Malware Analysis Report

2025-03-14 22:47

Sample ID 240406-1ml3qacf34
Target e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118
SHA256 4491e0ecd7987facb5b55715a1a20f33bc5857d394bb82d784d828309d147087
Tags
bootkit discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4491e0ecd7987facb5b55715a1a20f33bc5857d394bb82d784d828309d147087

Threat Level: Shows suspicious behavior

The file e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence

Drops startup file

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

NSIS installer

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 21:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 21:46

Reported

2024-04-06 21:48

Platform

win7-20240221-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5DÓÎÏ·´óÌü.lnk C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
N/A N/A C:\Program Files (x86)\5DGame\WebGame.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\5DGame\WebGame.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\5DGame\skin\default\icon_3653.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_close02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File opened for modification C:\Program Files (x86)\5DGame\ÎÒ¶¥ÓÎÏ·´óÌü.url C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\Thumbs.db C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_more01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\skin.xml.bak C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\toolbar_bg01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_big03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\WebGame.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_lt.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_rechange.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_sx.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\skin.xml C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_main.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_popup.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_login_bg03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_zhaq.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_close03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_next03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_prev03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\skin.xml C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_login.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_back_bg02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_kefu02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_restore03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_zhuce_bg02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_gw.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg_yxdt02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\5d.ico C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_qp.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg031.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\toolbar_nav03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_prev02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_hide.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_login_bg01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_cz.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_qj.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\uninst.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\toolbar_nav02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_big01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_restore02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_back_bg03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_bottom_bg03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_shezhi.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_small02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_today.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_prev01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_yxdt.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_next01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_restore01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\skin.xml.bak C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_kfzx.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\pop_close02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_close01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg_yxdt01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_close03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_next02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_big02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_small01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\fancygame.ocx C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_back_bg01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F2F0427-C756-4B4A-A14D-27C2CCEEF130} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ = "Fancy3DOCX Control" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\MiscStatus\ = "0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\FLAGS\ = "2" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\InprocServer32\ = "C:\\PROGRA~2\\5DGame\\FANCYG~1.OCX" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\MiscStatus\1\ = "131473" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FANCY3DOCX.Fancy3DOCXCtrl.1\ = "Fancy3DOCX Control" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FANCY3DOCX.Fancy3DOCXCtrl.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\Control\ C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\ = "Fancy3DOCX ActiveX Control module" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ = "_DFancy3DOCX" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ = "_DFancy3DOCXEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7AE7497B-CAD8-4E66-A58B-DDE9BCAF6B61} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7AE7497B-CAD8-4E66-A58B-DDE9BCAF6B61}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F2F0427-C756-4B4A-A14D-27C2CCEEF130}\ = "Fancy3DOCX Property Page" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ToolboxBitmap32\ = "C:\\PROGRA~2\\5DGame\\FANCYG~1.OCX, 1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\0\win32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FANCY3DOCX.Fancy3DOCXCtrl.1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\0\win32\ = "C:\\Program Files (x86)\\5DGame\\fancygame.ocx" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F2F0427-C756-4B4A-A14D-27C2CCEEF130}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ProgID\ = "FANCY3DOCX.Fancy3DOCXCtrl.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7AE7497B-CAD8-4E66-A58B-DDE9BCAF6B61}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ = "_DFancy3DOCX" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\HELPDIR\ C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ = "_DFancy3DOCXEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\5DGame\WebGame.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\5DGame\WebGame.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1972 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe
PID 1972 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe
PID 1972 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe
PID 1972 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe
PID 1972 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe
PID 1972 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe
PID 1972 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe
PID 1732 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1732 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1732 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1732 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1732 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1732 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1732 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1732 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Program Files (x86)\5DGame\WebGame.exe
PID 1732 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Program Files (x86)\5DGame\WebGame.exe
PID 1732 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Program Files (x86)\5DGame\WebGame.exe
PID 1732 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Program Files (x86)\5DGame\WebGame.exe
PID 1732 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Program Files (x86)\5DGame\WebGame.exe
PID 1732 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Program Files (x86)\5DGame\WebGame.exe
PID 1732 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe C:\Program Files (x86)\5DGame\WebGame.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\setup_p45.exe

"C:\Users\Admin\AppData\Local\Temp\setup_p45.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 "C:\Program Files (x86)\5DGame\fancygame.ocx" /s

C:\Program Files (x86)\5DGame\WebGame.exe

"C:\Program Files (x86)\5DGame\WebGame.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 count.qqkuyou.cn udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp

Files

\Users\Admin\AppData\Local\Temp\setup_p45.exe

MD5 9ec7937f0194e53983ac0aa855f29e6b
SHA1 19684aebe8c2778fa621d66080045e6e378d06f3
SHA256 886560bb548a862063871efa4f375438b86031a462fce40d4315a42932ed59d4
SHA512 4ccf8902e90af04e6003433d92f3d850f7e45f04f0a6859c5587c2a26e812a446ce7a1957c83b911e1511ac8730f8d272ee11372198c31825afa5ada47a27f96

\Users\Admin\AppData\Local\Temp\nsi1170.tmp\System.dll

MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512 d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

\Program Files (x86)\5DGame\WebGame.exe

MD5 6dfc60662d6f059d8a3e360f8ddebe67
SHA1 f1b47a9ea5be5dcf859cde62080ddf53b211242a
SHA256 b4f12dd0ca1d0ba716f19a92d66b7f26487d275aeb436f37595b60012d2f5b11
SHA512 ce7c13e54c2eafac7c5a82d6b7781bb18c3baa3885eb861f7b28ea5edc832540b200e09e3c4d7462ce4619a0d663ab2fc0e8eb41cf7397ff12b4455974593d94

C:\Program Files (x86)\5DGame\fancygame.ocx

MD5 5ca1ca33127d71eff439da94fb116682
SHA1 a445847bb60ac03a6e5165893051bdf486dd6a7f
SHA256 6381e0e596d366141028771f63726200235e27ea9ed2267671f50319144cebd2
SHA512 36d1b7ceac1ed42e316a34d6f58ce1523d5a66feb809aaf1ea7c51ad3822ea4de6775cbad0da53afb8d8548ca4cfa86333254e3e5c357334f5fe3b792f19ce1f

