clop | 6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93

Analysis

max time kernel
151s
max time network
164s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
22-11-2022 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
Size

451KB
MD5

07bc722817c1aaaaf06a7a7f2429b7be
SHA1

fbd06cab5fd64a2095b2a0c8b559da0dbc0d98c7
SHA256

6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93
SHA512

5bf8f877022900eef17fda1ed3b5bd2d9b5939186f44e291bf53b751692f57f6138561eb90ec27bbbfb470baba6dd2b6713b79aa671cb7dc99a37d04725ce391
SSDEEP

12288:pK2mhAMJ/cPlFjVqrZAcxGBu/WLQDoGj9ZIk:I2O/GlFjYAIGBu+LQ8eL

Score

10^/10

clop persistence ransomware

Malware Config

Signatures

Clop
Ransomware discovered in early 2019 which has been actively developed since release.
ransomware clop

Executes dropped EXE 3 IoCs

pid	Process
1832	jingling.exe
384	jingling.exe
1764	jingling.exe

Loads dropped DLL 7 IoCs

pid	Process
1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
1832	jingling.exe
1832	jingling.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Windows\CurrentVersion\Run	jingling.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Windows\CurrentVersion\Run\urlspace = "C:\\Program Files (x86)\\spiritsoft\\jingling.exe -h"	jingling.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\spiritsoft\谢谢.txt	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
File created	C:\Program Files (x86)\spiritsoft\JLSetup.cmd	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
File opened for modification	C:\Program Files (x86)\spiritsoft\JLSetup.cmd	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
File created	C:\Program Files (x86)\spiritsoft\jingling.exe	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
File opened for modification	C:\Program Files (x86)\spiritsoft\jingling.exe	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
File opened for modification	C:\Program Files (x86)\spiritsoft	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
File created	C:\Program Files (x86)\spiritsoft\__tmp_rar_sfx_access_check_7080573	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
File created	C:\Program Files (x86)\spiritsoft\谢谢.txt	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jingling.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	jingling.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\sportidieta.ru	jingling.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\moydom21.ru\NumberOfSubdomains = "1"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\indimusic.tv\NumberOfSubdomains = "1"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\indimusic.tv\ = "67"	jingling.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\vtop21.ru	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.bhaskarhindi.com\ = "29"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "55"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\evrookno21.ru	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\vimeo.com\NumberOfSubdomains = "1"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\proavto21.ru	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.oneptp.com\ = "63"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\indimusic.tv	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\oneptp.com\Total = "63"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "185"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\assembleiadedeus310desantamariadf.com\NumberOfSubdomains = "1"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\evrookno21.ru\NumberOfSubdomains = "1"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\naukateh.ru	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\oneptp.com\NumberOfSubdomains = "1"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.oneptp.com	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\indimusic.tv\Total = "67"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "87"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\vtop21.ru\NumberOfSubdomains = "1"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "1"	regedit.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\enciklopediya-tehniki.ru\NumberOfSubdomains = "1"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "118"	jingling.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a94fb612fed801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\evrookna-mos.ru\NumberOfSubdomains = "1"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "217"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\User Preferences	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = "http://www.xiuxiuw.com/?ie"	regedit.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\bhaskarhindi.com\Total = "29"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\enciklopediya-tehniki.ru	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\yastroyu.ru	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\kuhnaidom.ru	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "150"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	regedit.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\bhaskarhindi.com\Total = "55"	jingling.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\naukateh.ru\NumberOfSubdomains = "1"	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\basseinfor.ru	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.xiuxiuw.com/?ie"	regedit.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\command	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\shell\open\command\ = "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE http://www.xiuxiuw.com/?ie"	regedit.exe

Modifies system certificate store 2 TTPs 29 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e309000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee419000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	jingling.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	jingling.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	jingling.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	jingling.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	jingling.exe

