f9b2c

SHA512
cd955e5ea90f93b109ded925ab064edf96f812ef8928474f717ac050826db66371e1f16dc63e7e2edc1c8ba26471e20714429e6fa28595632d9d450c9ac74f07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
03d0b2bec3bc6ff1b4a661d1ec4e9ddf

SHA1
72ea9a94135df1d49b32391e139cb21a1ce1a797

SHA256
c92fab83dceff473f3878b0b7e76377813942ddc0912c47e11476d799295ab0f

SHA512
a8f365064984e3c619e7a54d412756dcd0d34812e7c7ae0b434e0a63e3d87eefd541f7cffd9bb46417cb095c7413ceaee15cd217a18b4596a4b0ff9144892c80

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8b5c986e5eff4a404a9042624191238f

SHA1
d73c0e09ad24c180a3f241966053f5bf6528a821

SHA256
e7308bc4946a1196bf5d3ca204001db133608755cf7740e91d4fa8ae6965450d

SHA512
f8b3cc29c9fdec9c00d82a3db219996044450921a1e56db8addaa16b8296973860ee8cc929f15565a8c77b1e312ae324c0e0f5a6b758189aa3f60e9f5b9f6d1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
b7562b20fd4ea38dc74f49246a587fde

SHA1
32baf77118240df559d036d1626c25c0d95f8c8d

SHA256
baca5f0b158acbdfebff7ade8618af11a1d9350866e992e6c0ff9e5351f3d19d

SHA512
118587ddd6e1070873f498adcd3a6ec7ca11823a79be8d9f5e842609e27cb9021e7375921487ee24fb31f91c614cecdfba2cb8c599a07190b238365efd227ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
1a4d71ac28c6c7ad100ebb42cd8cf150

SHA1
2361fffe4b90d28567ad4983ad618f3e9ebf04be

SHA256
d5055c534f44c480c50cacc3eac5d41b4ebfef0d6ef8099ba25fb94510900344

SHA512
47c2c847d4e68be3b428bdc1050f19de058e4079563c82787912620cc5028cd4583e68e6e07ce773cbfe11435d6cded8052a766265a587326de2fbbc786ef98c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
4e691655058a1131d892caaa20cf58f9

SHA1
e54ddd8f841ae3cd23e5784550549e20a3886b6b

SHA256
1ae25a977e464309502fbfa016de68c9293096a2aa0d44a9101a44d80bec3258

SHA512
8017878c4a3f5c1bb90c74c04423fe0faed2bfdd831936ac7398df35267f0aeed8bfad0ecb4957d788634a980fd58f2a8d4b2f71a3fc350d54b579691c5ec0ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e090b414fee741420a40f09e5c045dec

SHA1
99c59f995a762bbf9b78a5f8637e0bd2718de93a

SHA256
9c1dd3c6a1ea939e450dc2c9d0b4015d30e4973cb1570731b3aa87e80dcf2fe4

SHA512
2226ae811ba9d4f79203e8036944de5ebd377ebdd9c8425fe44f59dfa06fd1e505f9ee30a653c2a50843e09664122df36493aef626cafcab0638d7ee7a79dd5b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
175aa2cf01393c3703a68081e7b8223c

SHA1
11243cd0187c36b4f23dea822cead95d17edfe6a

SHA256
2c68d215045ea83dca98c1574b7c872df622215a935433d57e2747e44dd6bbed

SHA512
152be04cea6037fddbb1ca7ba44c8999b6d9c05b88e3f55f7341198dfa62aa00aa2fd73bd8eb90a59eb7f5d3a20d125e2209d393f670ffdd6f0921398d40b23d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
661b80d7f176560fb03ba9c62b828239

SHA1
96d9ad90e7333360dc6a30a2bf5231c8ca5838f5

SHA256
e00b4de935c12139147d314820b14343ea77ef19ee69b427b22aa6b628ad2309

SHA512
a15078e3ebd9b11ebaec839a04e76a66229c1db4a78bc9893b0728d1f3b8f3782c28bb8f783c1af2a8463f5306c492d93db70e3adaa6e2e7cf0d37ab540e0bd9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f0b09e8be7d6dc44ee6fbc8aa00bdb12

SHA1
6399a37c9f4a7d91a8d025f0312f058ac99ab1f0

SHA256
cc2082367202f7cda363a89b17b70cb5d78d2c50a355bf5b17b3d884b60b3d1f

SHA512
75bd8c379c7725a4455bdfd3892dcb9ee199a5c079295d5e5d2052b46317d0babec4075c1f4fe70617f62c05b8781072c6a29e1e2e2726b4215cb4f2cde77530

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
bb1f6c12c1b2434ce4bffcc43ef48ef7

SHA1
42553ddb2787b7ce48b755450668bf0a72f36fb4

SHA256
f7ff32b15048bf384c749c3416c644b983d47ad4c2e8d3ac593e7d9ccec33e1c

SHA512
f9854da7edb2df0353f1d47708b7cccf25d74cbedc706daf85010895e5a8cb6ed1e59fc7bbd8666044c2b2b964d0cadd35ef64af879ade50f72f1dd3c44f1e78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f6f7161f257e1e500c686032b2d04806