C:\Program Files (x86)\5DGame\skin\default\skin.xml

MD5 41081872767f9350b75d5cda17fbeab3
SHA1 a92b0212fef427ab6b3b1a3098cd19355fc8efa1
SHA256 6c8903347071e20c3e66f52994fa7fac7bfc7f6b703f57b15808bda0290ea598
SHA512 c91ef07bb95540d57c16a7a9eb46c7785f2a292e0673f7202ac1873a5075ca2db48ed32a9c052b49899330cf62e34e48537565ead1aa5c8ddb170c2c3a1f3b4d

C:\Program Files (x86)\5DGame\skin\default\bg_main.png

MD5 8989ed5d6354f7b864498b5b2eaa2223
SHA1 cc554ffe2a7e726a732f2196ac13209487d3c81c
SHA256 c65b7045b0ea0ad944e5188f8924a411156c0c8631cad06c51c38aa37eaa1fe8
SHA512 0af49646eb077c80901b5021c261b3f1c91f2d178a04c1778b47a50c35c8e00c7eaa93ed54e8e0412d14dc2d03d95d092e13a7538616fe9eb5383d8a99e2e187

C:\Program Files (x86)\5DGame\skin\default\icon_qp.png

MD5 4c80b8ee1f564acbd57f878bd2b158b0
SHA1 d9ac861f647d0f088f250ebde75714958f7662e8
SHA256 35d5045234b90aac968eec6cd7c77d5043b113c71012f38cc742ccaf8771ea54
SHA512 35f62e473d02a10af4e95f1a3a0b8f37c2aa438763a166ecdc60f5e8f1d71b2f1abe829c5860692574511151d3812d45e1adb5b5c69eaed08f2d22dbe57af729

C:\Program Files (x86)\5DGame\skin\default\toolbar_nav03.png

MD5 0361fd5cd757222c4952268e4c74ab9e
SHA1 1a5449d580f5391ff70e8f4ffc0dbb463f49237b
SHA256 0413da48754dd71e456abfd8a01aeb0d4fdae938cca5e57df4dc71ff01d7ac6e
SHA512 5c775796129de3d49ddce6b93731c9247155ecc961280e5c8ceaf2f4f6709e08a645a53c667c5f2c43417b9edf7bb2b6c69f7b1045f4e3bda7cfb7a405c8ccac

C:\Program Files (x86)\5DGame\skin\default\toolbar_nav02.png

MD5 7df81bc502c0ad0b538353eb7884e160
SHA1 175cc34ac9c14d491ebc7b4b062a2dce06342df9
SHA256 74302fbf1015fce43d482d1accf4ae7d5e6e6a52ba6e8c33c8f43cefcd8be024
SHA512 d3bc7f638a1ca70bd8b612e12574514237aefc326b1a74cde43dbb5c6422556219c31a70b9ecb518b7f4974b86d4a3fa948d81da5939d3976e921b8695f2aad3

C:\Program Files (x86)\5DGame\skin\default\icon_sx.png

MD5 e5376444deb4e1116e99ab035792eb58
SHA1 a02e9023fad5a36139045108ac7ddc3f15fae8e9
SHA256 b505bb32874631f408f1fd839cb04c7aa94c798deef50eeea71aba32bf05ee66
SHA512 a9ac21f1ca04c11472e5d923147484692e5998721710f9487c6298cc87b24cee6a8e00ed358f72397204359e91e109b97280fd5150072aec11f01b63826b919e

C:\Program Files (x86)\5DGame\skin\default\toolbar_bg01.png

MD5 81fc6157b1c5cc30d797c308f56262b7
SHA1 a87fcc8d8fd7c27d50eb46cd66021bcafc7de4a5
SHA256 9af6bb513f42134609345cc7415ec76a630c24387ef51a491fe097489643fd12
SHA512 5e6b2693c7e01c4a4ee9b7b3e22f472fa82eccbd340e8becea217186d05cb7fc964da9b5ebb5299f5f1a8bee24fe9a8a1fab385a27e0aa8b37c47565fa8e0739

C:\Program Files (x86)\5DGame\skin\default\top_close03.png

MD5 f1e3b569de59076556536310b1c7d1f9
SHA1 e7584b2c9fddf7c172ec1080a099d88f4edcfa0c
SHA256 aba101911720f563f66ec82be44b1b58c6ed741e9cc6363a6b976f2b9a2e843f
SHA512 b043305c8f3617f1a872519a57f1490dfb64fda9f1c7dc75d3ac39fe8e19f8d5ceaeba2393ba0b5867ad9308d8873dde0336487eb94bbd8183979761028e12f2

C:\Program Files (x86)\5DGame\skin\default\top_close01.png

MD5 db079579946e34c14e3b7e0888172002
SHA1 aa7f1f80fbc3462d3dc83b14a833d5cd7be4beb1
SHA256 0027a0096f9c9ef50166e4e249d80f1ab11364bf0602c024ed7d851c6772a758
SHA512 da9f733254f9bc8527dcceb1e34b9b558dc0c7742f0cd4a0b6c69e0634e850aa20ea32308077122462dd063e66391e4e01d994b8ed19f15ab6dd39f632e16a7d

C:\Program Files (x86)\5DGame\skin\default\top_big03.png

MD5 8cd3d38d4a5faa4bf05a231785019b76
SHA1 37642cfaa3ca2e878aff48807c36547792560599
SHA256 de6a18c601197e2d9d782afd54159363cdb632707004fe04a0c78ea49d2bbdc8
SHA512 51f03a25e85188b7f49901efcb3c79ba0a2fa6030a8986cf33a8042d441366a337600358e601aa64738ac26cc054bd53fb1660230970dcc48c782241f0fa1115

C:\Program Files (x86)\5DGame\skin\default\top_big01.png

MD5 d75c56ff2b41fecbe9c4616ddedc2623
SHA1 e7bae4b0348d2eab892a0c1d8d09279c3e4abb9d
SHA256 ff4de8e566cf49a319aee795f295d3d5f042e813c42c559bfff48233cc6f10ea
SHA512 02a0a07c1068163a20fcafeb88e463dc426f6c8371b1f65acfe3a73e89573bfdcc7a592a63404cdfbdbf876e32ce0a679317135d862703e4942ca9eefa7a3d89