Runs .reg file with regedit 1 IoCs

pid	Process
1060	regedit.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1832	jingling.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	384	jingling.exe
Token: SeIncBasePriorityPrivilege	1764	jingling.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
268	iexplore.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
1832	jingling.exe
1832	jingling.exe
268	iexplore.exe
268	iexplore.exe
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1764	jingling.exe
1764	jingling.exe
384	jingling.exe
384	jingling.exe
384	jingling.exe
384	jingling.exe
1764	jingling.exe
1764	jingling.exe
384	jingling.exe
384	jingling.exe
1764	jingling.exe
1764	jingling.exe
1764	jingling.exe
384	jingling.exe
384	jingling.exe
1764	jingling.exe
1764	jingling.exe
1764	jingling.exe
384	jingling.exe
384	jingling.exe
1764	jingling.exe
1764	jingling.exe
384	jingling.exe
384	jingling.exe
1764	jingling.exe
1764	jingling.exe
384	jingling.exe
384	jingling.exe
384	jingling.exe
384	jingling.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1832	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	28
PID 1716 wrote to memory of 1832	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	28
PID 1716 wrote to memory of 1832	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	28
PID 1716 wrote to memory of 1832	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	28
PID 1716 wrote to memory of 1832	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	28
PID 1716 wrote to memory of 1832	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	28
PID 1716 wrote to memory of 1832	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	28
PID 1716 wrote to memory of 988	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	29
PID 1716 wrote to memory of 988	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	29
PID 1716 wrote to memory of 988	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	29
PID 1716 wrote to memory of 988	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	29
PID 1716 wrote to memory of 988	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	29
PID 1716 wrote to memory of 988	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	29
PID 1716 wrote to memory of 988	1716	6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe	29
PID 988 wrote to memory of 1060	988	cmd.exe	31
PID 988 wrote to memory of 1060	988	cmd.exe	31
PID 988 wrote to memory of 1060	988	cmd.exe	31
PID 988 wrote to memory of 1060	988	cmd.exe	31
PID 988 wrote to memory of 1060	988	cmd.exe	31
PID 988 wrote to memory of 1060	988	cmd.exe	31
PID 988 wrote to memory of 1060	988	cmd.exe	31
PID 988 wrote to memory of 268	988	cmd.exe	32
PID 988 wrote to memory of 268	988	cmd.exe	32
PID 988 wrote to memory of 268	988	cmd.exe	32
PID 988 wrote to memory of 268	988	cmd.exe	32
PID 268 wrote to memory of 1304	268	iexplore.exe	34
PID 268 wrote to memory of 1304	268	iexplore.exe	34
PID 268 wrote to memory of 1304	268	iexplore.exe	34
PID 268 wrote to memory of 1304	268	iexplore.exe	34
PID 268 wrote to memory of 1304	268	iexplore.exe	34
PID 268 wrote to memory of 1304	268	iexplore.exe	34
PID 268 wrote to memory of 1304	268	iexplore.exe	34
PID 1832 wrote to memory of 384	1832	jingling.exe	36
PID 1832 wrote to memory of 384	1832	jingling.exe	36
PID 1832 wrote to memory of 384	1832	jingling.exe	36
PID 1832 wrote to memory of 384	1832	jingling.exe	36
PID 1832 wrote to memory of 384	1832	jingling.exe	36
PID 1832 wrote to memory of 384	1832	jingling.exe	36
PID 1832 wrote to memory of 384	1832	jingling.exe	36
PID 1832 wrote to memory of 1764	1832	jingling.exe	37
PID 1832 wrote to memory of 1764	1832	jingling.exe	37
PID 1832 wrote to memory of 1764	1832	jingling.exe	37
PID 1832 wrote to memory of 1764	1832	jingling.exe	37
PID 1832 wrote to memory of 1764	1832	jingling.exe	37
PID 1832 wrote to memory of 1764	1832	jingling.exe	37
PID 1832 wrote to memory of 1764	1832	jingling.exe	37

C:\Users\Admin\AppData\Local\Temp\6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe
"C:\Users\Admin\AppData\Local\Temp\6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files (x86)\spiritsoft\jingling.exe
  "C:\Program Files (x86)\spiritsoft\jingling.exe" /h /r /t /b 39810439,40471534 /VERYSILENT /SP- /NORESTART
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Program Files (x86)\spiritsoft\jingling.exe
    "C:\Program Files (x86)\spiritsoft\jingling.exe" /idx=0
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:384
- - C:\Program Files (x86)\spiritsoft\jingling.exe
    "C:\Program Files (x86)\spiritsoft\jingling.exe" /idx=10
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1764
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files (x86)\spiritsoft\JLSetup.cmd" /VERYSILENT /SP- /NORESTART"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:988
- - C:\Windows\SysWOW64\regedit.exe
    REGEDIT /S "C:\Users\Admin\AppData\Local\Temp.\DefOpen.reg"
    3⤵
    - Modifies Internet Explorer settings
    - Modifies Internet Explorer start page
    - Modifies registry class
    - Runs .reg file with regedit
    PID:1060
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.xiuxiuw.com/?ie
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:268
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:268 CREDAT:275457 /prefetch:2
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\spiritsoft\JLSetup.cmd

