1c6af250f77229453db7d19ef763ef3e3deb8343f215f32a063fb1f0ee917405

Analysis

max time kernel
151s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
Size

892KB
MD5

69ccfd5795d9e3745e415d8caf93e651
SHA1

4a453a58d3400e0d5874568b0688f2ecd9750356
SHA256

1c6af250f77229453db7d19ef763ef3e3deb8343f215f32a063fb1f0ee917405
SHA512

eada8d725eb59022133030b6c02062406e3be06a137a8f3abba785cc0e6d75abd60d643d17333560965221f021b7b326eb4463c5b14e008383118584a867558a
SSDEEP

24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvR:oEs1hz

Score

10^/10

persistence ransomware

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

HelpMe.exe69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

Renames multiple (3566) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 3 IoCs

Processes:

69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

Processes:

HelpMe.exe

pid process

1916 HelpMe.exe

pid	process
1916	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HelpMe.exe69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

description	ioc	process
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\A:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\H:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\U:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\K:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\L:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\I:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\P:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\Y:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\B:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\E:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\G:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\J:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\Q:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\Z:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\M:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\R:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\T:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\V:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\W:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\N:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\O:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\S:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened (read-only)	\??\X:	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 4 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

HelpMe.exe69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

description	ioc	process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File opened for modification	C:\AUTORUN.INF	HelpMe.exe

Drops file in System32 directory 2 IoCs

Processes:

69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exeHelpMe.exe

description	ioc	process
File created	C:\Windows\SysWOW64\HelpMe.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Drops file in Program Files directory 64 IoCs

Processes:

69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Contracts.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.NETCore.App.deps.json.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\coreclr.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationClientSideProviders.resources.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClientSideProviders.resources.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.StackTrace.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Overlapped.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Xaml.resources.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll.exe	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe

description	pid	process	target process
PID 2548 wrote to memory of 1916	2548	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe	HelpMe.exe
PID 2548 wrote to memory of 1916	2548	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe	HelpMe.exe
PID 2548 wrote to memory of 1916	2548	69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe	HelpMe.exe

C:\Users\Admin\AppData\Local\Temp\69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\69ccfd5795d9e3745e415d8caf93e651_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2548

C:\Windows\SysWOW64\HelpMe.exe
C:\Windows\system32\HelpMe.exe
2⤵
- Modifies WinLogon for persistence
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4012 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:1068

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.exe
Filesize
893KB

MD5
d741ce622a91bd584aeab3307fed0bf2

SHA1
3eadd4c762aca8a3b285c8764eeaf30fad789152

SHA256
b47628a170b32dd8cc504faeda2f61dd39ce34c4a376fed7f1e7925f9d40f483

SHA512
47e5635cb4c4bcec658b8451d0540f55536c7da149e724b47c23e16fa10e167a43e764da85815ffa9b78ac1f4eb86f228aa2177caef1cbe9f110e6d06d031efe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
faac2a6bc3d68b495d7aafdb262beb54

SHA1
0c760bd228cc8b6ac18b76c062a0dfdeda8436c4

SHA256
eee0c4aae2cd44d3e48d9386c3561268b6da7c959dc7959a74fda57e692d40d5

SHA512
b620618144c1114ea24cfffda183db8d56b491378a882ba3fcc7c419d0ee7791a95626c71fe9bd39b717d02d925fb98367dbeedf1d9234975f4434a72eac3ca2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c2b6cd4838555cd39afd5a377da93eb5

SHA1
4cd71c311d1dc94286ea9836806cee3aabf2a923

SHA256
3620f6a782658814210f39859d0f15db7374744bb53883c068c6a469ad5ac25d

SHA512
7ef4a6fc19b6c38a515f0233a70c4e88a616f1410f1059a2d0300077810b2104fe8a8f2c64ec424d5de7709d5c0d63d864a02301d610dffdfbd8ee4c7a24394f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
4cc06c8f42325f90da98ce806c902881

SHA1
3d8910120ee9e004ea38a702f38ea7aa554b3f68

SHA256
9ff38c506c340c25fd474f41d0c46315ad68ac9ea8612956d4da12366f601932

SHA512
300a316919f5449884b96d7be366bf89c5bf08f6e6af6dae55bd04d7b0ef88be1a6dc61ba3661f814250959bb0c7d5680dd69b4e969f64f1b8d4cf7f19415872