C:\Program Files (x86)\5DGame\skin\default\top_small03.png

MD5 88be351cd6521b336f9ad4365bf59d55
SHA1 81549e1de2de29bf308eb8f2937d024da7e4cdd0
SHA256 4527281a721855a9e5434bd8d1a942f5c97b99d93e0b9155489a907df5cefd25
SHA512 fa12a25cf2bdd12d2ac1806fe7506e541b21b91a8d3463b95122451f209fe2ad7ed205cae228989cd5232c280137aa2051f156f1c42e40f1e350d6ae95aeee27

C:\Program Files (x86)\5DGame\skin\default\top_small01.png

MD5 1d210d606cf7600801718943d807f753
SHA1 1d0cc736f026b1e21df99975d2fa1579c7a2fddf
SHA256 24b32a228886e034ac856ec0fe7fa6af7836640b65fb39cc2adfecf2dff0a2cf
SHA512 951b652a77690cd310d9e5c6bb9997f53a61ef3c39d7946fe66b888145385c43e9dd8a322b76e3c1e8a8160f8f93207cf7fb8cedb930edd92e979e16f4ec4a1f

C:\Program Files (x86)\5DGame\skin\default\icon_gw.png

MD5 0d5d1091742cc0e5de1de541ed4cb0bf
SHA1 d14e18d41e15c401618e56832a9622f0095aae86
SHA256 cc22891c5b55fae6166c8e888361ff59605c955a68cf47d0e323d6110ed121ce
SHA512 54d559b6c90f4b1b5913dfb56c7080838446fe4633bbe07618f496b34ea1fa9d1b680bf9600a547f3a584a08b5df4e5aead49139b6d2419c9f492ba2d8d4f58e

C:\Program Files (x86)\5DGame\skin\default\icon_ht.png

MD5 8be49f05a95a09d83a470baf6383559e
SHA1 f59cddb1806f0534787c452571ca7c089da0b9ab
SHA256 5594fafce7821a8c641ca446409c9e05e231a3132b0d21b6ea9390ad90004b5c
SHA512 57757d15f3bdfe431f9e0676c3258d9ec5b31c38977b2e842e4d2b62ffbbff037c064009f909e012fcde9721a1c0c033d4c476ccac4c75da879200212325dcf0

C:\Program Files (x86)\5DGame\skin\default\icon_cz.png

MD5 c0ad1cb9f09ce403fdc01df6ede3cbaa
SHA1 a2f0f03cfd9c29f8c97181eabfd51cc88d9f7844
SHA256 47f66084dc0e69201dfdddb5c364dd06b9e4f965bbd8fe0c249c5c12145a703f
SHA512 162b5f946ba05334be0a5b9c641ecb0301d6825074f55e93b0ce618e1cfda71ef33e4f4c3511b48bfe9a0fda4858ae8249ea41528ec5980c3486c8c6a0c12a37

C:\Program Files (x86)\5DGame\skin\default\icon_lt.png

MD5 233972770a2fd0c908e71342878be91d
SHA1 36510a70dd0f6efaad7d421cea474162053c4af5
SHA256 fa37413581a89d1cf0b2498fc6ef764fcab5b8913e9e03d25629da3b776b05c5
SHA512 d76766c32b52e03da114faeb83e962a47f30a01af7aec5b446af52b6b53b7a2074bf66e16ab3b3b76f8c79bf437e230e94f9a9dac865d036579907251797775b

C:\Program Files (x86)\5DGame\skin\default\icon_qj.png

MD5 4a537631bc45b0bf36605320be8fb07a
SHA1 56960fa2b3bf05a5530829e74f869d666c0d9db3
SHA256 ce1763c5e5c804b9f7afa5cd6bdc105930479430009078c1b36dda0275281872
SHA512 0162ed23af41df0c47dded7713fc3c69c8124b2019aa8452250a0ce41b07bc152f2051a8d799d5a988a0a0ca2d4b4eda66a26dc6f052c8517caa6ddacfd86ce8

C:\Program Files (x86)\5DGame\skin\default\btn_more03.png

MD5 e364fdf4f45864a73def205611d031cc
SHA1 913a98cd5ad74f80b84ca5356ffac0c2d028396f
SHA256 224e56237f58e5c2ceb7ecd0d4e22bc3d400fab37293faca62a280cb79d8b9b7
SHA512 55d2fb69d3007f38cc4e945ea692123f1fe63b4858645fb428a602ffb0df08193035a84c10de2dfbc014a83ef7b4b3b8cf3e42c34c686aad1106391e70901858

C:\Program Files (x86)\5DGame\skin\default\btn_more02.png

MD5 0604efc23a41c93e9c99683ff09c7cf2
SHA1 424ed08c3d29de661e777be52eed4c627eb5cad0
SHA256 ba2e5a4a42ca6aa57a76dbd6832fb4a86986927050712aa14318fed57a93dc48
SHA512 50c70b45fd348bd4d4f697212044cb23841d384edc5fcf63eea69467777545d51dcdae4236a65abc7a808f7d71592aa4a6988fb5913d7c40c65a360932969767

C:\Program Files (x86)\5DGame\skin\default\btn_more01.png

MD5 8f439b42bf3354063bcb52e890cb4c65
SHA1 94a690dee5b863bd77a5e9d6685b5b2933b449c9
SHA256 2dfd17918d8e4ef94ceac0ac21c1cd619cf9c56afb221faf40736b3f96bfb050
SHA512 bf59a3c46b5ed58a501d9e613daf97467a3627852a2e5add5cbc7276a5e530cf3e2052cd4df06c79ed41051a0231990c3d877ccea46591f5f4c1039a23c2caac

C:\Program Files (x86)\5DGame\skin\default\icon_gdyx.png

MD5 dc176b3fdf7f073b7f23ef1179c8cfb9
SHA1 aa38ffe6857f46df7342dff28707e9ce75e67b19
SHA256 3b4244e51c1fd29b573af6aeacf0aa8399480b1f407c426bef1e0a70602fe57b
SHA512 e256502be6c5d27f3a62b7a3520fb9044f6177743c7cfd97dd91cc6cb7b778ddf68212c3d630676a74d6fbb4a573bd32b88f208452a36f486680044f43747abd

C:\Program Files (x86)\5DGame\skin\default\btn_kefu03.png

MD5 f507fedcc95f7767709973b51e9790df
SHA1 296eef2e57be7af71c5ca4a015d84857c82d7f9f
SHA256 86b25f8662f517e3675e06ade5f6b46fc8eee87dd8d4ba827d04f3413dd9b0d0
SHA512 a92a3ed6f752685a457835f416f6291625db17e2dabbe0f4c9a2b6329c0be026306f90bae2ccddf2fce22b873fbb49147f742e15987d369eb0df605ee1cd1f8a

