b244a7ceb423e9bb387b27289b67d6e6a75cbbebf455de16d6d745caa040561f

Analysis

max time kernel
146s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
Size

11.0MB
MD5

ab99ec54288b827051a58ce498b5c53c
SHA1

9f80b7e76f4314eab482e95042dd8ad2f4c0bcb5
SHA256

b244a7ceb423e9bb387b27289b67d6e6a75cbbebf455de16d6d745caa040561f
SHA512

39280818b7dd94f2336747087ffa6c1e9ecd5b0910581be165b9c30d600326211b4ca701b8ca14a32c289c04f16799fd4cd148f4fea1e5f9db274e356d7d81ad
SSDEEP

98304:iE20IMzKpXOMGsIMzKpXOMGQ5IMzKpXOMGQTIMzKpXOMe:in0I2l6I2ly5I2lyTI2lN

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3124	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\O:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\B:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\H:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\Z:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\A:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\J:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\Q:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\K:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\N:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\U:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\R:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\S:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\V:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\W:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\E:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\L:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\M:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\Y:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\G:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\I:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\T:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\P:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\X:	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File opened for modification	F:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	HelpMe.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HelpMe.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3124	HelpMe.exe
3124	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 3124	2152	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe	84
PID 2152 wrote to memory of 3124	2152	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe	84
PID 2152 wrote to memory of 3124	2152	ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ab99ec54288b827051a58ce498b5c53c_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.exe

Filesize
11.0MB

MD5
75453d44f6ba987cfc89eed938c55d1a

SHA1
fa946261e409e681a04c76ec787c86faead8afcc

SHA256
dc69335b6d507021bea63b50fdd450d8d296937fce46c9d475f450042ec4c64a

SHA512
fddf21131839d5ccbbdab7f0286d32be644c007fd8e2050886060f16ab3dc2a3994f6321c56ddee8841af82c42ec735f4dd723c5ab32b8217aae86c13a93d99c

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe

Filesize
11.8MB

MD5
6ec3932971cb4a1703cf665c183d7640

SHA1
109c4e88b7256cd1306759617fd271c0b8d22762

SHA256
a9c6a6798963505367a7722b716462e276179972f4f5748ae7ad0589507fef6b

SHA512
af1c86dd2f3071a9f763ac83d78cf62d0576129135daf6f2c55826c83bd3c4b118d50c424b6da1aeb2ab8a589471109c58629cddb0d1b17b2adb860d2fecbf58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3b8b573d634eadcc2ace995e47304d5a

SHA1
45f769853a9f2102df68c24fc882a3687468fd79

SHA256
452b7148c4ccf73b5c632b65ff5a721700f9ece624cb8e662e8387ae5a3eed4a

SHA512
9c49e0dba150b949cdf3a459db9f39d37dff3efa4e0df9587d56c5dcaa8da6cbf7bfdca6af613ea6e5911233faa3e42577052d66ef14b175f75da76678fb28ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
6684233cf6d4b24d6fa9361b257e0a47

SHA1
d9425cc18f251d946969907855e6d668ac256a18

SHA256
40fb75df14192cdd647f76d63aafef83f8cb3a2ca740c30884fddbe156ef2fec

SHA512
fcb60ffa6bad4cf25c1cd329e3b5106baf3099db89719189cf141c8fb01ff9c6d4c288aa9ed6cdbd3def88519d3cda1f09e1b2e410897ac829aacd1c3bc47d98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
08edd55ded8d4d293887a912e695fb08

SHA1
a6edd3a406cf18945b3ee09d68ff56afc9d19436

SHA256
89d4468d758cbc5c710d09623e2adab1f0595b968142cf9c46336c92cdde32c4

SHA512
ea81512a07afa8c20bf05807359d04b91528746c05ecd4c53b2248f2911392a2445c2132dc709418a206c1102c7fa993bc72afe60c28b80ca23b1b9ea085acb3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0b72eace6a6def4b8903a75afa633edd

SHA1
5b5eda681b2134d73630cc53521686a8e2d00867

SHA256
f62aaa125e748dc7da28717fb40d0c31d2b05c216164f0882f531aa4a7260baf

SHA512
475f3f6ac8ce01a2c476d11cf051b23ab3cfeec5c2b8c07fee1c62db83110cf9a323160f1166457198df071141630ecc185a6a4aff5ff5d60ef7b879f4521f09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cc3ae0c57057e633df0ee3b613629a8e