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
69e645c216094dac1e91ee11e11c8a60

SHA1
d97513826bdab4369f5173dc3a19256e46b36e74

SHA256
68a1e330c4ae27c40736b5eb0b05641e2c3e9952ba593608772f4fb2ec6e4071

SHA512
7f562d843e3e8180bd59d4765a043c7c9f3548848f1c5f1e2e762db95fdba71e6238f5f1e5d8c0bc3c4f8c48ac77ab1b7c192c91f09c4e33e615701bc3d31bda

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
3690261b2ae75e505a7cf51394d551b9

SHA1
4fde487b42bd5fcc42a4b28d63ad6929431b7eb5

SHA256
c65d9e5cd7e56f5d83e99b434a1b5d1a48c24f2f17faab41c4b3549a475420c4

SHA512
204583cc48fc07b3a9e591cbb51c83aeccf9af549bba810c70984262a4fe9acbcd275635ba03932d66879e445ae78a66cae0bf9465116cd482df140af437fd70

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a09a0e3ef21169d9673aa8c0fad336f5

SHA1
f935deb40a978c19a18e572c0777ec29da03f60c

SHA256
003b03a5c3e6e68943aa1dd75b8c03b58f93f37c19a661eeb6cb12b419338591

SHA512
f89ef57e7af740723f5e693b34b31e6ea9f765215c98b6a7bb6d3b881881d55da69f6802cd87f8eaf494aace0b1d1d4e4eda0c6c9f50404cdc2b0f54ef9c32f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
4f4db1d8e33d8e8b516eff437854b5b4

SHA1
c076922966bbe6f4023ccf1557aef577f3089f66

SHA256
d7e5643c6b3e56b493dfcbb2d82475b79566b4c16a40a178b51e30248ed88fd9

SHA512
bf09049ea66d48616b72e4d777ee6af91967bd4ed1d4e1e75a5901456616c22f2467ff7b2e2a231097a8be0f1c3c7202ce5b8f98ea39810cc4518b9cf8577323

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
d121ff686b450bbdd860d51a6257a0f6

SHA1
6e7082ff6fe1d5e48dab6a69ad3ce517fb7636c6

SHA256
ab51991764a1ace50d55e06093b5459731cd3389207db21e79fda576a2ccdf8c

SHA512
58223cbb694f062694fb25442fe1a5bb022eac94304748436c8a2c9bfe678c60ef8148901a9b3f4a432dd946d854bbad254a79d6cc6d8dd2b0e885468401b1e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
74f15fed003b32abfe409e6f66468a79

SHA1
0e0a19352563eae1727fb63d7768d8374fe78df0

SHA256
c4dab42b0b20fd75bdc8a10bd18b27784c2640e7f5629380f362f8211b7714fc

SHA512
a599f33bfb073d6e8d49f21d8af5bbaaddc6cebac753e069d4898892bee12b2a8755c318209cdf3055f5042905c76f966085b024ea881c5fd92cdacb121ed12a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c27cdfc94f9c8116914e45685ebd3a11

SHA1
8440e81b3abd683ea46e50d8de0e5b960fb2e47b

SHA256
9df80c666360df72e7f139b94889bb5f0b4a36260438bc87f9a575e0d54851d4

SHA512
bdb02adfc54bb308f65cff745a855fefc194a570adfb9b8d539b89920bcea50398da7f9d15599ad1d7044c512388ae73c3ea8d621690aff909a7feb4d2dc74ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
171fe0aaf9395f78e1f5e941f9905729

SHA1
f47c0e18d4e8a36b4a5b441eea5117da240e0bc1

SHA256
0295b9dd12cc4b492e2166f5ca77f9ab72516de1bc49443fd71da5d0c18842d0

SHA512
ff75b505de5d9b9950a6e1b95d73c03ddd0414e0683da0d6d98284250573e3cd80de191ab5317c7f5c63aa9f80835768e78c03421b31cfb5bfcaf47eb3c97544

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
74a400f04dbac38cfeae4fa2ed6e3d09

SHA1
0d5b0a9186957dfeeb5c1f2e0ba09ab9b3a46460

SHA256
e429ff68bcbd70de1134f44fb05d6c8300967e0ab978da7992ae039dd2dc3fde

SHA512
ea3bfea185b14b3c95ae6c59818c20c27bc52e8bf8f83a7e7852d08404152189816bba5ac435f2ca18d5e96aff607bfcb08557370c8497b7a51b2ca5d13ee54a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
5657ae3334a9ab123fc47a9229390117