C:\Program Files (x86)\5DGame\skin\default\btn_kefu02.png

MD5 3e7f3bac1531e4ea3b1a8a2933c58e11
SHA1 0a40955bf64bf06f01713206cb5a5f96bffaf9e7
SHA256 46ac63ee266d74043cf506c87a94c943aea5c0c91a2a8093a7fc7338db0092a2
SHA512 e3bc726b0272cdf61cec6315f68ab5f448437ad9f2b15802f37fbc4efeecb4a49b8598799dfe92d2c0908ea3ce0f6c439bf0dbe9a12325839eff780f0aec6d2f

C:\Program Files (x86)\5DGame\skin\default\icon_kfzx.png

MD5 60cb207eeb68e650d13b7a91a84e6a27
SHA1 7b21d001b69ff7b83383aa66b5826af8449c004b
SHA256 e1e67ccf204a5cb3d38d3c21359f4227201c033a002cf8ba986f56deffa9d9c9
SHA512 2e35b0cfbf04809e49331518f6f5f074dbe84ddc0566045ef138ec5444d4c9c09a02aa7b5d5d5b29c81ca0b261dd5e98439f25e017591c61a06857d5e68c13ef

C:\Program Files (x86)\5DGame\skin\default\top_prev03.png

MD5 76eec3e4fd42fc648d11741c757d0a97
SHA1 b1e9a0e0fa172ba546c0d36acca6bf5096d6c97d
SHA256 088e70bf38c3c9f2d1d8ca87804c196457702e86709a1dc8a74713e641ee9f97
SHA512 4ee2d93ed878305344b7eecc1feb6f5d0bac4e6d98dd172c4c5b7db08f284e7f438e3ec01207ce3da780d6c1cc1c94550b7f9ccd69cefa8e1aac0d4826e6cd1c

C:\Program Files (x86)\5DGame\skin\default\top_prev01.png

MD5 827b802f581b35adb607620d59ec72a4
SHA1 3436d352a88690f354c20c9acde95b382458fd3e
SHA256 6282974d5192a6f8d986ffc2cb7cbcb8a480649a7e261d4e146b57d3596fbbfc
SHA512 00568bb17d8b72ef517822cee645faab3bc50a7e8902c66a0ac8cbb705a9c9d3d4db5df4e9c1ec6dcea649e5306afc0f6965f048eaf5e8fc414ecb24700b2b49

C:\Program Files (x86)\5DGame\skin\default\top_next03.png

MD5 edb2d521e3c14f8309d63359f578cc60
SHA1 4f6cab5524bcfb1fe5477d53d219a9adf0258b3c
SHA256 dd3c9515bcea5ef723a6375747acaafeb434859e586b5b7a72ed813dd3b90d96
SHA512 9997434c16df396a27b947b61de4476b608a32ed31073bbb85398d9661a6224ac19be1c65ff7b044501c12b00595c04fca589d30159af80f0c6886b1619bb9a9

C:\Program Files (x86)\5DGame\skin\default\top_next01.png

MD5 4a58af71b4e8491aebc496ed04ce5b79
SHA1 0b60f0ac2d37157573e0b734ce6e986e7f2bd406
SHA256 4667a695aa09d56c87d8e1d34dd32338c4a910c0560cd67f4a094d3ddbb3abb9
SHA512 faefeb1257b0fec4eab9f73314124dd69d2059a95c8f426825784ad591e43c0f73ed8fd2b90a5915f17f971a60b04240206087f9325780c42d33dce3f6564bb7

C:\Program Files (x86)\5DGame\skin\default\icon_yxdt.png

MD5 4cc83055491dd2b98795dfb9bdbbf60c
SHA1 a15594379994e2cd7fc692ced43bf26ff29d84e3
SHA256 9beb49dd628d9a140d4469941b481ee95061a70663398c6e2a0f0feb7a38b3ba
SHA512 f2ec10c1b67c9e8dda820099e10b6a9509aaccf110497b80b8d0201d64b735f16122ddf7463767b0514bb2736e80b72e8f231bb81a389232feeca7ee6242ae15

C:\Program Files (x86)\5DGame\skin\default\nav_bg02.png

MD5 75074fca52eef6d840eb9e41c2779dbe
SHA1 cb603147cb4570b7bb4cf9fee2d3d799b161c59a
SHA256 070de1c6ba4613714b6978b6c148383abccc8341c84b5dac78cd4d8fff49216e
SHA512 821aefcae6ed650187481bb09fd23421c53ef83249039ee51f4ec5cf4b6552ddd12ff7ef92112355c7f0461e1083488cf5508eda8c047d687ba501be7863d6ec

C:\Program Files (x86)\5DGame\skin\default\nav_bg01.png

MD5 ca44b23bf0012cc0a7e349a16636ae57
SHA1 55c066af9ac08d39907bc8d312e073de00dd1bf8
SHA256 382c115367b8e47e0a085f45c192fdc46e68cbec2d082509dc32f701ac312a95
SHA512 f2d1d867e1c3981495bdc0a47bbbc0826ef37929dd881657b6230bb6ebad264d08d3e8664747f3432768132ca42a585cffcdc4baa4dde93356bf0cd504be0980

C:\Program Files (x86)\5DGame\skin\default\top_restore03.png

MD5 f4cf01f92b1078fbb4a8b74f8f9d4da8
SHA1 0e0fdee8eb818679593cb5e5cbd485e784025f9f
SHA256 a07fcd00ffba3c6d41d28c20f21e9603d22b5e963d107c330e4b2cb5a4d32f8a
SHA512 e29a87eb394a69511db18064e37853aef4ff02144e89eee495ffe6061a62513472891d4784cc8abcf4b7c9f26ab984350d603a9ae147775ed8a8d74c9051f844

C:\Program Files (x86)\5DGame\skin\default\top_restore01.png

MD5 56690eec0ac3b891f95bac19db3b244b
SHA1 82ff06f617ba3c1da2a819067c93744dda481e59
SHA256 87522a413f0e13e9d142aa0611af17ef144bd869e9f987a1766f9e8f18b8e98d
SHA512 8c92a1f125a22ac5400e115754267da5262a8f59c935e54e729fe74c0539fd1af522c5dfaafb13fbc4d5428b1245949174fc9fd8554a9c9b5ac978e62229f289

