Malware Analysis Report

2025-08-05 21:22

Sample ID 240305-fylk4sfc2x
Target b3e12127b76ce34e00b09e1afc4360c2
SHA256 41e253056520087685c68a854acd8a18f0a4fe13182a0c7e2030470545adc927
Tags
aspackv2 persistence ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

41e253056520087685c68a854acd8a18f0a4fe13182a0c7e2030470545adc927

Threat Level: Known bad

The file b3e12127b76ce34e00b09e1afc4360c2 was found to be: Known bad.

Malicious Activity Summary

aspackv2 persistence ransomware

Modifies WinLogon for persistence

Renames multiple (2314) files with added filename extension

Renames multiple (91) files with added filename extension

Drops startup file

Loads dropped DLL

ASPack v2.12-2.42

Executes dropped EXE

Enumerates connected drives

Drops autorun.inf file

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-05 05:16

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-05 05:16

Reported

2024-03-05 05:19

Platform

win7-20240221-en

Max time kernel

146s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe" C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe" C:\Windows\SysWOW64\HelpMe.exe N/A

Renames multiple (91) files with added filename extension

ransomware

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk C:\Windows\SysWOW64\HelpMe.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\HelpMe.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\HelpMe.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification F:\AUTORUN.INF C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened for modification C:\AUTORUN.INF C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened for modification F:\AUTORUN.INF C:\Windows\SysWOW64\HelpMe.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\HelpMe.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Windows\SysWOW64\HelpMe.exe C:\Windows\SysWOW64\HelpMe.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe

"C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe"

C:\Windows\SysWOW64\HelpMe.exe

C:\Windows\system32\HelpMe.exe

Network

N/A

Files

memory/2072-1-0x0000000000220000-0x0000000000221000-memory.dmp

\Windows\SysWOW64\HelpMe.exe

MD5 fe4a5b4dc878b26bc53841ea105ab102
SHA1 a4f55846d83290e45c8d05007d96d16ff1df02cd
SHA256 7dc17b8cdb35e0d5b18b07fb3530b0fceadf5cf245de5343169d1cd6689af283
SHA512 ce6e264b5f87f55a9f22113ed97fc880ae6e20f82949da21a81bf79f1914a2eda601440040b16659177c9d49f9cfa846e9319b8c7c0cffc7312edcf21b2f7d14

memory/2024-10-0x00000000002E0000-0x00000000002E1000-memory.dmp

F:\AUTORUN.INF

MD5 ca13857b2fd3895a39f09d9dde3cca97
SHA1 8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0
SHA256 cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae
SHA512 55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.exe

MD5 50f01016c2063e14d12fd4827109ce2c
SHA1 779bb70ec3d028f4dc14c5a820774c4055496d72
SHA256 b8dd33fe46fd5799929182a5782fd196de237ae480ec518ffc9b72bd76a5475a
SHA512 443f7af96fa30e409f101a52732ed5adc862bbe0f5288c83d6a0855acd00d1e4641b30f3d03353477934f484493659d8bfe8d54888601e943b21b9acc0956b0b

F:\AutoRun.exe

MD5 b3e12127b76ce34e00b09e1afc4360c2
SHA1 9c90473a5cf95c8bc30390f593ffaa95a617301c
SHA256 41e253056520087685c68a854acd8a18f0a4fe13182a0c7e2030470545adc927
SHA512 cd62026164ddd579e09a8a38b374c4e233b1f38ca8a1d4bd111bb5aa26487a5e40d77e8dbe1d0113a478772cfe305d2d7a5e77beaaa227c564a93f3d92e0cb03

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 6a1e3ca8bcf242ebcbdba9f1f22d57a8
SHA1 79bfc567f9a91202d32f307f17f7fc283c7c21c3
SHA256 f5f73b1e4dde8952dcbcf72524e4ecf66e113e1b24ee8b678e8c1cc0698266cd
SHA512 b556ace6f6af3fddcf2370d0da0db64be99f2925f90e1e44308d9a18464b5cbb657fc31b6d779b70022d9a07c1820c0733271bf1a0ef23928b73dc12234356ab