SHA1
9a1f209859fbebba08eba02e9737dc761fd08abc

SHA256
9c788210b09c5401dd4723ffc0af5175bb231b26b6694debb3d9e8bbea873171

SHA512
b2538a48bf25c808d5df59c2527d91441e6517597b489cdeccea6b06e4dff3c6da2844d67ec969b7d273d9ca0f841159ae07f5c15c1bf712c8c041bfa1b45bab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
190330de0eb0c0a94d2d1b0e2fe316a0

SHA1
ff5df88172b5c619891ebca59b37600a9d7b24d7

SHA256
691b3e9a3abacfa829a0f0143ca7f480c8d447202552a7541ef2a321810db7c5

SHA512
95ce2aec6e3fbd7c5103880b91c7eace71602d530f7cc334e58ba1e1c5258460c96e4f6a78c9956a3bf261a8358a098bbd51e1fe72eb11e8624e404ce04b720a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3c04e9a67fdab7b8699fc2441fdd2665

SHA1
95427492aea5650ebe3b95212cf105217cc3b2cb

SHA256
85823f6b86fcaadff53793d780e71676faef5f23df143520d46b470435f27a1e

SHA512
43c928c961c8cfb8ddb170113bac5869d3fc805d37af8dce0f488a6465f742426903ac79dfffaf5f462d75b89e14d7bbcd2f5487eb64b612025c1f9ea16a36b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
195b12f0bff5537c1ab8cccb33a101ef

SHA1
0ced2571561ccf517ffb1de1f8c92544da2accce

SHA256
ab797d2e35430fd01ead3b602ae0469898c3143d685c99405e2aac15ecec3923

SHA512
84d10d57484212c5ac778aa93863c223a4fe2a0fb104c53839da65f6b9f1f5f01e31bd595125e0ff2d0d612ecbf4130616d32f0dc4442cb6a17dbe6a130911c0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b67cd94cffbf95a8a824b60e9f841051

SHA1
612c9a278e1a26e2ab6cdefee7aa41b9e61c4e58

SHA256
7ef10b8ce6cc28ea8b5bbb86fefa6712b77e01453eb9297ecc5ff008cf12ee1f

SHA512
361a08c0957491e710eb781055b8b3836accd07a5f13bbb1d4f24f2754d75b9f826df9d1feaade105da1c2d56c6d35244180e0073e92feda9b00ade8a06d3a0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
54e72f83e3af1e1dd5a12fd437c3b050

SHA1
e40beb2f9359cbfc0e906e7a817d134d143cd237

SHA256
d0308d17a651d45f7f8b889389b1667e1628ea2aa997324e54b29b3c7d204e82

SHA512
16d78120f57124ccc2ba48ccf1887d51cc444702b9afcad64fb607a391377a86ba58366c517339189666940bd64e938e03c47a070dff63d1e9b9353ffe218cd4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b60c6a1bb666ec34bfdf275ec50b6304

SHA1
51ff6d725297527e6618dbc9070136f6c7cef16f

SHA256
6b07f738a6e7c4d0adfbdee9ca25a3ca50b2bb7e50f2efc343dca1e198cf452e

SHA512
88629880b30fa9eb5c606157d99efdf4aebaa57e9eb4106b22faf329e4f050f027425999b0b30b6eab094a3c652cafc09efadb2a927f17732b6711731fdee371

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
aad4a6ebe34c5bbcc22c511b0bd9eac0

SHA1
65d91c18c12b52d975fb28ae16bc35f758ccf77f

SHA256
c637bc988c87538f727a753c50b1235cd3f9dffd5fdf8e6b8b5711fe20a3bf56

SHA512
53d7c5c77a5f775134e13570947cf7f5b2f733845e9079f5775fba6cf557c7372cf659a04c92ca8d47bb7db9d26a11a6583ffbf8f8d1304e2033f453fbcef73b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6cbb28a4a0927b4b976b9a571c4bc734

SHA1
7a0861c7a96e8548f19bc897f2157cec5fde1329

SHA256
2ec766b2f9d6a94abf69131d5e3e8802eb7c1e60a4cbd56b44a566ae90d767a8

SHA512
6e261b59ba5641b04514d73a246510f84adb9915966e83c6dcb4e353fb6d6559b595393335f37aa9adcede88439bf4b3f8f82931af430377af0000b6b36b9b00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
1fcda41b22c464f0d163e18419bda220