SHA1
fd14fabb5ab9c8699153cc06525051e9ff225ea1

SHA256
92c75993968da19bb768efbd9e90efd3722439d2a0336efa7e57640acf7595c4

SHA512
24ea79dfc9bd636010c034e4b2de8e33344772841959e9f55cb91c1dfbec5e7d7f3363e14837ee6af6bf11b3f91b109b9bcdc54cc71d9ea8a042c57056157734

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
3ec39fc30dc1bfcde2b13d5f92f2c583

SHA1
fbee4c6129b9813115d9ecb31f73a29bdff939cb

SHA256
4bf61b4f67760885e611dd7d7b62fb834857cefd2de42ff928b9f782eb74625e

SHA512
841a7b9987275464c627b9a76c76c0440d716032e51bb845d3701bb71671515c61145fede65bd326d1cdf09fb163a10b372a3cb44940edcab5c5f90f9682b438

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
d8a0950544896b1cde19d6091e53b9f9

SHA1
b7f69cb4ef16d283f89cd47eedbf413878ff404b

SHA256
187f2cc1a03ccd41cb74ce31c60241772d23530515734e16ac172c6a69c6c579

SHA512
05637ec1cb7f1c2d1922c1af4cfe744681547cff2180341d602ef86f9eccc739f9cbaad6df0a98507c98ecaec839556b045dee71260138933a21349d2f920722

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f58cae716d244941b88abec451440a07

SHA1
e8e904b80580bda3ff34ba546e35101cee6c7563

SHA256
efff46a41bb33db588678941e44fe4716c12d28409e96437b78fa0c3b081f7e2

SHA512
3931a8905a9d652eb79e9a255ad8afbf9f27f40fd0755db0a60ce104c197bb035197e05663240aa3ddd31493838c281ac2c575ccc7962ade474309c60c07f53d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
e4cc52adf713180c752ad3539edaceeb

SHA1
572927e78babd050bd3d2ed51ef62531ca6fb242

SHA256
6541eaf671861b9bd071d5a7f2234da0b92ef0ea65cce6cbf294e2f19e900911

SHA512
a4b6f0ff901c00c3f448501b28b35a20a7423138da30953ed326a7366f90cf11345c653133f317686f1f72de81d6193dc51b7a148cef2c889b8c0e14fbfd3096

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
43b612c8809fa7660b7c6c9f98f58916

SHA1
306bda24272f2981dac40895dbaa22df05e6d971

SHA256
305f2c586edb0f5b5b00bcf3f755592e4090814b328a3de5aa3ca942e739f998

SHA512
03ed3587c5bee6e9bee8ec0aaa38f4f96cf73885cdc8d11795076ba0c0ca2550991899035cc92d82dd25274b0519e2c19f9e7aed93e1f61b572468ad5b4e4a18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a1072884a542a3b8571f26bdf8dce33a

SHA1
ba37b2b8ddb363ff522fb11fd3ec37e0a65662df

SHA256
81fff9aa0af32b8d5c78f112c92c2ca12c94d95d2760e0a32edf37d24519655b

SHA512
b9acd97ec8edfeed5ac95fa416daef2f3e56cdd107c63dea00664f49fd21e470ef17889defda36e8e989d8500f869d95b437b10ead9b19fc3710d5a3eecb1061

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
f04bb4e92e4f400cc92e56c9a539673e

SHA1
e56a4d527f676108db4dc4dc74b234436944193e

SHA256
f39ba03817aacb20f08f24f71273eae05f7df9539eccc2ed670a5245d55e36e2

SHA512
c38e8cac7f0c8bd2ad9ea5144ad34ff130c0132e19cf305a45bb02af40220d1c13a4d4665d653d551d0512c6a1b252f055e35c826a772eea02d5f54bf3210838

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
77ff2a6b380fb0586caf19cf5dce9894

SHA1
6545a52646fb4f9cba065b5cd12f522d5e220b8f

SHA256
71ed00671d56fc7e2112c9f9c9838701275336e07aa15021b79821c27503a74e

SHA512
5d719b6d956cee1a77c068bc212ea713ca82fe88cb85f9594b3c1388789825d3ff313f6946e63a45787922adb2600c47c8b69bb77d87802edfc9b0e9310530ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
16f165a0c5dd5d98a8a130ce1a04cc1c

