b2c5cd7921f504fb0ac85e33e7c95acaee999beaca30bd41ddbb29d88082199e

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
Size

769KB
MD5

0066df38d959c814fa667b42644dfb0b
SHA1

e223e25a179c615db3a157f4cf6e7c026aa2234a
SHA256

b2c5cd7921f504fb0ac85e33e7c95acaee999beaca30bd41ddbb29d88082199e
SHA512

3bc57ad96c40a9c48f579db355a44d65bf14d751687dcb6f5c02fa6026691970a13014136526de2588c9587e5bf306524d00f69b7c0470e981950281e619b7da
SSDEEP

24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvy:oEs1hE

Score

10^/10

persistence ransomware

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

HelpMe.exe0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

Renames multiple (2380) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 3 IoCs

Processes:

HelpMe.exe0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

4768 HelpMe.exe

pid	process
4768	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

description	ioc	process
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\A:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\G:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\X:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\K:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\U:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\P:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\W:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\Z:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\N:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\H:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\O:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\E:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\L:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\R:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\T:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\V:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\J:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\M:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\I:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\Y:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\B:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\S:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\Q:	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

HelpMe.exe0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

Drops file in System32 directory 4 IoCs

Processes:

0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File opened for modification	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe
File created	C:\Windows\SysWOW64\notepad.exe.exe	HelpMe.exe

Drops file in Program Files directory 64 IoCs

Processes:

HelpMe.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Configuration.ConfigurationManager.dll.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\7z.sfx.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationClientSideProviders.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\Microsoft.VisualBasic.Forms.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.exe	HelpMe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Parallel.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClient.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.EventBasedAsync.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlDocument.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.exe	HelpMe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Ping.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Design.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClient.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.exe	HelpMe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.exe	HelpMe.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationProvider.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\WindowsFormsIntegration.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationFramework.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.exe	HelpMe.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Controls.Ribbon.resources.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Buffers.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.exe	HelpMe.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.exe	HelpMe.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.exe	HelpMe.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.exe	HelpMe.exe
File created	C:\Program Files\Common Files\System\wab32.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-sysinfo-l1-1-0.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.exe	HelpMe.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.exe	HelpMe.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.exe	HelpMe.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.exe	HelpMe.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Extensions.dll.exe	HelpMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

HelpMe.exe

pid process

4768 HelpMe.exe
4768 HelpMe.exe

pid	process
4768	HelpMe.exe
4768	HelpMe.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe

description	pid	process	target process
PID 4900 wrote to memory of 4768	4900	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe	HelpMe.exe
PID 4900 wrote to memory of 4768	4900	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe	HelpMe.exe
PID 4900 wrote to memory of 4768	4900	0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0066df38d959c814fa667b42644dfb0b_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4900

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1876 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.exe

Filesize
721KB

MD5
78bcdd643d3a9c47db943f24966083f8

SHA1
44f871d59c8d5f67b4a025935bf5169a5178cc89

SHA256
75f6ff1f7faf0c41a60ae0baa3a50fb3ffa14a0173f4f6874bf6e1ab7357503b

SHA512
493123ab14b3be0ddee56d0e754d4c4f6d63956d9ac6d0b19ad0b936a5bb24f0b0cab9bd3f252dfbffef3817e049b373640898e54c2d62a27aa8ae3a22b92c0b

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe

Filesize
1.5MB

MD5
16c1983c5a418f168b9a3c1fecf0c51c

SHA1
ecba2699a9458e3e5a1fc2abb4eaf030059e7a29

SHA256
8b716cb67eb0977ba4836373f281e5cd74c2d903c28eb66eaf755d65a2612f4a

SHA512
b935797b9d5a5777d6ea6c5eb76c86a0fcb980865e103ae342c776c1c2fe04e7ff18624b90c83ff00a2426be6c1687e833c7a8c28340ceba4150845aba80e118

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
235309015eb4fc0526dee610e10820bd

SHA1
68a3bf576f2ff5e15c143230a3c3d3061e5b2d32

SHA256
341a25f9186892271e564ea6538f89640ab73c531cd0ca606d17539d41f0cb91

SHA512
259982deea83f21a8af1ff4d96cad75fa3ec1951c360fb9f0472a6ccef82bd8098b0c29b80c38dbfeea083ab4d30f1a438e646926ec27ff8fc5df1dc1904b4dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
62e8b4a2aedc3e4cb4826402425bea4a