SHA1
7aad0442facdc4369aa73a1ed3ab13d6449d3dc4

SHA256
149342b759ce393687cba446585b850e9eb8d8d83a29a040d854f597351ee27d

SHA512
cc57d78914f7f5b6f26000fba9402761518d3403883b3634c26a873122d073109878d32ee10d6f40107badb4dcab09f18b5009abe03dd17a0fc61a457605f478

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b545f6abb7c9bbac68c46b6335ead099

SHA1
edd86678c1647f103c600f47e5fb47fd015fdb18

SHA256
8017ac937b174c40fcd7c24875e5519a75f1e89ccf642593866744767625f09c

SHA512
0f72cc49a54a74bfaba691fe7a132ecdacefc6ce043473a8d498ab66be7906d1139f2cac1a0630ee04f4661d8500dce883dc112c06e7a6174a47650cc9876b80

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a5b68a6eeaef0d7842e5cec5e2fcaf38

SHA1
f8a82531a9c96aa85c6349d8797a58d472df13f3

SHA256
5397a9185ce741aa7b19ebd0d484c2ee1d6b6f017148a7d3d79e2fff45568259

SHA512
4d64440d0cd302f65dcc3cfcdd98fb8ed576bd2ed9867d46186bd4b37d979d77ed61d367d579279aeaa6a38f9d60a4d02510e7799bd5f03bf5cff4b275c582c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
545ce750fc2ed934c4594771ba45da1d

SHA1
817b9edfad0bd2542b40248fb6b19e23112bb971

SHA256
58b20379e5dfddeef98ebcc2b987339e132b8eccfb8819fe3a97af5274999798

SHA512
cc8305052acf00f98ff4280394098296d4f9fca88e52bd89b78a07564f75b0ce90640c2f433567bd4ebce56acb327e660f92a54aa212844d2c8e2ee6ee164435

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
741287f6d801971d826ceed4abb830d9

SHA1
fa8a46997db898de9c00bec745d5d5f2f6f2d972

SHA256
d96a020205bd8e60af6497d8084374a2d951b955e2ba97744667ba5fe8446b2c

SHA512
816e0804b22fb1af79243716980c533087f41ff8cc4751d4e5f4eeadf206cbe8107e981e6f9648ab9327e1b02093a90abf5d09b13d4f5cc4ccd9cefb48cce5cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
537c33e5c3795affd970cf7a424e7ecd

SHA1
cd74b879ce3f1ef94d4b1a6a816eaa91aad51112

SHA256
5d7ffbdf81cb5e3483f2f3440bfaa074ea356f936063064a065877e0751b9f1d

SHA512
3594734a83ccc1de6b86908e390532f4a8062341078799b63ecf9355c56f7a1681ccee4953c1eddaebf0262f6551c867b87808c931e97727c4844a7a1ceb02d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
ddef39a67ca43af79e1514eb9e809233

SHA1
a892ea74f655dc0089c79de06501598db814a6aa

SHA256
2235196c69a250e4a39498d1831f3375aa6957fc7b9571a60fbf7e239a2fee50

SHA512
6165e3a6d2d3b979b3e904ecf63391ac2819fed618dbdab86706f376d006ede304f672e6dabaa5aed46cbd74e134626ed0d80b257938764dfa4869fef4740c07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ee6c1eafae92a44251aca83f99b7858d

SHA1
f6f082dd68c014b37b23f42a480f6a209fe1e5e3

SHA256
e781ef5bfa09f997f5b1c6bd4c36984daafde3a6921806f4c39a076cddd84a9b

SHA512
a9b7e55b8e32a0d48e27b9b7b4ead7965865b362289734088b096098714fbec1fe3c682e4942d7aced97e96b9c1cf1c9be64a48dc3bc2fb39e2da4e41c8eb7ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
4d049a38a94f0e746c2ebdb38dc258a0

SHA1
22c53ecf435b29cfda848df1e3cdb264ef0040bc

SHA256
17da1548fe3087047898fc037750ab5bec048e27f6ed45a2b1262a5524f6c002

SHA512
7cc5bdf5d09168f123372fa87b365e088dfcb69c0db5ba1ef4dc4b02466d76379f38b1e4d72a459ec8c84d4b710db44d1eaa0881c8437957cec85bb26b937219