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 794ac7aa1f221149c21262dc9dae5009
SHA1 39426073556bbc56d2e9dab663f4a66e249562c6
SHA256 41638c0cacd761a8bd4fc53a2da6dad132d3a8b5a6a08c5dc40dae46bcd94e29
SHA512 89279297a3f2db44ed7a5aa5d118b3b649c90a869333dbf201fbd7023ec9ea82b512a14e1d8c3948f5413c2084c8441a77270432ecdb0849666efd13822f3a62

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-05 05:16

Reported

2024-03-05 05:19

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe" C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe" C:\Windows\SysWOW64\HelpMe.exe N/A

Renames multiple (2314) files with added filename extension

ransomware

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk C:\Windows\SysWOW64\HelpMe.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\HelpMe.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\HelpMe.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification F:\AUTORUN.INF C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened for modification C:\AUTORUN.INF C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File opened for modification F:\AUTORUN.INF C:\Windows\SysWOW64\HelpMe.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\HelpMe.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Windows\SysWOW64\HelpMe.exe C:\Windows\SysWOW64\HelpMe.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.UnmanagedMemoryStream.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.Lightweight.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.Design.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Primitives.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\LICENSE.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Core.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Calendars.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Claims.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebClient.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Configuration.ConfigurationManager.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationTypes.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.runtimeconfig.json.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TraceSource.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Controls.Ribbon.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\instrument.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Primitives.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationCore.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tools.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationUI.resources.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-environment-l1-1-0.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.dll.exe C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe

"C:\Users\Admin\AppData\Local\Temp\b3e12127b76ce34e00b09e1afc4360c2.exe"

C:\Windows\SysWOW64\HelpMe.exe

C:\Windows\system32\HelpMe.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp

Files

memory/2684-0-0x0000000000640000-0x0000000000641000-memory.dmp

C:\Windows\SysWOW64\HelpMe.exe

MD5 fe4a5b4dc878b26bc53841ea105ab102
SHA1 a4f55846d83290e45c8d05007d96d16ff1df02cd
SHA256 7dc17b8cdb35e0d5b18b07fb3530b0fceadf5cf245de5343169d1cd6689af283
SHA512 ce6e264b5f87f55a9f22113ed97fc880ae6e20f82949da21a81bf79f1914a2eda601440040b16659177c9d49f9cfa846e9319b8c7c0cffc7312edcf21b2f7d14

memory/228-5-0x0000000000630000-0x0000000000631000-memory.dmp

F:\AUTORUN.INF

MD5 ca13857b2fd3895a39f09d9dde3cca97
SHA1 8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0
SHA256 cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae
SHA512 55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.exe

MD5 d33610428d8f48fddb41471400189e7e
SHA1 3948291593b41527b9d8db965c7704eedde5c0d7
SHA256 f458c53ec1b3b78006d682434fb55006ba0ef824a7a15d26d5a123af4422c567
SHA512 6c639111424b20b9cd1589e85bec05efb7a6d8b046abb45dfb7253ff792fa26924b9c5d68ff09880b67f293186b184c36e6065b6bf74bfad87bdecb6f903d7df

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.exe

MD5 3183c618ad859bf5dab6baaa0eab7924
SHA1 d2f36747c1cd0f7f093f8385ef8af19d23266b37
SHA256 531d818e7429dc137b08589a61324c2f5879011f55df0aa168552248337d318d
SHA512 a26b4dd201e3f407f3b7b572a7fa1555251707fc7acaaef841fc60272a86f92177ad70bbd88e2447953fa16a668e5ac85febfafa77501da73e74011dff9aac42

F:\AutoRun.exe

MD5 b3e12127b76ce34e00b09e1afc4360c2
SHA1 9c90473a5cf95c8bc30390f593ffaa95a617301c
SHA256 41e253056520087685c68a854acd8a18f0a4fe13182a0c7e2030470545adc927
SHA512 cd62026164ddd579e09a8a38b374c4e233b1f38ca8a1d4bd111bb5aa26487a5e40d77e8dbe1d0113a478772cfe305d2d7a5e77beaaa227c564a93f3d92e0cb03