SHA1
bbff8f5c4ca632e105c3e36aae6d27c6cf9b0218

SHA256
e108ae35ca0554a86385a1d0caf552b2c7e0544b01417dd955bbb932adcf879f

SHA512
297c491dfa92722b7bed95be07395444dfc7f23bd01d251ed21abb19c3f5cad8536a2d33383f6ec831c2411e75bc600ca3c04e0fbc4b9d6d90fea0820dce0280

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
d8bfbbc3bf083725145e271cc854ba17

SHA1
19d3e8aae74cb076f3c1d9967faf514852fb3f30

SHA256
01eb13dbc4e236e92efe9d5aa458e948f7c079e3f154ed00bb030f03197cefb2

SHA512
a6c5d024512f1417e4bbda60a0ed8079cd69d054df5bb486002eccf6cc31bacad49869ed704f359f67e65797bca0b023abfae4f32d473a219e9bc41c6f6fb611

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b56ed008332943d8ed787c618c156162

SHA1
871207e306adc2cc2ce3302b1c7b41ec9325e471

SHA256
396d64b29541095a61ddec0fba88282ab40e1d5bd26b96866591ab961cce1da0

SHA512
3e5f6905ed4bff581af31983239a6e716af3cb3f01647d2288530c8484be7c187e39097b30e8f38a8aef3515e16404a684260bf1d35baee7324499a11d0a6efd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
00472e59a0a5c4b05bb819590d5e616b

SHA1
228691fee9009965493ad0846dffb2538b0a4050

SHA256
634f7697dbc909f1e82f59eaed1009c4f56144b8f89d7c10d0c024ae5ed1d634

SHA512
688e0055ca3f43bd908746b1c59163869c4820366b50439540ae3c7e053227642aa307e8e59307bcd222b4126b754b9101d005704f693efa8d2121ee793d6057

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e2bf72a0db6a14a699d0d0c9adc303f4

SHA1
57a8857fc575d854d6ac9cc96753dce1decc7c06

SHA256
3a00ff090d1a2f78eb945a1de8ecde21455b0d8275b8ea8bbae0907ca617a1b0

SHA512
ef52563c854bbc5569b579649f5269be3c5d81c9702bdb724c2f45962db216e99eddcb0995e3e4b5650f7797df393ea270271e2b8989d2ecae5d4dbb79fcb314

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f502db5ffd94f5bf88a2c57d30bc5063

SHA1
959487e9b17a92d7899df914b722d61f41c1b249

SHA256
25e48d9b855e53e76af8bd1ce86241ce39610b8516179f693207e57d715c222f

SHA512
cfee1d16cf7f8bba356e3b80a63ea3a3de7c0b2629303d2e1e27b0643e884a6cc78bbd1bd3da1d568fa7ee3673d32ccdefd5fed11d85efaa92a2a3771f2d31ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
93cc8c6418b2aa10fb1d75496db07e66

SHA1
1a290ae1236c3de2ed499e97f416df4cf66d0876

SHA256
c7e2825b1aaf617e568f8efc5f1165ef38a58020f38d449147b5348642a8c066

SHA512
80f1e62b99c7562473e5bac6c5071f3f7c2d13a5a61f7085bb5b4020d2e89600a3c261b9b07d35ff04ed612d6c66abd4db03ae5192b9a1d6ed2e1bab977b5968

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1ed5b2633585d267ed43e4d3e059df2a

SHA1
f15a6bf50b5d643da55c5b4ec7fa2de251666833

SHA256
020a5c35e61ad6168f18349b8909ae56e6eb897e9cbc77bb13939932cafd3466

SHA512
d11a244e0d075211b5db01c1b3106283dc04a0a482e584891c526b30ec925dde9bc0b2a25711ee21046711b0e8082b3057bf20cc54f2a34ac6dc20dd520434ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2522c47f429be375defd748b75bc867b