Filesize
1KB

MD5
4b5b1c981e34ffd48312751eaed2bca4

SHA1
9387da794c7925f3fbbc43d2c70c9c8e4c91bf77

SHA256
995e45f157d2a96e6c1539885194cc9859028c77e111518f547f224f256feb3b

SHA512
bbe81ed5c07f03e84e2cb7d59f64ee83e46c9aff0b92a3977f5af495c7b854c430aa634aae16a245227fb6db77cceabe3572803cc94559b7013b31c1c7d7cfbc

Download Submit
C:\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
C:\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
C:\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
C:\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
c0698f6f15359b7f1c4c972f4cd242b1

SHA1
b6327cc9cf516f34996878f7d585538b6f31b405

SHA256
4f410cfba579b69f70d1a83feda01f492d2197ed257ea2ab8f0ba4f62efefe33

SHA512
89e5449562171536549ee2abd16d8f82e484bb4eb3434f13171be97b781d9b68a40c6c799744c8200840670a97c6b151bb13c95474e5ceda61fdde492238d2b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
be0ddd306e183b1e529ddfe41d60c950

SHA1
edfb69c6cc06e1ff583132755a8a2307b81df64b

SHA256
3fbf0a353999bef2bcb5e861a62bc439852a86ddc102afaff817de686b35edcb

SHA512
6c7b1cc40ef4b0c45133487538a0e8ebabe2ae80fdf4ba39098a7fa29bb2f4f87b242fb723434a82811d25e652d31655574ac239926c5a47afc43079d8820d33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
be0ddd306e183b1e529ddfe41d60c950

SHA1
edfb69c6cc06e1ff583132755a8a2307b81df64b

SHA256
3fbf0a353999bef2bcb5e861a62bc439852a86ddc102afaff817de686b35edcb

SHA512
6c7b1cc40ef4b0c45133487538a0e8ebabe2ae80fdf4ba39098a7fa29bb2f4f87b242fb723434a82811d25e652d31655574ac239926c5a47afc43079d8820d33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
cd1d3a29437ff43c17a4ebcf28ea95d3

SHA1
3cf738cf200e05cbfbb9974d1432563e7d7a211e

SHA256
223967524c9d7ecf9bc92bc5e1ef6f63610b13580f0505605941673590a8ba5e

SHA512
8fb30e4f8e7d3c7cc31fe6d2b2468c5431a8e3f767ae8cdc040236b76f0c750abbfdcbb897ce249dbe0c32899a4761a0c7ae1d821a817562bd4462dacfba937f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
27149764f2f0091401d046e45b23a9db

SHA1
6de059e79b5317123362d3f084cd9c180ed49e15

SHA256
b46ac8e031d739cf6a969908fe1d98554aaaf0ff18638202e32badbff981ace9

SHA512
6e5b16acda35a4c7d7942a4e0a126fc78f53627881ca43d2130837cc758ad3f5c26bdc66dd7876d8ac6b7b39092b22c0a6d44bff93fdd75c7474f43ef2b893e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
94a3332480cedc62e57767726b2adf6c

SHA1
e14f99bcd8cffd8fdf73fb5cb7cd734088cba6ea

SHA256
fe0b25f0cec418db64d41985cf8a5f7156891d2c80d60987777d2055703f8825

SHA512
61d6903c2f3a12d4836cf13df58997cd21e0dbe53f34a132bcbc61471eced364578120458306fe9318009194bf5a9dca335c79b14f28b313e49f8cf0d2005f25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
9ca5a20aa042c2def9c090cfa88f5d86

