3e7489d271bcc9ef5bba304a654808411a2381a56a234f04b4a36a4ca1862895

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
Size

1.3MB
MD5

f323a968d934eedb70dc98787cea1b2b
SHA1

7cd3752ba2eeb89fbb05874bcc170b0447948cb0
SHA256

3e7489d271bcc9ef5bba304a654808411a2381a56a234f04b4a36a4ca1862895
SHA512

8fef4b0d591f760c62def697902f513a0bb2613eabbb85d631182e3b02d5bd203e2cd9571b2a03630a3c62bb10ad33256421e0d1766a829d24ed322877dcf80a
SSDEEP

24576:rAwDcHDz8o3DaDSKbUfI5a+NKycHTrlQzSraIKu78ThO3pEUaUTV4s:kwaEODfKbUQ5r0HXLaI8KaUT

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2272	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2956-0-0x0000000000400000-0x0000000000496000-memory.dmp	autoit_exe

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\TheWorld3\世界之窗.exe	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\实用查询.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\系统下载.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\KSafe\cfg\ksfmon.ini	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\电视直播.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\百度.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\360\360Search.exe	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\实用查询.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.exe	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家电商城.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.ini	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.ini	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\电视直播.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家电商城.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\在线网游.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\百度.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\系统下载.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\在线网游.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000000147b2ffd611662860f68196118adf38e85027ea9ce872e54456641d98ae0063000000000e800000000200002000000038b327d22a087ac5bf233bd60b987307b317a7ac7c9f13ecd359d42478e481c8900000003d4553b4e51e9368ab5ce3e180225d01aa442e57ad52dff475d30c485f497a6ad73efd94faad014537b17e2d1016c104886c6cb1abbcc582fae94ba9503dd5f08fbad5bc7979b8c9a9664b94e8a2a875fa5dc68c3a9870390d047eff5b82dc6911dda377de1fb0f32a7e34a678dd7502b1d2f1eea1e8863148f59f4927d1fb736588e0bc4e284b2041fafbcc1f04034140000000ed5f695ac5ff12fe32cbefdf423e73ce2978583c9f6d296062fc5dd74e439515e7a723acac5a8ebcb11d07d17c6976a17badb1736d9b22d59b2656de6c32238a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{264ECAA1-FBCF-11EE-B826-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207563fbdb8fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000071b239cbc5f2c9accdb598fd95cfd39104ba2f8cf073b0a5333e6d5ac9f86a6f000000000e800000000200002000000042e8e4c53adf4ea55ee7c122b906629291cff4f4d2dd60e15ab73de91e8c51c520000000ed89558dff407ded0741470e7eaa637bbde128722d0a39d67560e1309ff87757400000000f54f5b5605ec8a3437882ff75e1eb9a4a3e26b779bda83e3a6c322532c0c39b6c563fdfaa4409d35231afd5b2bd1e734d6b830e100dfd56aea2aaaf070ff133	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419419629"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
476	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2324	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
2324	iexplore.exe
2324	iexplore.exe
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2324	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	28
PID 2956 wrote to memory of 2324	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	28
PID 2956 wrote to memory of 2324	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	28
PID 2956 wrote to memory of 2324	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	28
PID 2324 wrote to memory of 1304	2324	iexplore.exe	29
PID 2324 wrote to memory of 1304	2324	iexplore.exe	29
PID 2324 wrote to memory of 1304	2324	iexplore.exe	29
PID 2324 wrote to memory of 1304	2324	iexplore.exe	29
PID 2956 wrote to memory of 2272	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	30
PID 2956 wrote to memory of 2272	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	30
PID 2956 wrote to memory of 2272	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	30
PID 2956 wrote to memory of 2272	2956	f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe	30
PID 2272 wrote to memory of 476	2272	cmd.exe	32
PID 2272 wrote to memory of 476	2272	cmd.exe	32
PID 2272 wrote to memory of 476	2272	cmd.exe	32
PID 2272 wrote to memory of 476	2272	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2127.cn/?newth3
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1304
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\f323a968d934eedb70dc98787cea1b2b_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - Runs ping.exe
    PID:476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url

Filesize
194B

MD5
9018fcca1506b6e9998cf9483068765d

SHA1
ca7297f37507501b783b9384597b95f7a77e2602

SHA256
6589fb51a3d3c0128ba11a27383ef8f4f4a76d87e343a022555e1b8c63b76de4

SHA512
0811dd3febb468711702e15a32ced2f1bc29441cde1232f3f02f2c6f8e973aa550b32ebd0e097e3d9bd703e7774ab838daef9e126369ab7f4e23ac8613f2fdab