SHA1
1090129ecc4d1fe5fe3a4ff301a7aecf8595a8f9

SHA256
12a8944370e1104c39dcc662afb0ae837edeb6325b57a3a288249d7184cd9000

SHA512
7b29232c7b5e2236610ebaf61bfab7d763e2b775d5c15df2d2e7ce2197eaef1759ef81ae43896bdc40c5460bf80a1a394f5df78e17161401764d4d6cf5a56252

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6ed655c5a37f9c5c8d606d6d091f4047

SHA1
170770778c22a2b03fd5a643b600bd9749985078

SHA256
c53759d67c18be4300704be6be6ecaebbb186599f0e4ee5c4714352c98e09237

SHA512
19800f8ee53908453b7fffa17c2e15c0ffde0fef737948c41c3eebaf3d932620b4c43f7e760a3cdf6344201e35bbeee6076263ebb2b08a5b2429cf29638d6b3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
29dc354065503bd20d24c1d370c935a4

SHA1
a62ed80e408aa372f02938c9c34ebefb9f1c4796

SHA256
012c9188f045fa0cc0a9ccc132b33bea54fe973e5817fce62169e592b2aa1c4a

SHA512
5b2209c01db35fde53eceb431430d0c37522aff97237dfc1b68a68046f1c40fef4088b443ddcbaf3bbc48bcdf416c8b817c2ef216dbef11446537ee528443f0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3933acabcd17c72fd07f912abb3586fa

SHA1
ac0c50f783bc452b81e5133683e400f0c4ea2a88

SHA256
76daa373ae2bccba76e7d786499548de8aca53c7b966b50a8ab19159b45b493f

SHA512
fd5883df55dca04ce027fce22a07aec8d7c3a17d3cd57621b8a2e6a84a2633598379504711f21e7cb0187fc1ae261abc225e29e29b686ca8170be5694d33b924

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
6bf4cf47908a7bcd88478315049da8e9

SHA1
a46d585963c803a6f718582945eff41ec4f67f2a

SHA256
2605e09bb6f5394bf1dce08d3aed943c100c92ca71838546935107e923b84f46

SHA512
28b7c517a2cda6b4a02f60c68e3cf9ceee9bbc9c59302403a88e7eeccc44fe861e69a612c21b3e8dcfb45292472f45f57c08409c75f9868791cf0a98cafafc1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
183c8fbe1cbd7963eef9c72a78f524c9

SHA1
95fd46dc8e4e8579f02c0d77a15ec830594c5ff1

SHA256
01b1449880b4bd576e817b961989df456113257c74b11a0ce578b480fdd70afb

SHA512
86f47a7b84eb3d0fed41a337b8ee6d53dda1a5e83472726dc83126c05cab71d23b3b6e2cbc41764d162240b39a8d50c2fee5ab0d60c18580a054d7191dd537d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
11fee858d7e0de7c5a0d61c6384ce94f

SHA1
d01b44fd9f25e444d997edee06d9077d0f6ae6b8

SHA256
2c250e265d85c74a5c8667e5ccfa44871dae80abda66348a135788142a8a6c21

SHA512
7852a9c03a2d7b9eb2946e70899ef4cb4bca287bb69c4c17554304635d49b1a9cfeb4f7980785afccf0945c22971e3b6810b2eaffddc6070548cd3e1e272b8f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
789078c7813e92a72cee030c7796b101

SHA1
d06e2f07bc99909cb0ec2d299991884cf0d9b997

SHA256
2a23c99cdd0137b1e8526389f85d7d4e99732f3db8a1006fb7a999c33cb3fc80

SHA512
c53c5ae496e802ba9a4bfa84d1494f8990eadbcb9f23742facc5edc9da2becd89578a1e7e56db9795a7b4d7717450419014df9b3d521f895921f794b9605fac6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
36d1cbc1c68b449dacf567c97d2c0dd8

SHA1
819f6569eb93f80c70dfae7329d0a23cf7310097

SHA256
399ad7b5e1a15a4ef3ad8277e0b1310955d44d43f9408b95d7039ae27d661b77

SHA512
fc7aec10a45d9f59dc0a0ba3a5cf31a74086f719c86ae833bf15d2dd88bc66d972d7ca554c9657ceec14e209e76872fed88d5cb0e33f436ca57ddc836b4e778b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
d90125d83fc55e23e7f4282776fb134c