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 1699c6580fd5f04f7b018eeedfcb138e
SHA1 e586ec4e6d129e35d7bd2d93f47ea90bd7ae48ae
SHA256 b9a6c9a4fe5399670b7afe43dda78a97a1ff0fb55a37e9540276a7c73f0552b6
SHA512 e32e5fd6ff71e4293f55196464918c074afa1360e3d34fa2dff6d9e37e9de8d3d277ef1efaef678724c717c5b8848e56f921660277ce4f84e03e8e7c8dff8366

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 15578f52a4c7a316e43d4582a7b3d0a6
SHA1 160227d92f5fd9520c6586d238b587a74babefe9
SHA256 23ecb28cc8bb350979219c5ad853268123178b8abab8a18cb1a5441965bf9c5c
SHA512 22b3d1d2f25aa5f7fc15785761bf6e50f7ef22750fdb4e8b05a28c51dfa60bfb89feffd9dcda4a49a5b5b684f69d3285318015d8fe00088616c2324c766826bd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 cb12d68cb5ece0a83889535e9711fc57
SHA1 5a038e819d1941977f01b62e16ca0a0f3bc44c52
SHA256 635950046260f7b68a7e80bc440a166a0b6dd60fe29cac86c8721d1e73128efe
SHA512 a4ba755463d5c51aa1c178d165b54827c19241ee9c7d3a0d9f26bb702c49fc0e9e1179e418d6a71f4317aca76fb101e5683a82f8d5dad2cec9160c499fcbdcdf

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 704e025a55638249e97383510087f303
SHA1 000ca06415e29c44cd360092d9b5c4fb18493166
SHA256 ec267525a5f86bee9deae7cfab826dcf0229de41416f2dc71c73c736d8cb541a
SHA512 106fb7dbf1e30933154805b556490e37f934700ea84c064fdcf2bf5ed195d215e64a7e0749bb0a1cd1e9247c20bec8b50a418298abf6e542a7aa90681872713f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 a5b85feba0607593ed630a5d036ff672
SHA1 ddce7ccfefbd24bc664f21a9d52c20d78c8dccfe
SHA256 2cca5183e9bdf88344f9e894195fb7e8783440ea70800cd35fc83e2414db3a6e
SHA512 757e8b43d2aa9720cef8434d74963aed66f90eebbb8c58af6b11419c32ae294c37e1f0b8e8dd805e39091a860fc6135a9fd87b070eb1486ba773e9b2b8d3e5c9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 15667fd46fcebd413ff5b7d2232f8704
SHA1 9dc15dffb991a21cf66e70856ce6dc7d84569e59
SHA256 8fdf6e3177a8349d9f02f5184130839a4b461d46718b1eff3098c6a6832aefe1
SHA512 de7e5f86048c72d185084a299e54e25fec9974a1efdbfbea587ef9d8aadd882b0a93325f566764a68681aa078129062b91b7086df11aea6556a5b1f0d004ecb1

memory/2684-484-0x0000000000640000-0x0000000000641000-memory.dmp

memory/228-493-0x0000000000630000-0x0000000000631000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 f86c5e28a6bbd53f76c7865274b0d167
SHA1 90400f84a1cb4e8db1ac46a38f76e5d002a81cbc
SHA256 ea9d1621d21f0a15ec7e681ce662cb125a6b8caff9a4c486f0c6cac2423dd0e7
SHA512 8a52fe16c24db996740aae9d805a038f7562a33a50106426fcbec9b2942ac3ef7df955777ccee74d233ede8ac96f26cee178ad1c68447fac76be032cdae83230

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 cb6a943698f701fde8fd85ee351a8547
SHA1 e3b9c7c567de52a5b227e273c16f4f85792eb997
SHA256 e1c32ce9fc3b837928bedbebc7f2edbf011bc3f0d709579d4918fb9d88230742
SHA512 852f4a1cb9d2c077743fe84626c6a283e3fc5802e57fe20ac0bbd9b8bb1530af883f125dd309bf76162bab259c10ae15e942383fc8c13dfbc74dda7e088620ee

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 9912cf24da0ee4cbeb8c0aacf26b53be
SHA1 4ed058b2ab21e3a62120c475634f1d5561a3bb57
SHA256 58568a3854238a2289d3c50563743561624ecaabc150c7255a88fb0e9062ce20
SHA512 db8e8a9a6a48d8f6ca8c0ea77fad149fa9eb214da661c1c0d2204e50cf341ae947933d1508a8250242bb1ececd994b11e71055b5d541ba38c045e8909b631061