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
212eb982835acb7e13ff9baa06e302b7

SHA1
d17374b0137478328b5961fff61abb0a6f19f1c8

SHA256
f5e8fa58f6221ec07a163d5764f700570d660f507bb957dbe8b38b5f6aefc0ef

SHA512
aa1a835fb6d3fcd8e4feabc219d95c36f9f749207427991342b46a211b9544ef4b0d69f8ba4772b6d5a93971edb2049f5e5828796321c5b71745f25c25790818

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
5dd8fa06a5bb3f81eb6204085ec87de0

SHA1
e43905a67d65d448ac1e43a93dde51ce36bb5ca9

SHA256
0190f9e0a371b339e69be2115d98d1082a0d48390ac39c82ddc21897ec17beb8

SHA512
49b3ef6cf681db803463f5d7de617601c83ef362381a3daa6805fe69dac384a5c570335e731cf5ba451310b2fa4c150f806dde4100fbea23eb30516a8f60fff3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2bf35b3032f613fb19895f5942eb2f1a

SHA1
f63593b4bc868976be85209481f48657dce7bfc6

SHA256
7069723e78de48a2569488d318aeccff035bc78f108bd9d74c1df052c44b01ab

SHA512
f58f6aa57a8c41bc5f50d91a0fdcf844214d696aec1fbbadac9ca167591c50b2ba9edc2a6814dcd41426670238b572dd0e487cf0777619738590d8afd5765df6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
6327474c02add481af0f7a734301f5dc

SHA1
4939fc1a22706e6d8c400f41847d61a4be2f6308

SHA256
3575216e41e2cdcc8f093d3f87b4b4c4f644cfbd7cc72bd95645ea8ecec53926

SHA512
4545bf3f85c5ce7adf1657ce2deb20ae49effa68c129dfaf711a1c3d7c6c4e4df2af6a9ee9712f77f288b71032f7455ed6f0670ac16b3bd6f7871d0fa10476e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6919f590085cb5a4b8ecc51c71b5fd2e

SHA1
764b1e1d639b0db3e52ff81a6064d68c7a782822

SHA256
f794700652b62b2364d5a841701c28a167d21a76e4775081ce6b83360db61ba9

SHA512
9c9e430c1e49e5651c0c8f1a84a9633f8c85954eb3662034d55d9e8a26e931fbe8c33cf5140575e3c171a0c84157c12ef281a81ca500b0163f899b5559b37444

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
dc892eb04afb6fb29be2850dbef40d6f

SHA1
8c0a74f4f9c1a83c858c415524b5cd4b496dc63d

SHA256
0568f48dc6f74bd77a33a87dca1c46f20d54ae8375f3e90cbee6984772af0100

SHA512
375a12b32b92c657fc982dd74c5a5fd4f4dafaaa20b8b781376b0e05b6cec7b866a48eebe31c69f980ca1544b6e2eca6667da7c3fc3086f6d4cac56ac3b3d6d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7168f4acb3c5f27ff7951aa7b77d87ba

SHA1
1f6653cbce006e99896c2ff4b911627ec0882b32

SHA256
78e37cd997dab6fbe426faed4929985a0d1ffe66287eb4de4cd33cc7667ed185

SHA512
cb8d7303f1e7430ed193da4831824c479f995dc6c07fa91e1f7ba54e4de02e0843be9e8bf5bb691fce8301c4e731e2d5897f7baf3183bf92feeb576132e02ffe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
443c13c3774c6f0d2cb5268ce3d0fd36

SHA1
3c4b07048a4d2d8abe48699cf69f233d2beef220

SHA256
8aac70ba5b98c3e808517b205261b3c220cdd24ff4d32b0ee04899f931445a53

SHA512
b271325b2b42747e45110460ae885089fa1222302c68e1704ce7d4249cb6a0893a9f2f90658778e96a7560ac89ad503c29eea58ba22e2825a4168519d14a5fa6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d8529510f7ed352052ef8a762a1c7a28