SHA1
924d15409b705943ea78beec801524197ea40a71

SHA256
5eb2d882a401081b895331b8109b2334d20670aba56a4b0c2af660ce198bbd6d

SHA512
b2d3a57552ca7bf4b61177dcb30bf38abdb3916af9144edca882250e30860e060dd4808a8af0c8b658de871a519726f25b185a6c30ee572a5dce26917d4817bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8c666e91f62f3c7335089e8c88599dad

SHA1
26d65c2d9d8d4e226d7ae34518d350d4967de700

SHA256
2681cf75d152b80a8773d6b11a668803b50ea2d7b8309806a9aed351d59c3d68

SHA512
71ba6d569e8b3ad995d477c875b780b357cb8c4ce4380351bf76e0ae51690cf96b90b258610db97cf8bfb5b4768ff510d568f270885ea4660a9fcbfcdd2262c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
e10f471571b195e57d8af5ae655f99cd

SHA1
8a63f52310b899af08701f86de843107c51598bd

SHA256
c4071c1ffe561bfac09105a1e84a6238190c0c9faaf5a2b8e6b7ba162cb38591

SHA512
90474703ba0c9477aacd9750e9c60b80ecd7f331e8014972772d39c876fccfbb9fa183a9171cc1f0b17d0c24e987378257464c2e41ec1cfb7a14cbbf7e003197

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c4a38db0f87a7d66188e1e2060474d9d

SHA1
1eeadd4ff42f281ad5cf3362a6a43b85962af02c

SHA256
db885ce0ba23a65fd497e8a11a63ae385f9eac843c8f5a5f837c32b8025e2606

SHA512
7652a9c3ad710304539adb589c5504cff87f227eb2646eaa63546b28646eb47cae84523f44c5104e22e426fc531dcae56bb78a6c784f15355bf1c917e971c7b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
1389745e2fbc3f7e4c9930eae03e1efa

SHA1
8edd16e0af45739f198128a77dbb8188b07753f6

SHA256
16c2ccdce5ae7759080cb4ae631005d32afd6a8a8ea7140a2bf176dccf863058

SHA512
7874227562f6b58d8ca33ecd7cb4a0020a042c870f533fed524e90a691a05a025e2c5019165b48fb1b15f37151fc6b2845a67ee66554d900282ded3f0f6f1aa5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
18c9b3672887c42aa422c42cd656b05b

SHA1
160f9fdd3240655ae5fb65feb3be01dabe77f8d0

SHA256
ea6d4cced90a2a82ee2d79f0ed9e7fb94818774ba6c0d3a75b5a0ba40a6e3178

SHA512
1c925fb147e8b8ad07c6e196f615daef788347fe0cbeec6e67fface64dd4bc5b01bacf15da7896bd8b91c8a28cbb70581cef42b2bde9cbed5d645daeba0f00f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
004d4a5110df13aac7cd7eddd309205a

SHA1
e64fe418a96554d6be4da9dc30fe48702b9dd815

SHA256
e4f6605531c97743b4bbdc3e8d8002743f5bf204ac1d84397439063fc6208fa2

SHA512
80b0d61e48c7f0e573f09062f8358b024046b030e8459df90c817ed44a2fcc4f3ee5e8295b184c4683e6c1024273320eefa3e8f76cb8f2aa0d1b614a6f4ff6f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f9d345e874d667f1079e8f65d267a4ba

SHA1
63c1b8acf2d7c08c9977f7c24da46dc7d0218c59

SHA256
4aaa1dc82068701348730e9b6837815c1515ad7bc98400590e2666523ae8af74

SHA512
7ff1f49228727ebf3d346282381ef5309efef2bf1b6e34589cc75e73bb9e95d9614f20eb752101a76c3c3ec2a30ab8d4c5c66b098cfd25457759a18389c75eec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2629093663b046a3cf50b597ada57d62

SHA1
a0fded5297487185feb15a9f79734fcbe31f9356

SHA256
a90c3eabe4af97cac70188aa968f315f085ad0bf9976e1f5a3ec9a3f4d29bbf2

SHA512
a474ebaa3743ec515772287df10dee37ff29c5dd2a535baecd78cfb1834ff9e74eb12bfbbe7a71aac3aece26f3b96022de79104de4ab5ad7d1e84e721518afd2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6be4afc2ee374271cb49f43bea365a89