SHA1
e67d0fbd5c0bf804cb3f87d7666d52a43e8b6157

SHA256
39932536580e1ce08cfe5966216d839dbe9c72002749d36ce43824b74970ad9c

SHA512
22f8e070b8c35d43ea71ee2dedd71a3f4e900485b9f629da21cee1e78e49454e28d8034151be53d276580a9ef1c84abeddba684f1e715c8c4b42a2c678066c13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
4abd11030bd939e1c77f6415f9792401

SHA1
b3ee295ab83098a27dc32cc0d48f3f330c8ab050

SHA256
9762010d9ca5a2c9da17958a2b3b27a73121f5b19d7afcbfb28d071feb4ac317

SHA512
d89b7c9c72e24c3ec8895178aaab9634bac6af66e049802c4ea93595f45a1cbc74c02c8d91c4e723e858c3276dc89b1329def893f76ee86ffe410629c451dadf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
54807f7efee5c96c8c8dfd87dfee8c3e

SHA1
21a7d0e416785130076faadfcb5ebce7b876d5ef

SHA256
8ca3293568b1d78cc5916359e93d45c6dad761484d7349f711a726cd087e1f83

SHA512
663a9e1389d8c41cdb23e300883cad6cc16b61747467f9f013b0f061c68f93083daed964019148e01ef2ebdac8a31c44f8102d312a6c6857cc811ecb442045c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dd361fd745033b6a382186d29eed246

SHA1
f064786175408f15a4a185f858094276fe4790a7

SHA256
fa84d75c0d603716b76f96c8d161e74dff3289db4ffab9939b783efc7c74c627

SHA512
d0b62ee42fc09a4ec2bbdf9e49a2be729f43d3a1f84a8d3d67b7e0d7bc66362883d5369ca9e50f71073cef46019b884892f25ed4be62a3eecd184e63fecaab4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a520fd789ecc9ac072ad4ec790063ccd

SHA1
39f33cda908bfe484d0644db93e0038ec1355a85

SHA256
425ad43b2a1fc31ecbf4398c3fb71d3724c2d909fb20cf329aca649f65b4853f

SHA512
4e36c8c126c6c52341116e5deefaaad691f8337fb566f0d0c2697594c6dd7f1f7e4913c7e049956b63efc08d3bab338b824aa2d212baca006020419b3ffdd734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0b936ff46f43ca4381ac02f0b166039

SHA1
ba97fa8ef1f254ae460891cba054ddfd41251fe8

SHA256
d7d7b0510312723d9b6d9eb78a77843bb6ad6449674f701c311525c81634c0d7

SHA512
22a73b7f555d19625a8a52060055553e1298bf8744c1d660d6db3c8b5089f68738b4e9592d48d138d9957dd30afded09d91fa625366e2b8b81ebe93867ea842a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
955fcf043d5050278b26fd565c6a2816

SHA1
72f4e065ec990a93bbd1fcfdd98f225a84d94c62

SHA256
8ee56a43119d931af669588ea127b7918fab42e40c655ad7f50e51c22e1afc00

SHA512
5f5e6963cac10f349c70f649757b34610724f5a94ad3e045818d3b6993e4ceebf049ff979f0acb9ad56ba561ddcf28cf906e222f1f299e9450402bd4ad0f6050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b572f0ecea37e9a8c810f6f5424025dc

SHA1
5510567339ba17d3a47434a89585df386d2b8dab

SHA256
e0a816f379dbbd95d05b30958d3e5bb101953cdde97dceb8e1f9694f72bd541a

SHA512
7cbc481f4a30925cd626c932a882cdb44ad49402ec59f962bc0b2683647d2f30fea3d16f45e587f27df6fe51122f5c534443825fe0ca588fd16477c63d9d9e76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfc322e10c704fc16f9437437d6ca42d

SHA1
be329afd3a32dd0a315e307244eff0a82dbe6511

SHA256
cb88b417e156fd6e8b4439d6c0a669b9b03b1d0d4b317a1236fdc7087ebe7982

SHA512
261581ec5b99d5a3f622597acbaeac7e9b6003c7c3f1b874d3061e93c8a257d7c160fcc58f28796cbf93c280e26259eba8921ec207f21148b9ef1656828bc139

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66abb6c78136a0613eeee1043820a53b