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 b4c05e65211647ba577271326c68e384
SHA1 661353ddf66f47e3fd0bb9d0784f5b8a3f37fbf0
SHA256 0cc1a26060741c27cdc7e32063fd535fd8aeac9231f976e42d8e110c6cbed1cd
SHA512 1f35e1858feebbb9f620c701f14c24edc35e2e1c811d8325903b03ffa477874b56f4c770171dada1937e415884029067b54403db9cfbc3f02835b0417ddf1c8b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 db3cc04dc72478377164c17b37a0d062
SHA1 4078218ee903cafedfa853bd0f5dbb26fc808571
SHA256 6a6e3c86e4abe33c67e50c9832ff3bcc2615e3283a520377751add1b09c3301e
SHA512 bd23d26f80277ace0decf38db42b2f861aa2fdcca301864d79fb0a53ac983b7c3e2d33b956a44f9f11993ea3b3d971566badc6f770f6b97f860b4c9032eff49a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 1065dcfb6653e648eca751146869c3a6
SHA1 8fb7e1812c2314fd83dcee18d096b75f5cc22c83
SHA256 65d831a106c6e0420413b09f5ac1939023115cec01010aa8e62ee4c8dd0a64ad
SHA512 bf13e13e5328b95450c2110164a2924314930300180ffcfc2cad0115244a7c020d490d96cb8f34746884811c40afde99b53537f597edcd6adc8c82fd3973d6cf

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 bd6ae38f47183e164b7c0bcbb3ad8ceb
SHA1 472945504718ef4c90a39a00943c2a84fae5dbcb
SHA256 1b0260fefcfdb69a9cce22a44c13f230e1ab56f16933f48026433ff1dc1e72b3
SHA512 f003327f03fe614e29705785ff49cb2844f19d05b871339f13076c580e0212909f7cca15783f4380faa8ff7a0549454269f4558e5c7586cfa552e4154befeda4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 bdad3ba905419083be08b670cba9d039
SHA1 6ab673fb722d9245e827d94185b6ee5d065e13fd
SHA256 57f10e9f360f7b7defc82f49734b8a5fb6ff82023d0e1ab51bf00e8d0cbc611f
SHA512 bd51b4407d2f42a418480b133d012b55c0c0dbe8baf44d4e93b1c3060e8fe86d18cf328533cb712446d8e4e1bed4f0f0b4850279cfbb9f6dab2d28ac3ac451dc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 e2296c4ec84bb9a37a51411d9e2d8fb0
SHA1 726a692172c276451ef562bfeaeac6c01cf0ab2a
SHA256 49cb2207d8fc7e82bf66ad5269ad5129145de49076f474e2fa258818f71fb9fb
SHA512 7dcc61933bd200d225ba613af9c007355db689192cbab6d97c2e470bec6a95df6a9adfd9363c983cf360f5a49c78da130fb1177734ca03fc0576bab3cc8b5d62