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 21:46

Reported

2024-04-06 21:48

Platform

win10v2004-20240226-en

Max time kernel

115s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5DÓÎÏ·´óÌü.lnk C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
N/A N/A C:\Program Files (x86)\5DGame\WebGame.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\5DGame\WebGame.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\5DGame\skin\default\icon_rechange.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_close01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_close02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_small01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\tj.ico C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_today.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_more01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_zhuce_bg03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_zhuce_bg02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_close01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\uninst.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_sx.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_close02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\toolbar_nav03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_login.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_bottom_bg02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_gdyx.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg_yxdt02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\pop_close02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\skin.xml.bak C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_next01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\5d.ico C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\Thumbs.db C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_kefu03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_qj.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_cz.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\skin.xml C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_close03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_next03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_restore02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_back_bg01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_bottom_bg03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_more03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_small03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\¸´¼þ skin.xml C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_back_bg03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_zhuce_bg01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\pop_close01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_back_bg02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_kefu02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_3653.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_prev01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\WebGame.exe C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\skin.xml C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\skin.xml.bak C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_popup.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_big01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_prev03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\fancygame.ocx C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg031.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg04.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\nav_bg_yxdt01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File opened for modification C:\Program Files (x86)\5DGame\ÎÒ¶¥ÓÎÏ·´óÌü.url C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_zhaq.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_prev02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_small02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_login_bg02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\btn_more02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\icon_ht.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\toolbar_nav02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_big02.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_restore01.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\top_restore03.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A
File created C:\Program Files (x86)\5DGame\skin\default\bg_hide.png C:\Users\Admin\AppData\Local\Temp\setup_p45.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\0\win32\ = "C:\\Program Files (x86)\\5DGame\\fancygame.ocx" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FANCY3DOCX.Fancy3DOCXCtrl.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ = "Fancy3DOCX Control" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7AE7497B-CAD8-4E66-A58B-DDE9BCAF6B61} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\0\win32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ = "_DFancy3DOCX" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FANCY3DOCX.Fancy3DOCXCtrl.1\CLSID\ = "{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\MiscStatus\ = "0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ = "_DFancy3DOCXEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F2F0427-C756-4B4A-A14D-27C2CCEEF130} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ProgID\ = "FANCY3DOCX.Fancy3DOCXCtrl.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ = "_DFancy3DOCXEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ = "_DFancy3DOCX" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F2F0427-C756-4B4A-A14D-27C2CCEEF130}\ = "Fancy3DOCX Property Page" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\MiscStatus\1\ = "131473" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\FLAGS\ = "2" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\Version\ = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FANCY3DOCX.Fancy3DOCXCtrl.1\ = "Fancy3DOCX Control" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\ = "Fancy3DOCX ActiveX Control module" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib\ = "{32B34856-4FE5-44C6-888B-3C111AB18606}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7AE7497B-CAD8-4E66-A58B-DDE9BCAF6B61}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F2F0427-C756-4B4A-A14D-27C2CCEEF130}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\Control\ C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7AE7497B-CAD8-4E66-A58B-DDE9BCAF6B61}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7AE7497B-CAD8-4E66-A58B-DDE9BCAF6B61}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CF31DA5-B148-4811-A05C-2B0378D39626}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FANCY3DOCX.Fancy3DOCXCtrl.1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\ToolboxBitmap32\ = "C:\\PROGRA~2\\5DGame\\FANCYG~1.OCX, 1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B2E8D85E-C0C5-48DF-8DBC-1359B339AE32}\InprocServer32\ = "C:\\PROGRA~2\\5DGame\\FANCYG~1.OCX" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{32B34856-4FE5-44C6-888B-3C111AB18606}\1.0\HELPDIR\ C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D490692-7713-45BA-BCCE-F18E84A4BAE1}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\5DGame\WebGame.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\5DGame\WebGame.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e35a8f9ed9193df42b92ab4f79930236_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\setup_p45.exe

"C:\Users\Admin\AppData\Local\Temp\setup_p45.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 "C:\Program Files (x86)\5DGame\fancygame.ocx" /s

C:\Program Files (x86)\5DGame\WebGame.exe

"C:\Program Files (x86)\5DGame\WebGame.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 count.qqkuyou.cn udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 server.3653.com udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp
US 8.8.8.8:53 server.3653.com udp

Files

C:\Users\Admin\AppData\Local\Temp\setup_p45.exe

MD5 9ec7937f0194e53983ac0aa855f29e6b
SHA1 19684aebe8c2778fa621d66080045e6e378d06f3
SHA256 886560bb548a862063871efa4f375438b86031a462fce40d4315a42932ed59d4
SHA512 4ccf8902e90af04e6003433d92f3d850f7e45f04f0a6859c5587c2a26e812a446ce7a1957c83b911e1511ac8730f8d272ee11372198c31825afa5ada47a27f96

C:\Users\Admin\AppData\Local\Temp\nse6A26.tmp\System.dll

MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512 d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

C:\Program Files (x86)\5DGame\WebGame.exe

MD5 6dfc60662d6f059d8a3e360f8ddebe67
SHA1 f1b47a9ea5be5dcf859cde62080ddf53b211242a
SHA256 b4f12dd0ca1d0ba716f19a92d66b7f26487d275aeb436f37595b60012d2f5b11
SHA512 ce7c13e54c2eafac7c5a82d6b7781bb18c3baa3885eb861f7b28ea5edc832540b200e09e3c4d7462ce4619a0d663ab2fc0e8eb41cf7397ff12b4455974593d94

C:\Program Files (x86)\5DGame\fancygame.ocx

MD5 5ca1ca33127d71eff439da94fb116682
SHA1 a445847bb60ac03a6e5165893051bdf486dd6a7f
SHA256 6381e0e596d366141028771f63726200235e27ea9ed2267671f50319144cebd2
SHA512 36d1b7ceac1ed42e316a34d6f58ce1523d5a66feb809aaf1ea7c51ad3822ea4de6775cbad0da53afb8d8548ca4cfa86333254e3e5c357334f5fe3b792f19ce1f