SHA1
55ad71ec427991d36e17552c9945b224d8ad227a

SHA256
fbd0cdf30d6245c62f31a43ce918d2806fb544922d67df351d1617b96df7feea

SHA512
bb429257a484d5737d85ec22df3f4eb41e862647d2c21416cef60b9747db3f2ad3fee08ed37c8b4720f575ea686e24c5afb90e1a15af6e53aa062ca3424bd999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3370f730bda3ce13c472a6bac4d05939

SHA1
8bebd46ffe738f00b7f247eadbfcf639259d814d

SHA256
df2925ae9a441b6af0a9f6678af3fd7643202a1b8fa2915bc88a23096f2cb133

SHA512
2cd715b9c199c41eacc83d7a2b8518fb03dfde0b8377d8dbb38a57135fce8aa8462cc2f6c04ea4fffb38dd09f30599f793fb585b9271be23137d3199999437b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab5ba6e7e9bba10463e98d92f1d26678

SHA1
77f0c65d486c97b12c4060108a7d52903e757ed7

SHA256
826ffb42ffdec1f1b02f791d75029d027f2e1b8079ab885d56af190f6ac8cc63

SHA512
f321ae46fef30bcaff9cd3e6e2e1733f89d968a0f83f9cc94053bcc410a6da70ab8e87d674a4207ee39fb98015e0725785ec4ad558790f71e0b7bf84efbaa105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40a7fa1124472f2a73e1685bace61262

SHA1
6aa46d0f2ec2f2ef314f5699c2d5562603715314

SHA256
1c4dddf6a70b5aef4c9fc74213ab3a7c2a6378c0e251a57e80d6a6d38f11fad7

SHA512
0c2c278072bcd539ec77ce4c2ab4a048d26e425cc191911e2df57b155c73cc5368527b9ea5a29acaf80e7cb0c0a1bbb5d74febe6c5b094fb0ee65152d91c332a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
482a287734848aa039d02f6c00f50623

SHA1
2a8927eb2305e61f7c3c12792a2467a7d9ec243a

SHA256
56a8e6a80b7927c5381b8a88a79f262e59cf98db88d85a0277fe12d580826c32

SHA512
0edc68dcb6793ebb856d33131bce4a34d63458ce1aa25b13a70a4f787e8f166f1c323aab1322932a342ac4574d73ad6e3dd8e9082a6f591dfb07339fd4f81cbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b50df5fc5f852a9e5b91c5e4bc396545

SHA1
8d78328aabda14a599d0a931d0c1926c2e21d052

SHA256
3d4db023bf00cb08db0701dad408e5de552511528b98f19ab2f7bca7de4dbf1e

SHA512
c2b5fea3e4bcd40222df5c1e953494396bde7de153db60e76986fc6f5f2d87cc189ec383acee4e48df61e29012145ae642e30d6d60deb766d0e5eb8ee48e0f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
273cf941319c970d007cfbb1f9a001df

SHA1
ee8969d0c769c54a489588a7a48f244f254c3664

SHA256
ad74a7e94ff95808dd6424d95b5b1abe41378a31fcb78b05469001a58cbfc1a5

SHA512
7a6325a72d08b3a7f3fdd1e4d1a377f05cf120abf7fc62039fcf70ebf87daa3ac848d0c503aafc99873fd1aeb65ad6dd0b17ddba1747150da21be478bef22127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
983190963fefa4dbbd2b9270a92c4759

SHA1
66507ae56c128b9b55ddd19878a626ac165669a9

SHA256
ebd995db09231610a6afc7818ca7f3509965e7fc024a8e3f9820e0d423d349d8

SHA512
9cc3ccb16324c25192c34d03c42918c5ebc57d059bb0ca779cd4cfb3d89e3fc6109c4e08869f1c84565338aafbd968e7779179ccca81f2aacc9e6c4a75bc9197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
949df58172f0080b188571936e3617a9

SHA1
d7246c618038ec8eca534c6d2bff228ea6807854

SHA256
862ddec789ae7e0dad155c4cbc82f177185c833b93d150f166e6c31f1e4049df

SHA512
1656b75354c622287280f007a775526c91dc705eea7018e8a22e37a312dabab8edc3ff608a1c3160438d98c2f567404bdc84454fc84aa596ad7f9453b563ed67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fee07392a67616385d342ffe6b2aac81