SHA1
0df9c098736463a514525f75209fb2880cb5b70b

SHA256
6d618b7bc2089a56f68ae32f3dc72cb25a2ffd358ec408865805bad7e9a17aaf

SHA512
8377b4d0e350144a60836368756322c77b326ec820c852dfd31cd870ced9fa9cbe594370a8e8263aebd6dfccff5c2d073130c0e59ea2d22c26cf77fb25550b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
4f9fab763be720196f7d17fee25c0c81

SHA1
cd2353a1190ac21baeacd67f27306f14e2ee913c

SHA256
68ab5b1c592962fc7807f29c6a182a96684e1aa95da2eae66ebea505ea04b0e8

SHA512
0edd7bf0d932d7a2c6075e069bd9d6a15afcf98959fa65b5b84538e77eae722e375cb8361592e3ffbef021427565f66d0866cbba62916523a9b2016a675d2103

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
8bf19de35ba248175fa9e4a07a16d016

SHA1
56386dc55f1ae51c945af8468828d07d4bb67ce1

SHA256
3d4f6d1a1baf0f2510249ff99ad8e0ee1aa6ef73dba5910c9363a469cbb55061

SHA512
bb50af5a20c9620d3850701c90a3564723c4bfee650997c84403dae6fd6eca9aea59e639932b5fd0d7271f99e840a422072517bab82461f5a5235ca13c9201fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
763ba6b878779dcc1adee4c3594bea56

SHA1
84028a4d34fc08da7f993aa596e2a5c989e10df9

SHA256
add44416e15b47761828ad11ea7af4882e488932bd2d4d95effc5c34b02bdaee

SHA512
b62ac8f618497362c5f861ba49d845755a6845afc68497e882b7eba3ec6c1ddc390a82ef6d39288a2198764ccbaf23c260064acebfed943578059d8fb2598cf6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
def90ae41318c780e02290ff80aae320

SHA1
9582bdf1f7f695ceeb70525a950db653ac7c2c0b

SHA256
398c50deeb4b9349df0e5ff5f6530eae3968f052de2a30888fc5f24d02380c55

SHA512
4a2642e4a9894fc25dd86ceb4ddcb7e3d96b15996e3c156b0140afb274bb73e4874d1e48759b8f90261c655341eb2bcb5dbab741426f6c52078b5a145a107652

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
75c89b79f81fe6c21d1655a80b782643

SHA1
2b4ee88398385a077529478436278c6f53d6d14b

SHA256
4a5937dc184111a39cf5c978acf09ca3707931794c8edf5bca146f8caed72ebf

SHA512
abb1e6ffedd5698b6ee5adeb26d15f4ec749434686b2e95fce5a1b6f0ef5f246f846b8387e374476ea68519933f9bf0938f8ba07bd4a5f5aa099f9bcf12f1159

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
afb875a82320057ff9a5d80e5637ff82

SHA1
9dab43286357c849377c24b8a8b5117d23df6aa9

SHA256
ec1281b7c340a10b18573ba2bb2858dcbf77c6d0de1cbff51ee45f3de688a08e

SHA512
f66e4e4a62208ea7bca1f4c7932087698422309e933dfa1f6faa20f22d5f1a52c0bffe0aca179a59d39c5eb7d86c48631d527ca66046270e91dda34169587097

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
ff325b91ce3a872558f477de98c8f22d

SHA1
aa1716491d57601d823fedd44fb3c1de30f8d0dc

SHA256
a5eda56af982bda567f147b18c581ffc040dcf238e5a8c65970cdf9c83e26a18

SHA512
b1b2cd5511bccbf9d05d780a8fbdcc554cccc44130ba2b27d2c3a9c3282aac6d3495f2a886c0d26f6fd1f59a1129415e4d0dad4b83ae0623db02e770ed5840c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
534bf2cdd13ac5e062536656d4ef0012

SHA1
ac70e2f35a398c526448b6474cd5bdf53b4497e2

SHA256
c09023d0a2a597706fd32ddb50331516ac38678b93481363af6e84b5f24ae520

SHA512
1508f4ab0263ceb1730479f23173e091d16c4eefa3c4abf46e0b551378f1afff70e1b28e1f3b5329dc93a3ede3eadf662e6920b1553294e44fbc4edc531e92e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
f8032667f0bf1cd1c9dccc4ef71d31b1