C:\Program Files (x86)\5DGame\skin\default\skin.xml

MD5 41081872767f9350b75d5cda17fbeab3
SHA1 a92b0212fef427ab6b3b1a3098cd19355fc8efa1
SHA256 6c8903347071e20c3e66f52994fa7fac7bfc7f6b703f57b15808bda0290ea598
SHA512 c91ef07bb95540d57c16a7a9eb46c7785f2a292e0673f7202ac1873a5075ca2db48ed32a9c052b49899330cf62e34e48537565ead1aa5c8ddb170c2c3a1f3b4d

C:\Program Files (x86)\5DGame\skin\default\bg_main.png

MD5 8989ed5d6354f7b864498b5b2eaa2223
SHA1 cc554ffe2a7e726a732f2196ac13209487d3c81c
SHA256 c65b7045b0ea0ad944e5188f8924a411156c0c8631cad06c51c38aa37eaa1fe8
SHA512 0af49646eb077c80901b5021c261b3f1c91f2d178a04c1778b47a50c35c8e00c7eaa93ed54e8e0412d14dc2d03d95d092e13a7538616fe9eb5383d8a99e2e187

C:\Program Files (x86)\5DGame\skin\default\top_small01.png

MD5 1d210d606cf7600801718943d807f753
SHA1 1d0cc736f026b1e21df99975d2fa1579c7a2fddf
SHA256 24b32a228886e034ac856ec0fe7fa6af7836640b65fb39cc2adfecf2dff0a2cf
SHA512 951b652a77690cd310d9e5c6bb9997f53a61ef3c39d7946fe66b888145385c43e9dd8a322b76e3c1e8a8160f8f93207cf7fb8cedb930edd92e979e16f4ec4a1f

C:\Program Files (x86)\5DGame\skin\default\top_big02.png

MD5 8cd3d38d4a5faa4bf05a231785019b76
SHA1 37642cfaa3ca2e878aff48807c36547792560599
SHA256 de6a18c601197e2d9d782afd54159363cdb632707004fe04a0c78ea49d2bbdc8
SHA512 51f03a25e85188b7f49901efcb3c79ba0a2fa6030a8986cf33a8042d441366a337600358e601aa64738ac26cc054bd53fb1660230970dcc48c782241f0fa1115

C:\Program Files (x86)\5DGame\skin\default\toolbar_bg01.png

MD5 81fc6157b1c5cc30d797c308f56262b7
SHA1 a87fcc8d8fd7c27d50eb46cd66021bcafc7de4a5
SHA256 9af6bb513f42134609345cc7415ec76a630c24387ef51a491fe097489643fd12
SHA512 5e6b2693c7e01c4a4ee9b7b3e22f472fa82eccbd340e8becea217186d05cb7fc964da9b5ebb5299f5f1a8bee24fe9a8a1fab385a27e0aa8b37c47565fa8e0739

C:\Program Files (x86)\5DGame\skin\default\top_close03.png

MD5 f1e3b569de59076556536310b1c7d1f9
SHA1 e7584b2c9fddf7c172ec1080a099d88f4edcfa0c
SHA256 aba101911720f563f66ec82be44b1b58c6ed741e9cc6363a6b976f2b9a2e843f
SHA512 b043305c8f3617f1a872519a57f1490dfb64fda9f1c7dc75d3ac39fe8e19f8d5ceaeba2393ba0b5867ad9308d8873dde0336487eb94bbd8183979761028e12f2

C:\Program Files (x86)\5DGame\skin\default\top_close01.png

MD5 db079579946e34c14e3b7e0888172002
SHA1 aa7f1f80fbc3462d3dc83b14a833d5cd7be4beb1
SHA256 0027a0096f9c9ef50166e4e249d80f1ab11364bf0602c024ed7d851c6772a758
SHA512 da9f733254f9bc8527dcceb1e34b9b558dc0c7742f0cd4a0b6c69e0634e850aa20ea32308077122462dd063e66391e4e01d994b8ed19f15ab6dd39f632e16a7d

C:\Program Files (x86)\5DGame\skin\default\top_big01.png

MD5 d75c56ff2b41fecbe9c4616ddedc2623
SHA1 e7bae4b0348d2eab892a0c1d8d09279c3e4abb9d
SHA256 ff4de8e566cf49a319aee795f295d3d5f042e813c42c559bfff48233cc6f10ea
SHA512 02a0a07c1068163a20fcafeb88e463dc426f6c8371b1f65acfe3a73e89573bfdcc7a592a63404cdfbdbf876e32ce0a679317135d862703e4942ca9eefa7a3d89

C:\Program Files (x86)\5DGame\skin\default\top_small02.png

MD5 88be351cd6521b336f9ad4365bf59d55
SHA1 81549e1de2de29bf308eb8f2937d024da7e4cdd0
SHA256 4527281a721855a9e5434bd8d1a942f5c97b99d93e0b9155489a907df5cefd25
SHA512 fa12a25cf2bdd12d2ac1806fe7506e541b21b91a8d3463b95122451f209fe2ad7ed205cae228989cd5232c280137aa2051f156f1c42e40f1e350d6ae95aeee27

C:\Program Files (x86)\5DGame\skin\default\toolbar_nav03.png

MD5 0361fd5cd757222c4952268e4c74ab9e
SHA1 1a5449d580f5391ff70e8f4ffc0dbb463f49237b
SHA256 0413da48754dd71e456abfd8a01aeb0d4fdae938cca5e57df4dc71ff01d7ac6e
SHA512 5c775796129de3d49ddce6b93731c9247155ecc961280e5c8ceaf2f4f6709e08a645a53c667c5f2c43417b9edf7bb2b6c69f7b1045f4e3bda7cfb7a405c8ccac

C:\Program Files (x86)\5DGame\skin\default\top_next03.png

MD5 edb2d521e3c14f8309d63359f578cc60
SHA1 4f6cab5524bcfb1fe5477d53d219a9adf0258b3c
SHA256 dd3c9515bcea5ef723a6375747acaafeb434859e586b5b7a72ed813dd3b90d96
SHA512 9997434c16df396a27b947b61de4476b608a32ed31073bbb85398d9661a6224ac19be1c65ff7b044501c12b00595c04fca589d30159af80f0c6886b1619bb9a9

C:\Program Files (x86)\5DGame\skin\default\top_next01.png

MD5 4a58af71b4e8491aebc496ed04ce5b79
SHA1 0b60f0ac2d37157573e0b734ce6e986e7f2bd406
SHA256 4667a695aa09d56c87d8e1d34dd32338c4a910c0560cd67f4a094d3ddbb3abb9
SHA512 faefeb1257b0fec4eab9f73314124dd69d2059a95c8f426825784ad591e43c0f73ed8fd2b90a5915f17f971a60b04240206087f9325780c42d33dce3f6564bb7