SHA1
88f9ca43a34da9698f26df32c51400c21648c254

SHA256
bd4646b9c0c05b3fe5cebd7c2a6b8bd4ff0b8b3db80d993366901a82c166cdeb

SHA512
09e6c1cb199eb846775715a8717696525ac5a3e61c068ac703198e3e1bb61b5809b722f021178dd803482234cd5f2240f27d4e9b987e72b010d931e97173606b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c69baf67d3d9f74c5d26b5388e73f4cc

SHA1
a7a87910edf3c70a691c5653efe832911a1bca3c

SHA256
1de3acfccd4ce5a4abd1f72db79d5c768946f82ddd1842f23ecc8efeb7690902

SHA512
8d15405e2daa90fd535f8b5236ee9454b11ef6b19b618e0f2cdc3bf2255643c6e5729ab2fae98a02706a23476b34386bdd1edcad1613fba29c6995f1c1340f25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d931a40a6055e7c94e226f9c84deb33c

SHA1
5232ab6f985a5b27752fb778758bb316e0359897

SHA256
ace1f65956004554b556fd014dae99720a48ba708c6ec8305e5ef622fa50f203

SHA512
9f2b0a8b7cd1181a39d85c0d104cabe06acd6f63ab6a01d40cfc8a6aa26eaf9b734eb33a9d6ee07e8d9e41996c278c781bfacc9a232ec94c0e7d3d4be2466fa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64b0acbf377271fd08d86eb9aefb3a29

SHA1
6f70523e6559698b85385978324115dbaa3f9e9d

SHA256
e5741ee3a231dbed12c8b8f9315589f8146d32d6bc78adbb303ca85bfa1a8447

SHA512
644014bec09ec8b1c6e4cd0f2f3975a82d664efc332ec29d36bbfc936ccdf97295dbef67f571ba8899b342421a6aaea58bbb85190ac9985e25140270455942d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eb88c99dc677d34a0af2a62c1a71afd

SHA1
11b17f073a66d82f20ad34c90ba8bac528c9894c

SHA256
81e772c40c1d3caa0f11d31705c61d7d809d2fcf4e28169311b4a920e306c782

SHA512
4fd4c122445703d61e2d1133e1a7408e1d561167084cb2781a0150c36c8b3f76e1abb0547c093663ca6c741d6dee84c92cffea021b08bdd5c239d61a4917c86a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47955c708d61dbeeb52cc8e155b0e4dc

SHA1
cad033bcaba8b74b7ef83a2117f0af5d6680bc9a

SHA256
83e8fd95fbafe086535507b0f8ad7cb4953664dc95850deaebeea905c158aeb0

SHA512
d349f277b699475e8abfb6f047167d1f12e64a0dc62790682f96c88ded0be1717c93cb309a4e845a4ad1410618c59bcf70654a5b7f46142eb7597f5888a05e21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6dba087b44eebda800d1af6ed518167

SHA1
873df9613ef7fed113467c908f34497b9eff8a0a

SHA256
31e2a430673bfec0029b00a2e6cdfde6a3cc4e3240cdab4e44e4510f3ff1ee6d

SHA512
cec6ed287dad6f78cd53b02201066ebdd60a112534b19f8c9d9562b9f71a071c8e2f2129d959cd5cc6f46bb75203da1826f9acf1c1ac3ff17da17b5a2d3f5964

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6448f6463de575cd72f04412b75f14e

SHA1
9d2d705bdfd8427b3d106e7ac2e24e65c21e710e

SHA256
d20a47a4239b964ec7cce5107ecd996746ba285ac88c739cb8ddb276e1767940

SHA512
bfe7b4dbce8a0dab13ea0143c04314d2375127e130af78719813334828198f0878c86eae8a3397632aa0622112465d541e9187e99555dd60403fef37e5cbb485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6ffc79076b2ee599af96661d19f1878

SHA1
42b231f0e0c5921e1494616c780ab9bb644d66b8

SHA256
ab8651b95680b91ea704acd8308cecf021c9e70873032213cd317426f013b02e

SHA512
e206025eb2e9f6ede37912aa8a20d2166c5d0f6aace087d4d66fae4af07fa19bd3a459d171f7b3add944b1c0234d2083c8809b79e577a9df14f07d1272525f89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
daf4bfc62c47c0b2c168d6d02099f023