SHA1
6872b403a462931c37d5c59d07203986ba87ee16

SHA256
f0ece3c07ba2b481b4945f040be91e3d0f7777445f1a387d45792833c983b36c

SHA512
3f6243d8c8123adb16049c329aa76d097288a0112b4a07f8e1eae2a26e591986b02eabe6a16bdaab279bb0c0c5317ac02632ee84b3efb31ef925ac60ac3f246f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
0d7eb3c1da688f824897e8199f3a78ad

SHA1
b5bdf1feae0096d73d53536ac7aecfbef83e6ab2

SHA256
176f06694492dbfe861bba76f49bc52b9858e86e20b678c9230520aab009ce95

SHA512
8df800675598a4e6d7ddd1ddb45a8a1de4136cf7a75fa54ead8f7f2eda359f23ac12b5bd77d3684f0d535994d922da441389ca5bd8a83e63b9cefa57db96f9dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
ffd69f71397e1773db4a563706376793

SHA1
ded09ef4d0e2aa3927c2456e36fc0b404c37e660

SHA256
cc385a7ee96325302339311acb3b09c4a07f664ff962170a5405ee7a96305e8c

SHA512
88af0aec39c05c65e350f99427e3db632c4f99de3910ff075e530086248e994be16b1f92bc4b5953546b808e3c8f4931058fc0c6c87d77701867d90dd406552c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
b3c4419bb4b96f12e9adad481cf14c41

SHA1
9c4bca167d017c8c2a52665effaee028b723adc6

SHA256
00d9fc5daeaf321781d0fd11e8a3fb1b16a1241aeb905d04be17ad562294ee3b

SHA512
02894481f449972e0f555b8965fbd2c21f87fc854874b8f9135c2b46ba53dffc2400095c796ef80e62401d8152f9cdbfc3117bacaf780ab03c222a303ef5c2e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e831dc2b69ba6730f6455b7d56ae182f

SHA1
f0c5bb5254eeba57a1c3ef334ec5719567b3ea99

SHA256
bb56a89a10a1fa7bcbe9d8ee4b21771e35e3bd4b1ea66246772dc35494a740ad

SHA512
417fa9698bdb5656097519f5b2a649012e28fa6d469aeadcb8e784a00f7399d320b5af24dc31f77317ed6885ff519ccdb2e8e815f25b4b07c1d07979ea71be77

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
11fb8acec6694b6b80b5ec3502d2f5e4

SHA1
a1518c880350bfd839f2b797069edab69c66c120

SHA256
122f75ae986017cafebd0af5ad5b2b026586503e1d5580c2ba1382d28899c363

SHA512
5697d706e72bb0243be57cbb841e413fa99844fcbb0a1dec6fd3138c8dad88e2d92241e2c3cd12f70016bf781c478c6e76730cc7357dce6f47bfe2fc2f68d182

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
852db9768c5644e21103f7e029eff521

SHA1
4c49874b48cd292f136f249ab3369228d47c28d5

SHA256
7224b948f331b2832422468904fcf7f0a7f598520b0a159c2907ab61348f1637

SHA512
2b16d38017c8be30d0568b2e02a4ce09083d2bc0c6add30843187d0380d614c417a949755e8e719309b0662d4d02ad2dbe8ed3e094aa2f332d7ef5a87046f52f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
2c3cddde87443801017d5c402f91a89d

SHA1
68b71e77546e203eeaec7f9032b76a783daaaa38

SHA256
7bfb6096022c9e245c165f1dedb8ee0c6be49176576c828e7414a12c4dde3a63

SHA512
8c2b8cec9622d76eeafdb0d7bac59121a7620738ac022fd0d4dbd811787df7cff9a7891c6c847169a8d8298f126fa1f9d5d28a3edff1da8113f6c68cdf9344f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
11b2ce18dee764be86efea886639d5df