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 9c7bf5b52b2e33a613d30036887f02a8
SHA1 9d9084039e9e2466efe7222913ca92759a9850f5
SHA256 c0c7e132df862ab3ae5dfb59f210c3bc3ed100f5f833abd3c14e83c55f4113e0
SHA512 55d669821406bbc9e1ed7cebe3abdb7d91f8a0da786eb68a78a51e826a89ee4abf9c6fb597ef3e29e1ff7ae1c678c4ce75c72798f6d6e9500c2c122d27a11ddc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 7b9da37aa6d17ee2eac6dc03f7692cf8
SHA1 23198c9cdd94674d77b3d6337ddbd1d9ebfc53de
SHA256 8711fcff4858ec9cde08bc6b498f1e1843034a2434873d24b723f0c07888b9a5
SHA512 681a4a8706881521d38c4b70e116f1b303427788eb883ea4ff904426af7216a376c33b84986d4ecae217ef227c658b8175fd99f11fb974512f5c27d7fe852fb7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 99cece7869da6947f7bdbc6a66c79616
SHA1 85340d3f0bc5a496358cae0e34708d5570d9c525
SHA256 abd3c9ae36de3441afbcfe97a36ceac3fa20eff3720a1176337075e18fdfab6c
SHA512 0120165901db8bc17d109271ddd23f0779ac5176c65db1c1e7276f728c4747a7203a5855387fe8ad9e26fd2063a099c780a6afc66d0ce3d17886bd307bbef48d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 5d8d79460e3f13403bc2c7dd0497107f
SHA1 58fd1af12377e2f99f2a31c865efca704cf0278b
SHA256 d757c91ffe1bfa5fa8804eb64d6d56162a89b13f8fc14d575a4b90cd77539c86
SHA512 24c0b5a7844d32aa5691fb75dcf0744258d81b8934350d03ebf8ec594e3c744be891d6485276d4962e04f92040287071b149e5b55380fca7c069cf6c3093f1c3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 f3d007391a90e2ef162a2002be482a9f
SHA1 49edc9e532cfb0726ce44226bb6a1c5e50ba36ad
SHA256 8ae5d40594ae1e53aa5d03fa8b5a0587d0e75200d5f82844ed3ba9c44ef2eb36
SHA512 51c7b12c5f38ba9c88f237e49414e6372efb86d974fbf4dabedff8794b8e581f78011061564061d807d4199c00be1475962b8d03468099d1fa3062a63aa3941d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 e9774041d35197ab20e6aa3b12af2b41
SHA1 58a839341b9fa678674d09f37f77eb2aa647f1d3
SHA256 b46f90db156249cc47e441035dac159db9f5fe61fc99e24862440482398809ce
SHA512 016a61cbefd3d4274f1dc15e6bd6be0120206e3d999370f86421fca45b7bf78872aad7ab79ad1e267db307a5a849de76358a2686a6482bd3693986c7a7cd9e89

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 512d4576b8b09b03d1b03a63d26c62f7
SHA1 a1ce68531ba89d7960ab71b35831b0c87425f159
SHA256 b09912567bd0641afe2a478dcec1f9f733c155b0105e128763cbe75c5489b3dc
SHA512 a07701ced16325231f9ac499381e02dc0f5facca4e5b13a9d25ac56b55d608de443b8e94a68a96759151f77d2ccbedfdb8b0205bd769a0ec6fda69ce165dee20

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 6916e0eb5c6fd7960f6ec2d32a45a528
SHA1 4398b6e61e87c0b23b558977dbede7f033d987e3
SHA256 2ab2e0c559c2175fe917170152a7bdb38968ff87b364f6ff5340f38343b31972
SHA512 53c309ceb2dbd1820ee91ab9207ae33012c3f6acfc204068e20aa330eb31b22c8c253e10d8fac8618d92d57453cb7da6faa62fb361811f6a90bf619e47526d28

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 db65e738918d354a8276d919faf3c4aa
SHA1 720ffad86ebe799b45ee080f046209443cb78e4b
SHA256 55ee20b648a719ec869a16a82009febb81bee9d33de56cb9036b065a9b7630f5
SHA512 7bf713c15c8010a0bc9e93c44c3d73ce792793c1fb78c12e563e2082b83c24e97b4caca2f2eb027b39f68a4533ebdb25326f92b6c481d2a8e8feddc6cf5b211d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 daf3236abab323ae4680c46a1a50bd4f
SHA1 332914550c812d2c250239d8a82b4918b45f691a
SHA256 71742b13a77af661c82611f5626cc29bf8e895c1658fb94addd6f724253177f6
SHA512 805d55c777d9346c229d2e98293d69bde127d83069ffce08f6e6cf15a1e71ba98aec7a3842ea7eadcff019cb2b2d18ce277567e13dd86b0fb8f753abb3185d7f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 a6b9146ab871d3a9ef21f49550e30ce8
SHA1 e6cf22da27c5fe1dd3ff583e810d7f01eab59f51
SHA256 318650fdbc06ff5fa9b465b70cd9da0827b381f3472384a3ddc4633610f439d6
SHA512 6ed1b94d2f58f8b2763bdf28b43e7d1b16c8895028adfe94f017a66b2b4221375c73567782f6219110fdc29b1fb31fcb658ed083db3d97ba0673a3f9d29a9e3f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 6a2e31b18f1d57f68ee56f4e01eb1ccb
SHA1 2fe8129ff61d2e7e595e1ab5786f62a83e0a745f
SHA256 fa0c670efb999fcdedcfaec84ccc9c63d39848e3638fffc5d63aa114e351a87f
SHA512 124b17194e7bf2119acffb78416d05dcf89fc09b16e95bb3ee9fe7ebdce050e30b5b22acdc359b4eba21326a45cc0d839bbed6ae0111b1552158a34ea94f06f3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 a39ccd96b73f574b7fbcc313825c7fc5
SHA1 e1f97933d55d530b559051e3b91b3b45478fab39
SHA256 b48cd86a31066055342edfab8979d577eaede0f6e7607ca949d729d65d0e4ab9
SHA512 3361783d9020e5283335991f93319749563d0187b2e26f258d3bc621ab08b71bc45cae985748ef46afdbf26a4dfd885a376d0caf1ed36427ab86cebfc76f3f62