SHA1
e92996666a657c05b9f7521e3f92d0761ca1cba3

SHA256
4ead3433689d3c3720cb2f5eccff2eea01dd65d1369370c872c2ee4c5b444005

SHA512
83502e04fff67731270d280bce74d28aa55ea62e60cc328774d1d82598dcff662641355bc7cfcd4c2453e0c0a2d4c3d564fecb0154ae62e6d9363f22e9aa4e39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84d411ffbbfc600b14a9f9c89418360

SHA1
2333db89bd40a03e563cf229b584708238a3fb03

SHA256
9fa1d5677fe1ca798ba528d9f1e049df61a3fd87ed2f8fc57e86e094997a7d27

SHA512
2e5a9e99dd1f83f64e3d84477f28cddf16c64fcab49a4f06188c0cc098ec76cf9b8d7fcba7021db787abf705206f060f01c7f3a093a388569df8511abd2c61de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ea51e827409015ac3c60988454fd999

SHA1
df4f993e147bd7e09082afcde12654a2d023413b

SHA256
308f525b7dfa0e5fe4ebdcc445e80989198499736a790619ad5ced049d2a54c0

SHA512
00e7cc9fe6127629a2c7a5e1a4bd67451aed6bc8bdc27b1ca715d3fae83e9c6e47bef0913a3164d64fc5a3a0c31e051a0e5ceb787e680ef666d5ddf4f63aad71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50f2a4574e911b0411d369b083a2fa47

SHA1
75d6624f41a4fb273c132ae16cfb442206e2ee3c

SHA256
77ce5ab3601443cde824e6877950e7bb26008cab405b989181f193fcc9a16ea7

SHA512
55c68f9666cac65a8ab12a799ac77f15acc6586a05f4e7bc54cd0108502d68e2ac7e89896fde9387cb65ea61d3b3988af0e9f2d6a9b7f962301571265f55295e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b828b7bb219ce4fe7dae1f2058cc52f8

SHA1
c00496bbe9358f2ac8d7598dcbd9d9c911c5210e

SHA256
e21cba77c2db2d58442e776c3d9447b8617e65dd197d417111f4ff2a8943cbd7

SHA512
3afa9aaed8997845882df1b0e9c4e246377c318bee31eea8bf7df6186dae356b422031aa4310e6b955d3f607a5381b8da453e39341f1e308e8b35aaa4b989d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cab4af53a05a9eb2c7149fed4ea27de

SHA1
78da50c5a22df60707a838f3f9b30e2b79321ed6

SHA256
3f63ff9c1bda5c60db55c65586fbd2a46686f2a01a3968cabb9b5b80c431aa6a

SHA512
f9427184ecab2b586708af064fe59b46478dee2b162023ff66e0b05dd2a65f381b185173046a10357b78b6ad14f8e7788b057727ea4c34badd0aed04fd00fe27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bc67ef80323e12709f60b2cd3b8ac20

SHA1
dadefba6691540497cde24d4c39e5be25fc0bbba

SHA256
4d1cc5e45fc9d8bd1c71eaed41edb6734e610e5621750c84d41afb8e5b2bd14a

SHA512
5f5808638dfa99593b81f1db73b40256c0078642de3723bdc0d6a42aeca05c6e46aad5a11087e35efc67eeb0bc117fd62ca998acb9f8e9b61a60e7367f813f2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0152c1e6bf7916f4dd9e2800462a47bd

SHA1
d986ba9b977e04f482433545fc4a4e1ad56cf8ab

SHA256
fd99d49c97655b80c88af4137cc4d7caff02f3d89472bd67d52b93a201b1622a

SHA512
e3b85da0a34f69a144cf29178ca4e45a1021e75965107776308e3aad4a1ecf6758a74de0586c1c7bd9cfb6ff91d9722eee2095ce9c7479c02bfc2b9055b63147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09df985ac1e55a39e21ef952f10cbdcc

SHA1
1eb94d9900abe9277189170267cab8b29792dec6

SHA256
f0935c55613b92d097bb17dae37dc9d6e88746ccbb7fb29bc0933c8204f1eeda

SHA512
d97ca4993369c74aeeb539e5a804e15619d01335f1d9958bf19e565ab8369d24b4dd886ed51ddbd0b0dc7b78781e6895e412760e25cc9e531b9acb4a4adf68f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8439e453f69f064ae8bec82246a2311