SHA1
6825875ec144f3034293bb757dac68b91d364456

SHA256
01ecc097d280dc0441f16011f455cb235ee366a010e344ff191bc6807fced514

SHA512
7f4fe20dd96c517d3ec90eb712518763e1f651cd2d4992d9d8559d470e766aa8df64456244f58b82fad8818086f2a8f962f7ddce99e48d3cfbdde52fbf2cc3cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
4eb33bf053b6bf751dd840fde42fbfdd

SHA1
17ced13ff68d854f0fc15c07e0e52ff2bdc25e6a

SHA256
02e39088ff00bf077052a05fd6e4bdcde44e0ce44eaff6a422234015434f3a69

SHA512
d589abffdbe078911f7cb4d064381bd12f44cfc175f6ab086be357abd4833ec66b892978e4000fb44139deb415d1804306fbf8c91d65f6efde6c94a2760a28b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
c1737e928d141e9bddc3c974f059427c

SHA1
e718e8c065761d52672f4a2b70dc852eb3ac6e56

SHA256
acaf23142748ef5602f4d6cc118f4026ef60d2bb5fd48f0576e833301e61c9e9

SHA512
69f8cf607f863eaeebf47235760db5515703936e51509ba60681566153b0204ed3f42960ef88d29aa677166be7faf15d2192a4a7c272408105c42e858882ede5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
04acdf75bd00ada6e7abfba8011a3746

SHA1
a61aa3c473dcc0c6dfa877b65610d87a86d010bf

SHA256
2535fb8b884515b6fbd65bb41d05f2695472621b405fccdd6aa67df3db57dbe3

SHA512
31ed05c4e5df999cccabbf91f0fb1ab83a932848daa9cbbc3314104bc0bdbfa2e60859bacbb3fec29cc17863eb244a82b1b94a37050aecf3c800af57cc929051

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
18e418907f35283960d9fc12c2dd8d6d

SHA1
9086a51498dda711ff8a96b32a781d41deb442e4

SHA256
e546c0e46ad8647bbafc7537ed2b3b1f50c41fcf350496954f6b472ac244cfc5

SHA512
eb1817d10defdef96b066588c32bda2e3cab0d4267028ae1f81210ab420441e5d1c7c0663af345f7b125f5cd8ae8a579e1d8f5dcd399ff394ae99e1d344df02b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8384edd6345aed41c76a8bca95e20282

SHA1
428f84ed6e3c03d8efa103c2d046e27a9b58a417

SHA256
d5cd57e26a54fdf83f57718ac80aee2bc7532034391423144e870f96d013d6c0

SHA512
febf4ba2fd08cdac02bfc00def6df89b8ff8045de10ccbc0d6b099b7028e5cb4baa6fed4e8cb39c23cbfdb2948e3fa10387c7c1c7adbdd0dcec289c34a930f9b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
a44f5cea8ef11b0691d869fbe1c807da

SHA1
5cfdf6be74ed26582eea8e92a4ff6e855102f34c

SHA256
aad2baaa186448e46adb964e8e83cdfc95454cc45f34863795949123b56eada8

SHA512
edaec2c4a4a167474eafca5182950cca3f4da87c17ad8053c24f9bd285f227a4ccb27bb0957a78265a3fb5c315148c591e02d57eb770bb49f62dc2b8825ee0ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8e21dc427907150c53ac4b73f46ce1da

SHA1
49349974dd596875701fe3441f1b0cc976a3907a

SHA256
2b4fb4fdbe2114b4e033705b696cbda115c424d703d4d97a282952b73ff2f5d7

SHA512
d836cbd02e79a8e04d7dbff9187b69608fe17b9a9384ced46e4c2212428b3198d078ddff7cf9e5a7742523eee92e5bebfeab6b37983f594fe5080852bc7cf46c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
bf7da5c826f5ff68f2957f8d53db6294

SHA1
970e4397aeaf46e9a02ddd52f016d86daf5c9717

SHA256
60c90b66bd02fa39c56ac3c6e299c297025b21e8ccad7de36f6e5c9243282dae

SHA512
5136fbbc0a8baa40816e981c7eb6b6d477874980d3d698bc27b97bc3176f0a4ad17708189b2f97414f1070b771eaa2ef4f47b02e7f1fb228b267e79c056bb81b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
3fcdfed9e10d7ceec09462c9e07a2bd0