SHA1
3767809b8e6d6dfd0580bf319fdb6cb95f433262

SHA256
47e903a111087cdbe8fdf305cb57a477d77e9c6c06a51652925350140a6b7101

SHA512
a60a6b21f6ea8c5ae97eee2c6f019a4398e33ccac01705eb524a2a77aa182a587869922837bd39cd3580f6fb55a1acfddce9638ff00414532c5a2514f10e0892

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
3afe8ac25245c9638585b4167fa458f2

SHA1
b74a2cf5e857e3a26a1a2ea0c35916a2059d5b79

SHA256
ff69e24c58bd288d1ce398342dd378b52dd133a5520e59328db080329652b356

SHA512
4ce730b4deeadd9a231836d9a4b5d9359a723d894b756bc160f8b4ecd1c9aa6c4e1a1a9667549a8b5ffb105820439c9d9e6364252b179ed88bf3a305133c39d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
7f3542774ea161676335f44898a6b002

SHA1
f890f159d1edbf97821f285ace281fccb29a3520

SHA256
dc4a57b4e4776ff5e556d370b3f269c58f237d6e0fb234af3c52b2259848e29f

SHA512
fa1b904249e1a87cade76ea483a2655a1aad6331dc1cf39fd418f4e286468b52331e14de7ea5ef50780177272afec3d5bff8f46df38220c26f33c0e3588c4f6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
ddb5ad9ac9339ae27206399e84edc548

SHA1
af7bbda0f881d9389ac353cdd0a8ea40f7bffe29

SHA256
dbe4dcb38b98610da6ef814f164492b5bfdeaa59221cd23189db27ef68aa4666

SHA512
5f36ae5bfc365acc0979b400749d41fe8fa94185fd70899e2025cf064add8cd45518783ea6b5c9c417d7bf888372db4bfd95e2b492df98354771b92c41c4d154

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
bc8b313270fadb266f061116b8b4f0ba

SHA1
faba7724c5a7b6e84c419e07c018ee09951d5825

SHA256
6d0e2d9241ae83bc92fdc18b1fe6c70203baff069ff1fb47cce8fbaedf4f5cbd

SHA512
dc26887efa9d284b65ae54299bdc6047c78ca4d26cec9c313fd9cdf21d50baa86cd9d14c1650f61c87d537b685fcb50dc22ec5cea7baaf5409eb272f1b65e045

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
03875e4bbeba7112d88d392239b4d039

SHA1
721566de9f75f7fbc2d3bec7b98ae3ab174dd4ea

SHA256
5dddc5d1c5bb5f2c75665e2862ba0220e30307c27c9d506a38490897cf87736c

SHA512
88c442f2b908136d91ee4daec6c095deaf296c775f2a7b1693b316dca38cac73d67343a849fb9b7b3f391c87ad0edf15ed58c3ce40afbf19007d2e577de18098

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
9e0eff49769a3036e53d176bab85f390

SHA1
5149d675a83c1f31f0df1dcae5d6c89ffb4f8a6e

SHA256
8bc6c7416dd4fc3a1e9fbed780dd4cfa29b0dab69f4a87b404ddb2f6edf12405

SHA512
0eeff75253dfaa116eb0baa31abde9285afc43f786b822150ae18ac61ea0920a6cefe87643a2abb4fe41ecbcc6f49831d6dd98ef6cd23dacbe4d54fecaf57935

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
904KB

MD5
e26000dba8f52a56600e5c5436a50a19

SHA1
0a95842bfce35f13aa529c0d5111822de72d7bbf

SHA256
038e206e0798a10e79bc4c27228038874a5551a4537617c21fd6065ed0f8d760

SHA512
0634e152aa93eee78e927fa63b37fcfe2ca91e71794d36cac3067bb2269afbf888b53f57dc4bd999048e8209283d40c2dd868a0de4b54081edce7f154a5f74a4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe
Filesize
1.1MB

MD5
a98ffffd7f804e4f9d9faba4d726d0f4

SHA1
556ee6aadbf236845783b4aecb2263fa70d59c02

SHA256
964e692982176be762e62f3120b0b3f0bbd9c995c45a155eb409cb0d02295d57

SHA512
d32ad4f5eca93e5b369bdc76641e17b7a0d91a62876e3df95255c6b9ca29687a850618d9741f6dfa752b07f10e433d223c1e229c284a60c38d205086f1e7c42e

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe
Filesize
1.1MB

MD5
72f15dce2fb58c6bb1a9abb63a38e456

SHA1
e1ae8b2bc824aee591cd16a10d1506651b9d2144

SHA256
793c32d6660a388f837206d748cd633275ea1bf9ca2d9919f7994bdcef578cbb

SHA512
f841b6b0327eaa513abcc3a715a3111566fa0c4c04e72f1213f443f1f75439858a64ae86c1bf5cd0e3ec8c58bcf845071d1c7561f85ce5e1cb02502597c43c5c

Download Submit
memory/1560-7-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/1560-6-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1560-60-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1620-55-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1620-54-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1620-0-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1620-1-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download