C:\Program Files (x86)\5DGame\skin\default\top_prev03.png

MD5 76eec3e4fd42fc648d11741c757d0a97
SHA1 b1e9a0e0fa172ba546c0d36acca6bf5096d6c97d
SHA256 088e70bf38c3c9f2d1d8ca87804c196457702e86709a1dc8a74713e641ee9f97
SHA512 4ee2d93ed878305344b7eecc1feb6f5d0bac4e6d98dd172c4c5b7db08f284e7f438e3ec01207ce3da780d6c1cc1c94550b7f9ccd69cefa8e1aac0d4826e6cd1c

C:\Program Files (x86)\5DGame\skin\default\top_prev01.png

MD5 827b802f581b35adb607620d59ec72a4
SHA1 3436d352a88690f354c20c9acde95b382458fd3e
SHA256 6282974d5192a6f8d986ffc2cb7cbcb8a480649a7e261d4e146b57d3596fbbfc
SHA512 00568bb17d8b72ef517822cee645faab3bc50a7e8902c66a0ac8cbb705a9c9d3d4db5df4e9c1ec6dcea649e5306afc0f6965f048eaf5e8fc414ecb24700b2b49

C:\Program Files (x86)\5DGame\skin\default\btn_more03.png

MD5 e364fdf4f45864a73def205611d031cc
SHA1 913a98cd5ad74f80b84ca5356ffac0c2d028396f
SHA256 224e56237f58e5c2ceb7ecd0d4e22bc3d400fab37293faca62a280cb79d8b9b7
SHA512 55d2fb69d3007f38cc4e945ea692123f1fe63b4858645fb428a602ffb0df08193035a84c10de2dfbc014a83ef7b4b3b8cf3e42c34c686aad1106391e70901858

C:\Program Files (x86)\5DGame\skin\default\btn_more02.png

MD5 0604efc23a41c93e9c99683ff09c7cf2
SHA1 424ed08c3d29de661e777be52eed4c627eb5cad0
SHA256 ba2e5a4a42ca6aa57a76dbd6832fb4a86986927050712aa14318fed57a93dc48
SHA512 50c70b45fd348bd4d4f697212044cb23841d384edc5fcf63eea69467777545d51dcdae4236a65abc7a808f7d71592aa4a6988fb5913d7c40c65a360932969767

C:\Program Files (x86)\5DGame\skin\default\btn_more01.png

MD5 8f439b42bf3354063bcb52e890cb4c65
SHA1 94a690dee5b863bd77a5e9d6685b5b2933b449c9
SHA256 2dfd17918d8e4ef94ceac0ac21c1cd619cf9c56afb221faf40736b3f96bfb050
SHA512 bf59a3c46b5ed58a501d9e613daf97467a3627852a2e5add5cbc7276a5e530cf3e2052cd4df06c79ed41051a0231990c3d877ccea46591f5f4c1039a23c2caac

C:\Program Files (x86)\5DGame\skin\default\icon_gdyx.png

MD5 dc176b3fdf7f073b7f23ef1179c8cfb9
SHA1 aa38ffe6857f46df7342dff28707e9ce75e67b19
SHA256 3b4244e51c1fd29b573af6aeacf0aa8399480b1f407c426bef1e0a70602fe57b
SHA512 e256502be6c5d27f3a62b7a3520fb9044f6177743c7cfd97dd91cc6cb7b778ddf68212c3d630676a74d6fbb4a573bd32b88f208452a36f486680044f43747abd

C:\Program Files (x86)\5DGame\skin\default\btn_kefu03.png

MD5 f507fedcc95f7767709973b51e9790df
SHA1 296eef2e57be7af71c5ca4a015d84857c82d7f9f
SHA256 86b25f8662f517e3675e06ade5f6b46fc8eee87dd8d4ba827d04f3413dd9b0d0
SHA512 a92a3ed6f752685a457835f416f6291625db17e2dabbe0f4c9a2b6329c0be026306f90bae2ccddf2fce22b873fbb49147f742e15987d369eb0df605ee1cd1f8a

C:\Program Files (x86)\5DGame\skin\default\btn_kefu02.png

MD5 3e7f3bac1531e4ea3b1a8a2933c58e11
SHA1 0a40955bf64bf06f01713206cb5a5f96bffaf9e7
SHA256 46ac63ee266d74043cf506c87a94c943aea5c0c91a2a8093a7fc7338db0092a2
SHA512 e3bc726b0272cdf61cec6315f68ab5f448437ad9f2b15802f37fbc4efeecb4a49b8598799dfe92d2c0908ea3ce0f6c439bf0dbe9a12325839eff780f0aec6d2f

C:\Program Files (x86)\5DGame\skin\default\icon_kfzx.png

MD5 60cb207eeb68e650d13b7a91a84e6a27
SHA1 7b21d001b69ff7b83383aa66b5826af8449c004b
SHA256 e1e67ccf204a5cb3d38d3c21359f4227201c033a002cf8ba986f56deffa9d9c9
SHA512 2e35b0cfbf04809e49331518f6f5f074dbe84ddc0566045ef138ec5444d4c9c09a02aa7b5d5d5b29c81ca0b261dd5e98439f25e017591c61a06857d5e68c13ef

C:\Program Files (x86)\5DGame\skin\default\icon_qj.png

MD5 4a537631bc45b0bf36605320be8fb07a
SHA1 56960fa2b3bf05a5530829e74f869d666c0d9db3
SHA256 ce1763c5e5c804b9f7afa5cd6bdc105930479430009078c1b36dda0275281872
SHA512 0162ed23af41df0c47dded7713fc3c69c8124b2019aa8452250a0ce41b07bc152f2051a8d799d5a988a0a0ca2d4b4eda66a26dc6f052c8517caa6ddacfd86ce8

C:\Program Files (x86)\5DGame\skin\default\icon_ht.png

MD5 8be49f05a95a09d83a470baf6383559e
SHA1 f59cddb1806f0534787c452571ca7c089da0b9ab
SHA256 5594fafce7821a8c641ca446409c9e05e231a3132b0d21b6ea9390ad90004b5c
SHA512 57757d15f3bdfe431f9e0676c3258d9ec5b31c38977b2e842e4d2b62ffbbff037c064009f909e012fcde9721a1c0c033d4c476ccac4c75da879200212325dcf0