SHA1
f8acf2e259a977f41001582f2f0ae03dd08e1915

SHA256
d92cc303abd724142639e1699a279bd2191988b50830aab5fcdb57304ac687ec

SHA512
743abbe53ca726d2b8c37af7fdc44c8345700580ed097c9e7859b8212837c3e6029e485f1fe1222597abd6f0d0b5e070afb5a3f499a8e6e4c8bd0fd64b0d47c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
25b8991d79e3b6d1bc4e45a12ea93b6f

SHA1
efb7c87774053dd24ecc5ea6e217e09138f1d003

SHA256
e2448a0e068c8fa1af71bdea0c43262dc8c164a2e04448c474bd69c72d80d8af

SHA512
2b279f3d98f9bbdd016b9eea10cd6fc9681a8d22067e8662fece94fa7b27e8f66d4fd9222c98692aac0f2133aa9ec3fc1c866ed62f89096f90bdbd46fef2d8a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
83d7b4333a182d77e3e5ed4f4772ef88

SHA1
5a8c8552eb410e579b652fed61dc0e4593d99d31

SHA256
161b29cf730db42612b95d54fa91d3a4f431b285955e366023a405877707d434

SHA512
86e5140f1c08796e9e3f21ab2fd0022d09dc3466dba25cdc8a4e534c39345c7430998c86655275d96012378bbddfa8ef4ab69715b9ff38cb69e321d2f4a06ece

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0282f3ba6bda77dd82966ce2621db015

SHA1
05eabbb42ac8177487e38970498c3cb7c35bab86

SHA256
dea00eb30bb16d5fa0ddd88f39df1ad13e4225a722b099a73fb0f194a73b5362

SHA512
5b5692039d2f13a0ab22bc7ec63ff377ce4fc8382a687e1ea759d0a8f0308e5c22df5ae4bfbfaede1d6d954d2107fd71055a4554803a7d3a0c8ed0e0cac4064b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
cf625a4ea35566b937c5c840f72a01c9

SHA1
f1ea3d71f2b8ce8a9c876c0a192a4d1be22e0266

SHA256
0c8c2a86e6304e3c920caa03f8b8155f9f820436dbfd9a72fb420e79b143fa96

SHA512
c0bfcef4f92285e666222522b931fc23bc71bee0fe101380da22de6bfec30ff9330146051563581e99d082569416b454deb9910b4a2df4ce16a104d4a625d14d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
3ef8665446d552db3a285a445a66ba22

SHA1
3571653ee338e5d17519b4b3f1cf6ff72cf631c5

SHA256
8b680d3d188025e99a18821886f96fc4653ea37e8632f771e6fad2b440173d59

SHA512
ef25b88707ea48f7d0244c0ad29acce9f4fb05d03d306e4d6c46b35fef7e9029df73f558e8d0efa0583a0f0a124dd8bdce77677f0b2d8a851ec37e5e0f6bb73e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
7a72c2b6b7813d9017c7b8e0121cc011

SHA1
78314ac175296f47c12363a04d30ca646b4f547e

SHA256
7a1efa0f92628ffee3b0ad78b0a5e3f2666b3804b6b83ba177d8041605f43d37

SHA512
e2207756ae30ff8d696cc755b8a7337c270f8fe544b6c6c3542bf3b3b3851ec932c0e27ba77b43d2831723b3b06b8065bf9a8237f8c4b0a31562847ca44de791

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
24028bd904aae494b5ad2fa711df3516

SHA1
508ec92b8a14fadf579c55da28a0d049ae05594e

SHA256
a15855a6250ae7c1420d993b9983f3048f18d16f6f5f9723e1fb9c9cb3df5105

SHA512
00471a9f72bd4b56987dd1af5025dc7637a1436766f6217c1e93e5d932c3cf2afaf354c5d9f57e266a45eae9e6ae72aec9e0277bad255dfa07006d0e8555166c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
4f3b06e23faff9ed3f21145f8a3e211e

SHA1
6216309f1629bcc0ee97d37f8fbeda65487c5843

SHA256
107b378718e1f665df5cd83736ffbac890b6a073e47c112830b84469d0ce2820

SHA512
dfb08d7185f6ead8a5bf8032529a92b1d438982707984a3f2850c3169a000d4d9059c0fb11427f998f999be0b2a70b84e0ba55f56e4e4e91359db647a9afb383

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9836de01625a9b40b5e53e603b41b408