SHA1
3bb8cfd4551197875e0c760caef28c5f9d01f1de

SHA256
779e3703e9ce7207a56c2aabfd36c4c7ef63073bc2ff9a43c54a152b4f8e6adc

SHA512
d75d110c9d6461dd774d72359989d4b1095db5982453e1b83153f13ac1a20acf094eded87997398651c3b06ea89d29e62190d49f6d28e01fcc828d6986e2ef67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
a907687228ab3a51101a062378396220

SHA1
095fe5ecd32b3d2be7d7fc5dd250f3f574c6a2f3

SHA256
44b97c030b08cf4547276660a66e8ab81ebdf87600ce1cb4f0fb606461edf22f

SHA512
1ae7caf7c481c6e0fcb4b1aa7a2a525fcc1efb922adc4229a18d8e2b050fb74726fd6cc008920c1ad0bd52771379f2b7511dd413d210da6363f16b1d2fd0bc62

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
a6f833a4994ff95557f744248b97419e

SHA1
8eaba603a7e57e53363670195f6ca7dba3c34416

SHA256
bd9093ebc4a5096ce218aa2d7610ece4f44c03486b547dba23460f79a49f9968

SHA512
41f56ecd5ac5df5061e6fe670135b6a1277c9301020f558f1fa93550ece450e337592fea777d4dd3b2e1ab2473792b7b224a68c2229959e529e86d029faebb8e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
abbd0b63c68b5760ab62a8a0474b9a05

SHA1
b6346ad68e89a08db27bb00920b718b7b6a63d6b

SHA256
da02193c124e851259a7c99b16c3b370a969a4c0a3933e63b8a34dae1d01c1da

SHA512
f792a5aa9e29aa58e148bacff184aba819397cabe19890017f1cccf264b6654419f20c4d521128759c87130aeb0e638c5b463f9299022b5b6cfe935e645014b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
586f3321731d1e6da8bcf909df9fb7f7

SHA1
7d8cae22e5f2dd8d418ebad32c1518b0c3111a61

SHA256
ace21e61b89bb165a27b849dd83c828cf356de29fbe5fda80d3f5b1969c8453d

SHA512
ae55be9e8ab036a7a9adc34826f51b79302c8949eb28ff51e6c5ee18e2a345e8f1c47b4653fddd64fda9ea818bffe9a2e7751c2e39577385683b5afcd41034a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
5bc13002b086cbdde877491555e36f2e

SHA1
176e5954b4fce9502d5a36cb36d0060790cb1a40

SHA256
caac12026d9e811d0ef77a8a64f2a82cb8bda53019ea4b2e3bedd961963a9d6b

SHA512
ab55fda5d881b80b7f0175aa8caf2179f018f244930eb8e2dbff030537c19408cb18afd951522ab7aadbd9322dd8f7490eed07ca6e18b98aa0eb3d21637f32e6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c34ec8a475768499982b3cf24c9e9c7d

SHA1
fb5e39194442faf27b2d41a27f32cd47f0876ba6

SHA256
2e96f1578440a59e101644402cbbae862f4d0a2a3d8e183c31e90bbc8b1dc1e0

SHA512
8416c77902eec41e77ecead6be3d2315f4f6a66278dea385684ac97730766ce3d13e726dbebd4e98995d34fca21f611e3db07d234b79b3bf63c74212378f0779

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
00e8afa5b881766ae7f57cd94d5655d7

SHA1
a62e5f1b9ebae1fc63beeda7dea2ab10ab8fe56c

SHA256
90c3e6c2c5daee570c2ce6a739895f0a810d6625f45c37d41dc64fe327221d0b

SHA512
860df1701dadad92ae671269acf53ac0a6f696ad4e4a62b2a2e07f807295ed8fc19224967b51641ac7ccc4e463916b55fcc5a4721c14c27f44d34fdc14fbc11d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
9c6a2b620c197d94eb8f82ee411262ca

SHA1
11e8ddf2dd4c45fab648b204ab3d05fc6c012c1b

SHA256
30b131bc2cbf0b7bfd7101ed595c8c331b71bd190fd6397580620cdfd3b033fe

SHA512
a52dccb83fd302733d7d928105def3102a023202e1e87026411d2ddca3290d3e3cc166ab1a8c0821ebe0e8185df3f537f12be4a00cec5eaf12ac96948df940d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
9ed5bbe715a485795a01a23c247913fc