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 2b8641508d657d333f3ce6e57b458cdf
SHA1 c87862939e91843c8c0b02a4d45f12f21d88a9df
SHA256 f79f5e0280d4413c8ede93a678913e1c4577b8a3bc4c1cacd0e6f73ec0997a2a
SHA512 8a84bb06a33dc796840380ab95208146bf0fdd849fd492b32ebdc2d25a7603fbaa55ff0fa91f27bf4d03f09f31754eb265beb8a7d6417cd0452a0615b137f583

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 a1f926268f524b8ab00aff3b744eed6b
SHA1 cc2a61d67379fd497145bedb531c3800d4aedc57
SHA256 4602136f5c0ebfefec05892d6a436ae4ef2f86891aff5cc035c7275f392b4fde
SHA512 e9414dced937b63bdf610abb1c956986b0c94d8fc1da782cce7b28a7e7ffc5e7f6d41e295f364a9043f3cd0d5876440fed3e90f307589bbd4f2983ee0b849f85

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 7f2bf0c10aba460820e06189d917e693
SHA1 053ce3b39d353962b75cdeab3d04b5570a587925
SHA256 3ccf83cfc7530a3e623d760aa0e1ba953e2f12aa6620412d70e1b1a559176867
SHA512 58c3cb32849bdc7b4f0c422594437a023de70642d51196b23cbc6cab430caae75d72e728a496fdfc8f9bafdc2cdd40df6e9d6ed0e40e05781ef9ec993df72f2e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 8a72a97d7740bec5f72170e1d842a938
SHA1 3ea95ca6c147260b6eddb547fca5b16e9fa6903a
SHA256 8b88487a9ae4ca52b4c07876cdbc4faff0bb7446cadbb7bd6e8b5fbfb20f7385
SHA512 bf9c8fff9a88853a76f4b25914ad6ca147c594fed7731e25810e0966d4a44af8771cb7d31ec0bc52459e84513cd60f7e0b396c855b8d22904c688eb49fecc0d0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 4482f61de6323c3602580c44d1f525cb
SHA1 69e1deca180acef8be54131d67c0226993804f30
SHA256 5d0a7a2f2fe309a3b7c6ea334dfed5f75a65d948c77ffd43ae1dea15b68b06a5
SHA512 ae918e9c403af63ed01e8c5a9d87dad9c49a4c841ba0c03ff4d8e77ce89f7cd7a1a74db85ec99b8d1dc3962107bc9befbf475ddb7bdac49b4e8e01344e1ba6da

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 4534d68afba5f38e2ba566da94d3597d
SHA1 2fc5847d2fe99118dcee54aa8a02bf63c4ab5a46
SHA256 3381efe44528195f46d30929365c0f691c2544a44e897821bd539cfa0f8bb153
SHA512 ea3889e309f57e766edaf3379217f64976a19d5b24cc833a95facd1ac0f936321739b7358966bd9357f04bf84275a94acaa0845dc8ad11005eea7eb1853d7d0e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 ae72f2eb4bc0f90248052af45edfce85
SHA1 f26417e5f16beb2793ad0ffdca86e45f40c02190
SHA256 6da3018afe7ea5531a02415aa5c36e2e73cbef9cb4adbdcab3922c52a0f08508
SHA512 e4e45a7d591f27a44d199ddf7635ab72c0750364e865568c84bdd5e173a21339cef0a55f659f2f311fc339390624639078a554f86b1b02f25e82aedb00393d0b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 fdd68cdd6ae52af034bcc87b9c7cc06d
SHA1 b2df20ffeedd04dbe16fb8c609c41f21c1805b05
SHA256 839e98527b8b5ae0780319958d792e72eedcba5ed5890b91f9badd706a4f1b02
SHA512 c8f798a6cd12eb626cbd528af50b0969981630369a2f9bee8f15f900f198360bffa26ba106fb454417081f9aede3b1a479ecf661bba7bf06238c506ace86e624