SHA1
46bf70ad08c7b00cf57198e864329d237263229a

SHA256
2230c50096f587e806819c1c928a6cc86c68d3850bd7e9350e0b41d462122410

SHA512
973c17af12923b60b2a02216d7495809e87c93867fd89ebcaea0444267dfdb7ecaa8e880ad6955fed16916069e381b44af87e37a9b4afe093c61fd6beba752d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a6c2267aeabe6dbd57454788d3744b4b

SHA1
92ddd68d5ccd591c3765f64a3e13f3ee1efc3c1c

SHA256
740596201170218983a1b3fa55b8643a393df1f51ae055175aff3f973dacb334

SHA512
8030a911ff38ef13d4d8a6190d86ade7a017bfffc6e547b60b35dd31d07baca105ca94a648d1d46822d00ff2cb83510c62ef9d783fe98b39b3421864cc26d7f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9bee6d562d03c1c1dc706a7ccda66fed

SHA1
0a87d2b912d03c327739f40d5db9825feb26cd14

SHA256
8cbc763ac3fcdd1b5088b66f4d73db5966e41e1bf1c901640d23e5770a84af3f

SHA512
961c5e7f9109dc2584ccfcfa0d82124e8cc8b3f3c2a8ac7f1887b8465044d409fcef36e2e267514ef843654044986c68b2be8e7e5fd76e4a5840fa4961ac6f54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7f3eaa1205d8fbdc6c85a6a39ea9b44d

SHA1
3026dd2316c0de72b7b587f75cc8af8c358ede24

SHA256
c777114be4479592b428c7c02b727db9f86d21526f754758041486e66ce18fd6

SHA512
a1f8b0cb0b7453cb3a0dbc3cc02db4f5e970a009997d4f5756fa1d1e7898cbb479d7acb3cb5b9b3344c7d2bb51712e8107bbc6cd371aefa3a89cdb08b41fb344

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d85bc481aa9385ada57c6f526ac54206

SHA1
b886850eb9d339c2560bf4367476bbba60087e06

SHA256
ed9c363a189b94022428fdd8b42169560c76902117b778f804e3d9d377a16ec4

SHA512
54c3ddbce888f1491b986fd40dd60c18e992d1b221a338b33b1a0257915544b9cb45723fc5c979c917ef07b968edd01bf859f415888db1a2c87deddc07a841e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
1836a984927b3bfbd7488aa0639a95ee

SHA1
de675fd9df9fc2d37221e940f31a0224979747c8

SHA256
f1b990defbbf47c46c59be2e91481551c3fe8237320a8fd0e132d8b7b508c01c

SHA512
690cd42b1047348ee1d9e5aa115f18c3d938599a370f6872a717129775733312fa9a2b0d12ac845b6f10e43ed91084ab781949358e313176439af89b92211d64

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
af34cf50da0ff77d9ebab18f79cf4864

SHA1
4aba4e503b6d31c74e1a179bf2073c967459ca49

SHA256
3a9276966986f3917dbadf7e876477df257d0acf0ee484c058277f79fe30bd67

SHA512
e174d74a8f494ffac45561f3c46432cd6214feef12f77861a3b0eaf30fb6a6981735421094db05dfe018b7ad165c972b5dc1852ea94efe13d43dff88ee30f8d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
7554c6c2b677595931e4af913fda6fb0

SHA1
be647e15b4e0d747d5655880b927d08b2ef8249f

SHA256
f2da038f4005f6adc20090a2d0653e1724c22fffa7cb91ef22894aa2837ae07d

SHA512
c52fe5628b49b7b11cc7f29e9cfa88d5505af13761ac9e1661924918a1fc941d7b355e5cd25658dfa30cee6ffc8cac34729eb39732c96828db01fa645b7a6ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
a957cd778ea0e791b99004c060165f33

SHA1
681d759bda5349fe18262a167259d516abf2eeff

SHA256
01771aee0797a10045fb33c1533a149f44e8e8568b4be1661f2df99cbe95944e

SHA512
131c831d5be360fb278f2c7e00e9c705e1dffb38b345018e65b492f533bffa1cb9d0d530a17d3d7bdafff0e2b9957884406865fc7eb6aba1cef3579d955c538a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2a4af9f8f3228dbcf6e31feea1ada89d