SHA1
ada20dc71eddfb1388b779efbe085b8af8e3190e

SHA256
bbcd6156d4266f9de2133288079db9085023b8267438c6b046484775f8886252

SHA512
fa26ea73e2d36adfee23623791e9890248b98f84eb8a42e821bf3410ca9600edacd605fdec1269dc3e2aba03de28590076c102805b22dae2803bb748f85c591e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
391e7359c3f20db5f1181242bb98cc1c

SHA1
48852a3ff582bb93a0458d6a8121fd17b98d8f1c

SHA256
1fd6d052f85f950aedccc100a9654f58de82af62578cd1e3e02e2cd4e8fab09d

SHA512
183e2ca047ecdfa5ecc40e1e8ae69c9479ef5be8f82e1eaf27c09e1dd6f3a29b8aaab17322aa39cec6ce4c6242fabd86b4c4b87dfd554dfdc66c1bbc5e18ecfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bbe281209a20dcdfdbd1c84a2b10388

SHA1
cd81dd11bec16c54341b979bc98a0bf242721179

SHA256
73f2e13b777ad5b2395857a3d360b1e2b0f595943f5e09e525a0c86942a467e0

SHA512
38d5039b5912f79bbd8ccdcd1c2a8991e742e5179917034d893aa02835ddca5c350adf9b606bd552a37e35fa27e5bf92a98e58027fb9ddb469b0e5d5b910ba8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
2fd542114cd0a9376dbbc7f22196657a

SHA1
04af52dfe2996e062cde5caaa0d7b97e68c02ce9

SHA256
ce904212e57716d75c026e73fe5018c7c9a35de87b1e8a6261deae725d26c1a6

SHA512
f59feeb9179e0d381df7c9905d14b2594e7745abd3a82a1f6cbe138ff93ed66be56f8030566d440e9d276f9617cff81aef9fd6e900e81eb62f7a0fa6a96ae109

Download Submit
C:\Users\Admin\AppData\Local\Temp\DefOpen.reg

Filesize
651B

MD5
ec504f49773352959ec451170df8366e

SHA1
f04d94755b4e867346b09eea1ce1a6d249593565

SHA256
4cb9064dfc20f809ecf0a0ce3b8f8aa4b71087d345140113a44c2f19b99a471d

SHA512
90dd0d9639e4bc9b7d62173169c5acb56a5f009db05581e3ac92504fe0c3afb7a3e20cf70bea9e82e6c5934e60121fad8d7b8be5bfc709989a85dba4e28bbc4d

Download Submit
C:\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\bd.dat

Filesize
13KB

MD5
4b47cc329468a441b23bbce4f6a5d423

SHA1
37aa420c7106e668fc7527567506fce98f2c3c28

SHA256
1bbf37332af75ea682fb4523afc8e61adb22f47f2bf3a8362e310f6d33085a6e

SHA512
f3843671fe20fd39ff558fe05db9e81a0f8ea9b01b5eff1d7ec3d8d0b204d63891ec77e602aeeef94a4b2840cf0b2203952d1f2dc11af280865dd4befece8355

Download Submit
C:\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\tcfg.dat

Filesize
1KB

MD5
4dd2cf4196f898b41f5bf90d43681630

SHA1
d7bba347ddacedf7387d70cfa15f7b3e788b2307

SHA256
4544ecac7841fa425936937c4e5162d5cfa73a87a17ed2f5c2eb44534da6afe7

SHA512
e81a971d754b27f2c1f1c63471edec16b141f5800411ef53866f0f858cb28cb3eb8169ad77798ab3c09567d98f7d5c4f37eaecdaac464ebf024dfeced423e232

Download Submit
\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
\Program Files (x86)\spiritsoft\jingling.exe

Filesize
634KB

MD5
645d60825b362448151387d060593635

SHA1
c670fd72229250249d736c924a10893d8d970f2f

SHA256
0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

SHA512
eda2aca59d752d96696c1326dfd98cf96af201b2c3752ebcfba8ee81354d2ab36b1aa28e94782506aae6062ec21bbf6c634a376157812247086eaed4a9fcf6bb

Download Submit
memory/1716-54-0x0000000074E01000-0x0000000074E03000-memory.dmp

Filesize
8KB

Download