C:\Program Files (x86)\5DGame\skin\default\icon_gw.png

MD5 0d5d1091742cc0e5de1de541ed4cb0bf
SHA1 d14e18d41e15c401618e56832a9622f0095aae86
SHA256 cc22891c5b55fae6166c8e888361ff59605c955a68cf47d0e323d6110ed121ce
SHA512 54d559b6c90f4b1b5913dfb56c7080838446fe4633bbe07618f496b34ea1fa9d1b680bf9600a547f3a584a08b5df4e5aead49139b6d2419c9f492ba2d8d4f58e

C:\Program Files (x86)\5DGame\skin\default\icon_cz.png

MD5 c0ad1cb9f09ce403fdc01df6ede3cbaa
SHA1 a2f0f03cfd9c29f8c97181eabfd51cc88d9f7844
SHA256 47f66084dc0e69201dfdddb5c364dd06b9e4f965bbd8fe0c249c5c12145a703f
SHA512 162b5f946ba05334be0a5b9c641ecb0301d6825074f55e93b0ce618e1cfda71ef33e4f4c3511b48bfe9a0fda4858ae8249ea41528ec5980c3486c8c6a0c12a37

C:\Program Files (x86)\5DGame\skin\default\icon_lt.png

MD5 233972770a2fd0c908e71342878be91d
SHA1 36510a70dd0f6efaad7d421cea474162053c4af5
SHA256 fa37413581a89d1cf0b2498fc6ef764fcab5b8913e9e03d25629da3b776b05c5
SHA512 d76766c32b52e03da114faeb83e962a47f30a01af7aec5b446af52b6b53b7a2074bf66e16ab3b3b76f8c79bf437e230e94f9a9dac865d036579907251797775b

C:\Program Files (x86)\5DGame\skin\default\icon_qp.png

MD5 4c80b8ee1f564acbd57f878bd2b158b0
SHA1 d9ac861f647d0f088f250ebde75714958f7662e8
SHA256 35d5045234b90aac968eec6cd7c77d5043b113c71012f38cc742ccaf8771ea54
SHA512 35f62e473d02a10af4e95f1a3a0b8f37c2aa438763a166ecdc60f5e8f1d71b2f1abe829c5860692574511151d3812d45e1adb5b5c69eaed08f2d22dbe57af729

C:\Program Files (x86)\5DGame\skin\default\toolbar_nav02.png

MD5 7df81bc502c0ad0b538353eb7884e160
SHA1 175cc34ac9c14d491ebc7b4b062a2dce06342df9
SHA256 74302fbf1015fce43d482d1accf4ae7d5e6e6a52ba6e8c33c8f43cefcd8be024
SHA512 d3bc7f638a1ca70bd8b612e12574514237aefc326b1a74cde43dbb5c6422556219c31a70b9ecb518b7f4974b86d4a3fa948d81da5939d3976e921b8695f2aad3

C:\Program Files (x86)\5DGame\skin\default\icon_sx.png

MD5 e5376444deb4e1116e99ab035792eb58
SHA1 a02e9023fad5a36139045108ac7ddc3f15fae8e9
SHA256 b505bb32874631f408f1fd839cb04c7aa94c798deef50eeea71aba32bf05ee66
SHA512 a9ac21f1ca04c11472e5d923147484692e5998721710f9487c6298cc87b24cee6a8e00ed358f72397204359e91e109b97280fd5150072aec11f01b63826b919e

C:\Program Files (x86)\5DGame\skin\default\nav_bg01.png

MD5 ca44b23bf0012cc0a7e349a16636ae57
SHA1 55c066af9ac08d39907bc8d312e073de00dd1bf8
SHA256 382c115367b8e47e0a085f45c192fdc46e68cbec2d082509dc32f701ac312a95
SHA512 f2d1d867e1c3981495bdc0a47bbbc0826ef37929dd881657b6230bb6ebad264d08d3e8664747f3432768132ca42a585cffcdc4baa4dde93356bf0cd504be0980

C:\Program Files (x86)\5DGame\skin\default\nav_bg02.png

MD5 75074fca52eef6d840eb9e41c2779dbe
SHA1 cb603147cb4570b7bb4cf9fee2d3d799b161c59a
SHA256 070de1c6ba4613714b6978b6c148383abccc8341c84b5dac78cd4d8fff49216e
SHA512 821aefcae6ed650187481bb09fd23421c53ef83249039ee51f4ec5cf4b6552ddd12ff7ef92112355c7f0461e1083488cf5508eda8c047d687ba501be7863d6ec

C:\Program Files (x86)\5DGame\skin\default\icon_yxdt.png

MD5 4cc83055491dd2b98795dfb9bdbbf60c
SHA1 a15594379994e2cd7fc692ced43bf26ff29d84e3
SHA256 9beb49dd628d9a140d4469941b481ee95061a70663398c6e2a0f0feb7a38b3ba
SHA512 f2ec10c1b67c9e8dda820099e10b6a9509aaccf110497b80b8d0201d64b735f16122ddf7463767b0514bb2736e80b72e8f231bb81a389232feeca7ee6242ae15

C:\Program Files (x86)\5DGame\skin\default\top_restore02.png

MD5 f4cf01f92b1078fbb4a8b74f8f9d4da8
SHA1 0e0fdee8eb818679593cb5e5cbd485e784025f9f
SHA256 a07fcd00ffba3c6d41d28c20f21e9603d22b5e963d107c330e4b2cb5a4d32f8a
SHA512 e29a87eb394a69511db18064e37853aef4ff02144e89eee495ffe6061a62513472891d4784cc8abcf4b7c9f26ab984350d603a9ae147775ed8a8d74c9051f844

C:\Program Files (x86)\5DGame\skin\default\top_restore01.png

MD5 56690eec0ac3b891f95bac19db3b244b
SHA1 82ff06f617ba3c1da2a819067c93744dda481e59
SHA256 87522a413f0e13e9d142aa0611af17ef144bd869e9f987a1766f9e8f18b8e98d
SHA512 8c92a1f125a22ac5400e115754267da5262a8f59c935e54e729fe74c0539fd1af522c5dfaafb13fbc4d5428b1245949174fc9fd8554a9c9b5ac978e62229f289