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 a23c59a7d260023473bf6c39b40c5222
SHA1 c47cc6d9ce617356b7f6a45aa739a87c124e7037
SHA256 2ba4ec7ef6f53d3e9427f4db798ed9b23caabe61e837975b93627fb1eb67b514
SHA512 b4792708cac0bc33814167c9eca5b70c6ffb77b59a141a75692282258fca3419d4a96be0f88a39224281da48bf0c61d4ed37acb5a80a3727043195609859219e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 62094a7491b06db81aff1cf6f324ff95
SHA1 5bd5db4fc4dce50d479f34f72951c684f26478be
SHA256 ece722ec792709285f7882ca7803f150657ceb4cc9804d925e8055bc551fc4e5
SHA512 ed2469740b6fce8630b695fd7a38bb58a45bc3e9c1278201c28f705672b87d9185efe1261fe3943a4d5b632653e52d74dfa3cd9d5a12a9198e631d2b2efa45af

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 f9626e91b7ec20fb06e221a6841378be
SHA1 f8e3d65190c4e15ac13d24479ec3b84671529c31
SHA256 30d3bdcc692ab97d16d286183de6347aebea420d956f67db130cce427a3e20d6
SHA512 3cb93c84a3c51bb233f7b1c4f08f9f13f0cf4bb714eb6c33b9565694770908ef799891df815e1bc87ca87c15caec06b755520f60d1c73d9d8852ceca41770a8f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 4b1ad1ab4020dfe74298a3f7eabe1b99
SHA1 9f54a7aa153f2024ede945b51dfecb6588129b25
SHA256 dc644cd779375a19974b502d0c6578a5795dffad80c03a2a007905694bf421e8
SHA512 c6e7a7d1579ad8f7a482b5ea7c4d93ceaee3c4b3d546e6de60155990e4143c7d08be8a0042467981cbc595994b76280a3c6a3a54bff7045ff3118a114b9ece22

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 1bb26b3a9ea0830c55a4aad8c7aa2785
SHA1 f99cb4dfd04dff2305e7719749bb0418457ff915
SHA256 762e1cb1061508da7f402b60a7ebc3ee37e78f0a13efcf0aa89f50893b3f2da8
SHA512 7df66dba3f30af40c18ce58bde295ed1d3518b1f8d92416ee4e88665477e5d3a01d902f640e201727601be6ea90c178633d950719b66f2834733d97cb67b8e3c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 89ba1cb3248562f9dde17ef5c95881a5
SHA1 964a107de23470668b4ea0fa6a699697f64666e2
SHA256 d3c72cb8e989967db0fb9093d3c837eb41dcd1063c5f1645c57ac2a5ac4b1506
SHA512 12a689e8728c3061b2fd0269aa6750af929d73de98c9e60cf946295bc442810c46ab8e1fa7cadf95b211558694b8838c3b7c69b9866b6a6cefe850f67fd632f4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 a8ff8d4d07288bfeb279cb82b3b84f16
SHA1 073c5b8e123023fb6eb74f16646520136ec899f1
SHA256 612e4e1ed86e6442b03acae1f853b98dd4558fdf7983e8b6076033d2b2cbcb3a
SHA512 d70d5d0a534a5a5608a856f82223210b16db6747dab531c59353bf8fb159b2263c9d2e184b35f1d58e1884d85e9edf1de7c5a0715397aabd3bd0cabf0189d8bd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 9f9b6884e6154a774e78449d11d0ebfa
SHA1 2255d86c82ae799aa6f63baec596ff5df010f7a8
SHA256 98136cd2df34246ebc2329e3681574e7734cdbd2ec4c819711b93cab40a04604
SHA512 8e010d6576fe48d3fc084b9caadd99c33135eabaeffe1dcdbb394b225e4879b9d6d71fcb12f929319a19a55a71a4b31917ad1372b45560d4a8ce8cbc978efded