Download Submit
C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url

Filesize
134B

MD5
25852a9ccf176fc455d9752841d27114

SHA1
d7f298bd5fd616e0ec0778a69024d21653c83ef4

SHA256
22dd6f2b0ae0e373796457a5414a3535367a358f531d07bfd220f1f36213da02

SHA512
eec5fb3f9fb14e6bcd27b42165842a250eb0338085c054bdb00162a0e11663972764e07e8449a288a9b641dd5f3d2d11216f788b4f5676f179748dc1e4a24683

Download Submit
C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url

Filesize
142B

MD5
c931fadca55f88e0e5edb7552c4b1ad9

SHA1
aeec96c72c7db3ae94d25369e8ff73745af6cfb4

SHA256
93e8c38c6d5286c7922be4944a87787aedca8d5c9478e4f89c4fe1de7371b710

SHA512
a5c95e5a1236a9eb3bed1ba8cfd99c48516ad30ed28bcb1453928731c3e4ceb68cca61a4d1122a5c20717a539e3ff98fe86cd555216e4bf368e537b2927296a3

Download Submit
C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url

Filesize
82B

MD5
d8b0997d51b69f071b951de35a1f5f4e

SHA1
c0f634151c7c70c0d661d6e36e3298571854239a

SHA256
69bf159c06d52670174336c3a229afd1e3342fd3a25666fdd4617fe211945fc3

SHA512
d03b46f108e0da4bc800163fd60108d1f96cec69119b623e29c83a97d33bad28b7428f47a05cc65b8058cedf536fe1c35d9db6c1c6125abcca4d9d9d724ccbcf

Download Submit
C:\Program Files (x86)\TheWorld3\2\【网址导航】.url

Filesize
78B

MD5
15a0dfd6971a548e27da0e9e081fb20c

SHA1
d4e96db0a1f75cb170db214d2a3bc837d8cec84c

SHA256
0301c5ca25bf7462637537ec02af8d5e59d573ebdf783568b24cd7048e283589

SHA512
779392917f82d8517ea4cc0c48ffac06e20a1cdf6950ec170600cc789305eb9669559c67a097150f40d2fa676e41308abaf07a5e58f1994ccf6988477f4214b6

Download Submit
C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url

Filesize
134B

MD5
57efae2fa1413b359aa55ebf818d44e9

SHA1
a25ed510c0de2b7d714c20fdac23db9c1c5f4128

SHA256
bbcbdf46a55af3d1511f0b2d52939213810d2b9c0c54d073c8d09429961b88b2

SHA512
3a3a4074db5d4a3af95cadc3da8751012993d6c011de49f628dbe45a13d3cb8dae8278813eaed57b8e071df97560d05270ea3116b28e6d0de6a4d75fdd9ebc9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\在线网游.url

Filesize
190B

MD5
f48866be4b9729453057af8c2de8cb84

SHA1
f48cb381e5baaf598da3f464836ab7ef628b0710

SHA256
b0cab2c945158a89985a9d5b77704fda9a7495858ca5c7ebaad5b524f303861b

SHA512
a1a4caa9fcfe83f9eedfa7e435229e32c5d3574798b59700591e756a5aa2eaf2f67943b467e47088c685d078dba6eda30e7ac292068557fdb7f5316ff47625ea

Download Submit
C:\Program Files (x86)\TheWorld3\2\实用查询.url

Filesize
78B

MD5
05f923433437db81afa7a2b19d3c6f51

SHA1
19b6b8a548c430b1fca8a214874d67c3915bef85

SHA256
ce2c4d2b876cdf11b707f79b45b891f674025f421b6e8c99c40509e849c67e68

SHA512
dc431b7ab359ee1d1147c2272461b0dc0b8f41bda55d8ec4f4e3d896013121bd88c32898a844494bdde8a37ce7823b49dfed3a31625d8b006d16e961d462ed17