SHA1
59f698be0d1d394b5040f56c8f1a5091b944ce3d

SHA256
b62760593a9d29efeda61550135831b6fa618cf97f1da5cc61d79b9d1fe89f11

SHA512
8c35e46538ea2e917d65e19f9529d448b8640f3df1c6cdf27484c95a3c092be32077a3da0a0a1dbe74b37df0e905a918e2ca7a051ac658bf91f8c9c50c86b2f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
17e44da73a8f30952d6b53b71b541390

SHA1
4a25b137cfc3b5d507c634baf0a4da971da01993

SHA256
b64f7d52b78be584132946a5820f3017b91e1021f54dc7c93d19e17a5b942ade

SHA512
70d4b50a5910f17b5be89ae28ce662b2b15f20b93050c2f7b3124104e6be5aed6853edf1a073ab7758310c47979c563c4557d749334c69fdb5062a508c82e63b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
6edf80e14ecd1451afad0d152d4cc54c

SHA1
fd95a97b0c4707918797f6b5c2f7a6d5774c4217

SHA256
ff03e2e7b03d4f96e517b1ffdb6f341bd1cb0e2a7b081986b5e7dc81454079ac

SHA512
9d79faabd8e182f5a6e1d7a466ce5e6427c212c5d3b986da86eca510d1caa13f8513f56432106476860b77ac3484ec90bd67eda71c02447d3777ac116dd8e379

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
c61cf7eb2be623a6af696222aaaeee31

SHA1
07e914a192e4a549a7e8c4db14d7bf4c044b23ca

SHA256
b753e09fc083bb70e2d7005a9f5df0897f8113e26f0cf0f5aca205de9c8784e2

SHA512
ded1848defeb7f0832873402edef70a613f17c5446133bcc9ad4df9c89635dd51595c51e38e66d6e0904bb1fbfcb8103c7909e28d80398d27f1c35dde96be9bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
84bb276a67083132b3afe2d11674591e

SHA1
98a060da797b466c43073e248eb597de5ba8f28e

SHA256
8d3d20ebd3bd37e5ac74de0dd39f318625ff870f992d02e11f0b98aab9b098f4

SHA512
ca04462440208624233b1771f18ae1ba255b9abe1951e81e0fbaac131328ab8a3165611692cfd420e62757dfe86fd2648360dabef3bf36aeae259d1979d9e302

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
aff0876ddd9cddcf9ac092b1651b954e

SHA1
b00a36fa49b064d5239c2abd469a40bb11d8fa61

SHA256
f9a74584fda0b4303f6ab86dfc69f57ca42e8b752d1575e033865763f7f413a1

SHA512
d9b36d1c241dce100f79e4e4957c28b6f261f3bed5fff1cac4ebad25d0e25a4e43e797ebbc8e84c01889414d9b69f382735437ee7b974f10481820ac6c289d49

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
2c79a3391f144d476c4ff4313056a952

SHA1
167ae23a1787c67a7f3bf41119c522de35a1c0cb

SHA256
a3e495ae7c482a7ba29ca2798a79a9739cc7da4b2598098481aef2ffd1fcd214

SHA512
30e5bf56fea2abfb28253be6868bc3b90f6d35ec4f894cfa21dbb7ed8acab0b9d8e91ed387115d24dba5e70df02dae4f1000198e7932cd04181975305ae8a821

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
9c5844a0b0db5bc2a69be5c5f9059a17

SHA1
823e5c43b6e14f0269d676d5d5fa5dd07dd8c2ed

SHA256
2fb14bd70c87977300dc6922c59d1dfa318fe7408e55908513620de31e7f51e5

SHA512
05c37a79776cf7e834bb868483a85537788fb45c56f3772de71f41d3a628cdd0c031cdad6deedcff8da2dda37896dee29be946e234af10f88b94bb476ecefcb0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
244bd31e2fab97a4ddb8df27bb11dec5

SHA1
548ed156def136cb8119fbeb5673bbc6855fb090

SHA256
51bedfd59ae0c189d06b3d5724c000e66a578ff110357e83e4425490bea9a8c9

SHA512
7b88607e71e299bca932ae5dc5e1c97ca2197437b096c385c4beadb90b3c8e56dc4cd3e2cd992579c05af4ea320d6486bd002abf8690624338e658a917718b18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
1a13aa75ff19ed1ce7cc06da2e150700