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 1d864f8db912f2dba1c2ad0ba8dbdab6
SHA1 7fc178e10eeada0d73c2d224f6888c9aaed55fff
SHA256 81d729f4b25da19461d6bfff1ca02d7fd41d4615b7b041faeb5d3b8594f8617b
SHA512 e272cb0cfd667d171946888042833acdba9c2ae94d21cf5583e1cdb00cb165a221b75cc2b9b7b9a96fc496800a80a320e523c9e55580bac60f4cfa72e03da30a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 ca3d7cd1855ee9415d3c6477979a3721
SHA1 fbb9f159145eed0b8d750b6e66c48d814f6e4b05
SHA256 2e091b616f79a138543175151307f7303926c02cdcef40a2a16da48b06f5e46b
SHA512 a3a69a8f6311b6af9f95296a3dfaa9510385393963faa40363038ac5fee7500de3b5962ee37376838f1a7479295e4459aeafcab1a7cb3c5f517e299bdc560f55

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 0e671850b444ebfacf0ca43bafd658e1
SHA1 adcde7eb3fa0fcebc808bab9bab775a502447982
SHA256 ca66a512b3ff600d1c13913261f0fe257877c7e7b7a9d53360dc1e73fd0a5640
SHA512 411579acbc553cb00c052b4cdc06f70b58d64a53d8a24fa0a39ed05f5b61ab90113288b9a17595412b32d97db587ad994b156a78489a6f383ed82c35a7294173

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 2b41948e6f09e4c870f6f65a6bfd0507
SHA1 fdb2cc5d921687334254fee2e88b5312add1c7d9
SHA256 34bb8f44c26dc46b8e8c03b4b04aeceb49a8ffedc3992da45199aef53d60dd6b
SHA512 87ea1e0bbd19dce28f2a6afcf3172260970a07ff9fb22e57a7aa51492ec1c5880d1c1742fe235f5aa667b2b40202202fa9b920c869e8c6e13ee528d450d7abe6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 725cea2551ae454c25fe757787c61531
SHA1 8feb85aa01c69ef1578a076307e0b9466f081822
SHA256 f0485efb2346099f93dfa4c9942857d9bb508eb17b877be1e52d52455cf5b7bf
SHA512 f48efd6035b22f8d251ee73c7d3bb4c1df3d81fc581e444d7319f48d3ee1f590f160530929f806633d3bb78188092d476f6f2cae1f6bda5262971e13c650bb53

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 95b5f34b42ac16ad2a1a9c14bdb32273
SHA1 26f1ef213f46e421b9e1b38e14b7843e06edf004
SHA256 04ace6aa41aa6e98c2f9c54ab069f7b4f092f28a6454b89689419dfe02671190
SHA512 2224b56e77e4aaecf9804eed1e362131d450489fcd937f79ff23d053008259f2664c08ccccf32fb882229f214bd43ddeb2bf47e375ce8c3a212d2336ba8a3a44

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 ecae65c870c929dcb121260564ae0575
SHA1 002ebe8480b74e557eca372144d74ab0e255e6dd
SHA256 8ffe4ae38ee2ef8651416972a753e91d3e662a81e021fd2ada49b3879cf9afef
SHA512 7f980db30b931d0cccede3a43fe4628aef5efad0e6f72298a7e6c20113afb629d04fb92155a0cfd1c61a57fa9f358b6f5f89aa73a487b3316597e5229d204272

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5 7ebb5748aa9773906c322ab7600cef8f
SHA1 5c4dd00feb2aebff0b41cb9e560f38e80a8b4d5b
SHA256 7fcb29ed3503be37a781e02e8bdbeb0fae8f1fae4546aa8a2c56f11584e88f7d
SHA512 b6539655a1b869bd9d446dc94e12e0effcc0fbd20abcd3887057e1ab690be69ae828cee345a1e516465ed8e95b71e314bcea902853c6df20e05cf6888333df54