Download Submit
C:\Program Files (x86)\TheWorld3\2\家电商城.url

Filesize
126B

MD5
f847c2a7d92d221480d4577b5f4a02f1

SHA1
287d2ed6b93141516651fd902394afe0ccfe8c5b

SHA256
4d097096fdbba3ed61c35598bb26cb66e407dad48bdd9cc6f630f272bf0b318f

SHA512
191515b24148a710f7d2ab6187005be0a09ae9bce72507d963411234b36458b5de9dd935818460a6af4d121c48aba7dc082bca23a06844948d3143ef0b858e9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\淘宝网.url

Filesize
145B

MD5
73e9d1a5c85a6d17cf6daf1a29747d68

SHA1
80586a1a5420d56f65e37d0b1b0b7c2faf19a79a

SHA256
9f4bcaef43c584c99aa48042285b3f744ee9eb1afb934bf2864759543819fae9

SHA512
0a68b2230fccb66814b5d85fa79beec4b633361e1273499417cdd9676320398c6056d2b95500e1191b467bd2f5a462f1cc0bc76ccb4e11120fe0cb375d3040ca

Download Submit
C:\Program Files (x86)\TheWorld3\2\游戏下载.url

Filesize
81B

MD5
cf8565c8ae2227e2405d6dfacaa04879

SHA1
471aeda36ba5044533b24886189e68e43538f01d

SHA256
4a1dd24faf80eda60d1f60e2c84a727e20be9b4aa6b032d61560ffcde73e9b44

SHA512
654fb592ddcd92b1979fe89edbfa6c228a757d52acc0afb49d4e2177bd0c3697a67eccf1da112340d02f240ead4554b01cd8a2ce13173d0aeef14f2526c4fe53

Download Submit
C:\Program Files (x86)\TheWorld3\2\电视直播.url

Filesize
184B

MD5
de76ed786e20dc35d1462da506355f6e

SHA1
f302c494fe862e046c39482ed5e698450c1771a5

SHA256
0fd9332ea18b83e7f313cc3960010b10fa4f1d1590f8f5ef75254d8ce121c9ab

SHA512
9261c8983f319210df9eb5c7439d79547f47f74218683d3d43b8a8a660925bf5a9b4415cb15011d7dd6732f56ee20596b465faea23a4cdc7e873b656bbb0a65e

Download Submit
C:\Program Files (x86)\TheWorld3\2\百度.url

Filesize
141B

MD5
78412d08796c909a0853a1dd18ccd586

SHA1
ceb2d947d41df77377aae60ab559a304fb405b59

SHA256
7e03a4aba9fe8f15abede66b5ea190ef7d1c16e200b342a7b9dfd417545150f2

SHA512
3beca38f6f757b3df3d7cf836ffc996e8a713df809fc5cad3f81363991943123acf55656c767b898b025760d0f113d53a1211c231332569f2027bf4f4b59e119

Download Submit
C:\Program Files (x86)\TheWorld3\2\系统下载.url

Filesize
183B

MD5
e321c8319ae133844943486b541461dd

SHA1
8e18a6bdb999a036cd407521e64ada293c0e61b6

SHA256
8d1dc50916793e02d99602dbbbcba6fe43346521ec8df4cb83a2399f0f7c684e

SHA512
cd0fd9fd5082c20045a43b8904d3c4a196cdd5f977bca7c6eb71f4968bf0d9b91eb78dc7aabd4162f28706312da78ba435e01d4412ca02fe3a83decf373a3b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
748fb616bbdb223ff379a33659caf3ab

SHA1
afee18854f1a0d0cf317b0d0213e24a0dbffc484

SHA256
fa6ee3e10c949c7eae1009a9d8cc7e3d77f966f3b905924fda8040bc8b5bb49c

SHA512
f36826d10b0830be0992558ec21ad6629bac56052aee1c113e96959163e6145d1b929aad4258401d656e3f5bdece5d23692ac2a2405f4e75ac9e9c4650ab27ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05d401046bfcd6de21f9e70d1e248287

SHA1
2b47ea2995f6048613e537d38e6d6fd7a61d4610

SHA256
d17c4d99f4766aae737730f463f175960792749374861a9c3f477ed12b63bd85

SHA512
3b61b0368c3814b2333e6b20f02b57cdcb8f67c1c82196cdc6708fb20aa1a3ff64bf2192d55b3e79a5f209a43027874dd5d86565ef821379343fcfaf2881694f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4831eebdc80158406e009441a6eb2418