SHA1
4911af0b4bdf54249a29ea7b167b6bf7b2b5b3f3

SHA256
cbaa9336f09781fc4cf35cf30a3c58bb472b4c22a1b17f5ac0fd2cbea0437c2d

SHA512
e285067c38c3dfc85bb8d18860c76f4a08e7d539750bd3fcbec1b5c4d2b6a7ce5fec9663e314107ee5fef55ac0522c82cdf86c9798fb813c41cdcebb5cbf1fd2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
edf86ba9f834146b0619e6ff0c18c0e0

SHA1
c34fae4c09b5158dae44f9eca2cf7fa7f77e0034

SHA256
128595f4c12ed0f1db70360beb0c7e950a8dd41c6d180cfe12bb7e5ef93c66bf

SHA512
ac62b962c1fd6d38a0e300782a4d239ac41f41fa6896275d6ff35f6e97fe63b7dfa124757cf4a9e727426227815cc176c08e1415fb3b9a1ec379255c4802b63c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1023B

MD5
08095e76d42dadcb73da9183e6e0eb7c

SHA1
1cf2410ad8ec326a97bf33182e61821543f1aaba

SHA256
4ee7db235196fe88429830f7929bcab9fe144d631b73a5a296dc4fa3daa7b4d2

SHA512
283f62159c9f3f9744cb925430584487a3247bbae412662110e06775883ee4a6fa0438e3ad302e417840d7f1a62037f9126e8ae19e39730351d0bcb979c302af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Filesize
1KB

MD5
0c8597bebd1befd2b144488f8d730d5d

SHA1
8487b2673853bd7689d52064809112bbc85f3a14

SHA256
6142ea2605859044c5a96b3def87d6dd0e83327a87e1f95026f3d5f7f237461a

SHA512
83518c8b246c70a12c98c6cafb0517c9d48ef1ccb4cdc6944846d62fd70458242a072674654e9d84933c51246652664419a4c21316ca1ddf502a812e7631ed81

Download Submit
C:\Windows\SysWOW64\HelpMe.exe
Filesize
876KB

MD5
914c01e11c4bc89b8a0ced7b5523ad68

SHA1
33a5b68a34b45f2b6ee562388a1605392d2fa028

SHA256
3367ed41875dfc41e9e6db08cde1610f5217b9ec4e5a2fe787dd247e2192d1b0

SHA512
c7f6206d688b050f3412a83cf9d1522497001ca9f3a98f1f1d7a2da7d8031a83d4fbf197a68cbce27b6f9170e34d789b5b5e9ec2db305eea5849093c40c85c2f

Download Submit
F:\AUTORUN.INF
Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AUTORUN.INF.exe
Filesize
876KB

MD5
487a7bc6edf1ced366aa1a7ecb40e5c3

SHA1
5af47950152070cd9ef3e629ac1352cdffa454d0

SHA256
194f1dc9e825afbfdedc0b23d362421dfc729223bb5ce46d348ac82ddecf7c0e

SHA512
84820205a4c3adeaee0435449a1b66defd8214acc00b3327ebe903e4ee3ca6f1cdb514f3478226a9065b388d19fe487d8b71c72a6b94c4dcf13ce727faaf0a3b

Download Submit
F:\AutoRun.exe
Filesize
892KB

MD5
69ccfd5795d9e3745e415d8caf93e651

SHA1
4a453a58d3400e0d5874568b0688f2ecd9750356

SHA256
1c6af250f77229453db7d19ef763ef3e3deb8343f215f32a063fb1f0ee917405

SHA512
eada8d725eb59022133030b6c02062406e3be06a137a8f3abba785cc0e6d75abd60d643d17333560965221f021b7b326eb4463c5b14e008383118584a867558a

Download Submit
memory/1916-3203-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-6052-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-3978-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-7674-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-3444-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-4582-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-6-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-7-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/1916-6982-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-121-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-5282-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-2234-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-394-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-6527-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-1376-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1916-713-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/1916-850-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-2547-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-146-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-949-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-496-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-399-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2548-1709-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-6695-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-5531-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-147-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-6175-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-4182-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-7159-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-8-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-3220-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-4789-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2548-1-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2548-3695-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download