SHA1
9e1a551db3436b36b0aca4657ba90ec475c4357b

SHA256
e7477cb499d8a6da2cc86eec0eb473fe84b789520afd4af5a166f7cf85d2cc9f

SHA512
637380bb0b8fc539fb4c87b40a395b2fb1e0aba6a7c67a925bcbed7aae270e3fbfbc9022a72d51ea8a7f996b8fcdc32ba66bf445063bdc82e72c6fe38bc7fbf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e39253c469c031b12c787dff835a690e

SHA1
5ab250a8bfd612cf93180809794cb090c9841eee

SHA256
a7d44895497b1d2b0dd3c570d2cbcd072dbab851a0d0b5f32e2be3af3e21e2c1

SHA512
9a2a01270e0d3ee21d650a18908b9ffecdc15ca65bc96ab87352d3a0f39ab3b9acee699061c15140cfe58c7fbe307130b306cda1d66b719d128cbbcfeb8c3398

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
ad96844014488ae374a314afe4370e6f

SHA1
4e6149350407736d4ce10f19872b42ea8e8a0d21

SHA256
b3f5b8c728c1fbf2636dd560082c9185af19f47ca14d85d805f07fa687700234

SHA512
0e6d6aff7a449451ce41ae918feb14575538aa7666415ae4022190d5cb18971f597d1b7e2d90004071426322f2e1e481e885bb5a991355383286245d5a5886c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e2e46b70d741ee23636496fda0224162

SHA1
f7789c55c37e0688a89aae22f6789e9ee8037552

SHA256
f4e356fdd27506bfcc0ab5268c5884cf68b8a56ab10233d2ddfe968090ade642

SHA512
a7913d135cfaa63089107135d887fd3fcfd47dcbd22a576469f52b3d09b3862caacf1b682e4b3261bdc922eae15a7bd911a7b3cc38647048e01d37407e1dfbc8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
18b17e46758ca6d66777af7e0894d32c

SHA1
2b7aaa558f65f058473da788c412705ac53f5a8e

SHA256
316f87c658e5fda61ed60d2db530078ba3df0fc66edb7681f18690a09e8fbb95

SHA512
b0a9a35e2e1a2f352c6f8bdd63e9f79b66008f44b6353dd3382d9f2ed6c6d778cf2193e719615b7959910d470bc445f1e5de17475a9be92ae6d1271206a29321

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b626b8b4f8816957285af8bae77c13c8

SHA1
f64a352d0a94b4e160a9b055cc37cfff699f12de

SHA256
70999460ad88529062af9f9708f19ce17d0cb6d0fa980c3cb470214181627497

SHA512
2e98c72dc729e133e23fae855a26f979b396c21cd299a04762c993825a0dd088662940dff373cdb3149d2facf67417c58ced9717ec0c993043dc430b8fee53a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1023B

MD5
91bebdea3d57bd2b3fad3e641cba6e24

SHA1
d1462a8da30f8447bbd076ba684fd1e573798721

SHA256
bdf76c2b59507965998057dabbf6052c7ffded8c7b3ba90ddb27720c82e0f6b2

SHA512
d559b1bde1fa4aac985fcd244e341edd1dedb5495144c2a6e1e5223a0a1a298574576c723d3dc45b3bf6bc2165524b52f505c76c774403719b02e79af4546eaf

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
721KB

MD5
241134c0173d4273d46f983399715d83

SHA1
78393d0db3413bd592defbffbd53ddc6eb21b619

SHA256
a05577592ef23e5a4ae9f1cdcfd97b3ecd9c24cac7e78126d921ff3cf202883b

SHA512
9d640b8386c5d10e8efbf66ebafe9df0688c365b8ebf7a57b9b2204ba149bf0ba7224a70648ffe43f67e20b3d6d3a13c6c46053166fa9480cd6700cc05b3ed77

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
memory/4768-497-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-2186-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-986-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-2658-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-7-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/4768-3104-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-6-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-5376-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-313-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-1422-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-3410-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-4686-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-498-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-1698-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-1264-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-4186-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4768-3824-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-1-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4900-1623-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-4105-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-2101-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-491-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-2621-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-3617-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-4525-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-364-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-492-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4900-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-977-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-285-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-5321-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-3275-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-1403-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-2951-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/4900-1147-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download