SHA1
2baed5134a83add89921ab40a0f2f9484f51ce7f

SHA256
97b6ae697868b062fb39a5b30c5c5d25b97c4493bf7448a625820abc351b2ff4

SHA512
79c57214d5d9d820fa1e66d2374d55263d29f6e6e0acaa13fdea9e6c6760d93eeb471c68b4416f4de472cc665f3edc0e8fff4a18a69f7b8d8976a71eebd04713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6956a0f55137dee109503ea8133859e6

SHA1
edd0285ef46f81bfc3f2b1f0a433857340d8aef8

SHA256
9cb5ed0e409b0325fdb39f94c3dac404ba5966b00d996e04a5f3767f80230490

SHA512
4c7d36848d8f53a81635bf3999de4d693c194bda3810721873c21d6b9f5bb9efe896a1987461d7a151a7752cc9777ccd5f485a1ef0195d02e83be57386613f5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40f0d509802e0325d6844f8ae6822c8c

SHA1
a9a17f52cafb1d2535ece5ea86ceede7ffa64b3c

SHA256
4f528d69db92ce43d554a5632b1bc796bd0d421e711b353ea61cdbd5d2a3c1a3

SHA512
91f8bcb2150c7c4d8000ff3eeb3b26c918eee0a3ca8021cc296b743f2542e3609c22df5c83f88f08940a0c2a2296e187a5f1353d2e677697a14f4d45f204d1f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f51b00852ea428ecfafeb37c0b79199d

SHA1
59c06a97ef2e92c1cdeb2ded252d6f945f069d85

SHA256
4a3050fa8aac8e5d5e10a3ab88d9f9c45f381c4bba685e1b5f58c1b11a42b637

SHA512
8a64fbfbb847b9e5c8ec630b5841bf2bba95825ed5a2ef3aa0ba8c3669143993737af37fa73e2dc63b3d817db874decff8972788f9593d5e26bb36e8165ecb79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9367431f8cf578a410da10bb691707d3

SHA1
94eef85d7830cdbc7aee5bc40da5944ca862502f

SHA256
843b71888abf7f5ca49b879d4ebfa27c17911bef514a9a10d0c1df817423c92b

SHA512
de1403264f2d148d46fbd5016a2f4cb83706ed61f18a6a7f162f035358b023eb498ab345fe62759e6c74713f4739f759351d986ef2eb438b33631881e43f6110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9e48dbbe786cf6869d79e966101895a

SHA1
bdcee67ca09483d693aad1881a40161ab0cf3d5b

SHA256
1bbc1f094611fb9579b3c487850e62428739538f27ba255c76f4926a2744177b

SHA512
d4246f365d157d18768a84e136802aaaef450e42df9f84b8e81a76981cbf49e50f2b4ad85924a30fbcbe9796d66397c5f7656ba1a20e904e76a5a87e89d2f866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
282c51cd207a83d912bfde97a3c270ec

SHA1
51377fd86e8b868be1f3c86141fbd77453e98cc7

SHA256
15fc62327defbd22e8256d255b8812968974c3701d5d03539282f5ad740e78ce

SHA512
dfac2caff80bd683abd6cb33aa1b95ec47e9678ff0b72a0fd1d3a24874eb4305f11f07c5f44bd971b43a90fd53d0d4caf62fdd234feab21f1ef284b3308c8e23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbaa3ebdd40879d15f6b303fc4eb22ce

SHA1
baf1945749dd54cea0327f78740e7d8af838a45a

SHA256
e4c51dadf77ce1aaa2d720bfa05a7dbc36be3133a911441cfffbca9b94d3b7f6

SHA512
7a15ccd0a887053ef17bd0cb11e15de53d502c47e5caac32c7e9e4b1921a08d1a87e163eb7100cc2739a4f8fc8b885b0f0ec8982c3ab8ba5adf9281e33d2e3c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23a7273cebdce32b7f562d0c885ed65f

SHA1
ee9409451e1d36b1095620b2a3efc687c3c42812

SHA256
b0cd451a6df6b1dc5f6bf89a601dde3dfd0660822982c3e8afb3e971a73701f8

SHA512
1542dbbc47c2c75338710edbce88caa76ae4375967b0b4d834b13e01957f8d813c07cbcf4b09ec50d114deecb5e79a91a6dc95c3064f295489883b929df5e4ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd577408d1cf92592e391456b7649c0a