SHA1
e8f0ea9794218628fac3c49078798573592d8957

SHA256
7d85f1b3e23706e1fbf100582784e186d0dedba6c7c60e31382ea33be010d3c1

SHA512
07ee2de85131cc0801ee25af8dd90e714be4d716b7f321491418135a39b82ca5f95df8202e13eb5e9c1755d00f90695373fa8f31529a09a331a10913b07731ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
287723e17baf38fbac9438a93b0c1cc8

SHA1
97eb6856cfdb9f4e8deeab1c1dc5c43827683dce

SHA256
f07396371a76e63a1523ee3847671d57a275fdea7ee28cc10e69a769c42b5ddb

SHA512
2579853358ebc66b86d48fd12d0ce122a8d6e7acab74206699ab093fdd0221934380213db3a8b887b5c8b9ae44a84e03fa90a4c4cc3b83a14e2dcfcac0ca65f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
aeba3ce631a3adc805d6bdaa89b63245

SHA1
4564bd3cb21a5b49a9a228f2fbfb0ca241ae7b87

SHA256
f5c166ec8e92560edda4d3b8f44db78d846ed9d2e1b29bab4d3241ad1d8c1773

SHA512
01b190c888d89272e9497d1a9ce4ebf04e47d55ba9f8afa61c04c73e3516d3aa43c9c6f53d58dc47c2b19b0f663299777244801fcb1e559af063b3d6e025af69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
5ad2a615675d55bdf9cda8d99210257c

SHA1
32d21decb791b30fe654143978d767392de7455f

SHA256
f7e8daa290aae102b7299ae5e60a774309f8d18535c25b81dfd1da8e26a4acba

SHA512
d169eb017fd7b6861f7002d32bedc5e159fde2182cd14196043d9eba5b14c10bd0e1716c2deb5908019198115f2fdaee974e5b1d7d67f3ba41495cc2667f1ee9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
f665869b8f3f4c7470f002c9bea0a6a6

SHA1
33ee881ec73582095b938b288dc2f93601f1ec09

SHA256
0c4b3f0dfa3334894218a16ebb8de8bb4387c040b29f059d55c5cbd87b3954a0

SHA512
40ff0a986a0a244f4f27db7efb814d9a5f89c78a98cb35e36e7ec7e68edac735b41bcb604204aa4290072004cb6b3b1c5695a262c3d77ced31d001fee2360f0f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
149a54127f2003f519799af1db26cdf8

SHA1
a4ab11c910d61f9299ff668180f6e9ba3a23c3a1

SHA256
23500793a3a49541bdbc8a2d2f07fea2acc78a3852e3732496552ab88c45aa9b

SHA512
63bd4290d5415b1fe612ab8211191c54b1fb14eb678ea12a20705872ae8b8715bc2506c583bf38d11be40578b2b8a7b9bd8dca5ed935c1b83ae48ffab5b12691

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
bd9635b7d8fa6b2df6f48a83d148eeac

SHA1
f7054131ccb186627b028c03562dcd7f0908bf8f

SHA256
8a6ed71bd21488535fbd5ffe2878919397bc907b71975a34ce783883f1c3a7e0

SHA512
5491a2a63dbc990d10ae5b996a548cd6bf752f01eb09a68856246048eb4b2a7ce89415d62ef2b205cf392fdd349901283a454139c4c69e610955bac1506189a2

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
11.0MB

MD5
459488a3add8fef6083f0b70a11f68d4

SHA1
e14d8da908b461f68fb97aded3ceaf98dbebbe91

SHA256
9c68406e635c147148d2f5a0373141506bc9fba75dec6e6f3bfc6c4dd788cb8a

SHA512
6dc2467d9918fca9db85266de6d33bdf87a504b2a9909f5cf6f20db0b95c7aedcda1e4599640d7e283ecb64306278c3b16d1b4aaab48a7a91ca377c70f2565f3

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
11.0MB

MD5
ab99ec54288b827051a58ce498b5c53c

SHA1
9f80b7e76f4314eab482e95042dd8ad2f4c0bcb5

SHA256
b244a7ceb423e9bb387b27289b67d6e6a75cbbebf455de16d6d745caa040561f

SHA512
39280818b7dd94f2336747087ffa6c1e9ecd5b0910581be165b9c30d600326211b4ca701b8ca14a32c289c04f16799fd4cd148f4fea1e5f9db274e356d7d81ad

Download Submit
memory/2152-49-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2152-0-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3124-5-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download