SHA1
cf60577ac92b535c34b6667e91d36a2ef0866936

SHA256
0ecdefc007fa8d7ada491991c4cf182d6b2663386324269652a1796a951ff65e

SHA512
c8d7a6c48466c73722e3612a0a70d8bc2357d84f903cb597390e296e11e8cc0dc4ca740b71f1176d11907f8a37d811ad7690017db5f912dd78f3f2e16ea90d1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c5c2f584157e1b665b30bf9ddea6ceb

SHA1
824d11284cf183598ed4673cd370cccb2c0efee7

SHA256
5391a6a49fd3d015f2c99fdc7a4e01769bf7e80cdb1830b6f30740b735c3da11

SHA512
de8efe87013d63fbf32582b0188ff09de27e0a3f508c3885c8fd8c3b751231393ed017902cb28c61b604d8d086c68e02c6e2f4d556b419faabc7d8112aca5826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d83899cc97a36958ff30078b6542598

SHA1
6dcbc5b2ac823de0f8d8f1c20fc2d3b6b5852aff

SHA256
295d5cbcc3c78c846c4069e6f13a6ac49c413bcc79d3075036930dba47d34db7

SHA512
08cf3a11f424ca01091f1f69046a8df631b2264469fdb56f4c40303936367f3267284e0c78c98c083b57a7f37ad618e18faa49105999182a54627b5148462547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb8509bc6c664bc35b1077f036b96f3f

SHA1
66faed014b03605c796b50b19396c9e212df4e17

SHA256
b8db9e209bc4dcd2d71dd34d3e8aa1b08437aacb27c15ffb3bf081bfd9e33283

SHA512
db0f94508fcceea411d6a50b843b5344de9ea98174f6fb44832b9a957c939324492ab5416ee2206c056644941c33d4ab53889f02fd00374a40d5965a78d1b231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0da6509f24bbc3c81cc92c1dfd9853ca

SHA1
c495c83fee6ec8a12e2641a5231066f362c8f793

SHA256
520a8387388114271e0ef486f62ac0ac8b8cd10a1dffa0cc36bd15c930fc2ff9

SHA512
4e5b339607b36dc66757f0f10d8bd8ef121a6a9ed64d483e3ed0640fde934ac041758609517410cbdba374532338ab01e3f9b9433dd2c67f381f585120493c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a628931b6e1689cec41c74c4bbd01c1

SHA1
4eec90d2ad0ce100bfb46d5212219336da5fbcfc

SHA256
02b0237531cfa408c188302840651d6d88d7194c33a48fef75ad17e9002f7f8a

SHA512
d8a73994697406f8c82f46c7dbfb0b7c097bbaf8eb3e1ab986069df8bad846457969cccbbaed72474a87d587f59d4b92d3dd151a954a9ff2693be35b45ed8901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3A65.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3B46.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut202C.tmp

Filesize
192B

MD5
531afa31e63f4340844de937716019eb

SHA1
7505578b1384caea8bd7cca0e0e4814c65b98453

SHA256
6361d0896bee3569562d2add5b93c8e1cd6250acec04206e219abe598c78326b

SHA512
b272598cfa49b8d4c7ce6fd32a14a64d6e1554ff1654f629d35311bf40377065d578c12745052ae9a889e5d7f798a73413273b027ab43140041c1ebdd0afa2a0

Download Submit
C:\世界之窗浏览器.lnk

Filesize
1KB

MD5
352250147552124ad8d4a2c676748782

SHA1
b46d09bc8a9f22a6a4a6a814b643584acacb9bb7

SHA256
4a1f4edcdef3062a0d765871cb10cfa2c0e23abd0f3b3efe6a8eb06313bc1b05

SHA512
44ade5b73d287fd28fc9ae8ee359561be4a78cef2e7daf38d40f5196a269efed9b89ee2281cc9de035f8bada3baf5801018b08f78b09a4ed5419451350a7acde

Download Submit
\Program Files (x86)\TheWorld3\世界之窗.exe

Filesize
1.4MB

MD5
a521d52d7bbf6db44d9844be3688b46d

SHA1
16a01f91c58b75b6df32aad260a577d813ec9724

SHA256
35941f051fcc976d78300d1eb177a9e1342904f09adca7b32036373eb10392f6

SHA512
5958f686525234981402f7ce127e5f8601e8353ea9f848aec844c757391f48c43f1e5f27c4ddcf9f1def3108058db972a8053699635e494c181092545f4da66f

Download Submit
memory/2956-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download