aec2e4748e5d82d65dff2cf32a31e55253597f7f4d269139ef83420eb53c2c3d

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 13:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe
Size

11.7MB
MD5

4b6e1702665a807771882b9a7cea3ef4
SHA1

cc702ca8389458e5f3d087483e3f5eacecf8e2d5
SHA256

aec2e4748e5d82d65dff2cf32a31e55253597f7f4d269139ef83420eb53c2c3d
SHA512

63178386b2243fb976ef7d990eea1a7938466f687e8532cbdbabb34d838993858b0d074aacb0caf908067bb12b4aa5eeac21924d846149df54e80ae831a6af10
SSDEEP

196608:b6azvREeqVfga0HcEs4a0PEo84sz3yq2OX3xHjTvmbXGYBdrs6SUFDT8T6kGvDw0:bDRPH51aFo63yAX5/vI9BddFXPk0Hp

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
340	install.exe

Loads dropped DLL 10 IoCs

pid	Process
1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe
1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe
1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe
1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe
340	install.exe
340	install.exe
340	install.exe
340	install.exe
340	install.exe
340	install.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	install.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
340	install.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
340	install.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 340	1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe	28
PID 1740 wrote to memory of 340	1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe	28
PID 1740 wrote to memory of 340	1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe	28
PID 1740 wrote to memory of 340	1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe	28
PID 1740 wrote to memory of 340	1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe	28
PID 1740 wrote to memory of 340	1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe	28
PID 1740 wrote to memory of 340	1740	4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4b6e1702665a807771882b9a7cea3ef4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\install.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\install.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\RARSFX0\LIUXING_SECOND_OFFICIAL\FONT\DIGIFAW.TTF

Filesize
41KB

MD5
d9ba300b6c58e98e55773d73359b7efa

SHA1
5343f138f859a68a2d950a8f6c048f1980516b98

SHA256
e872e203313533c2252c2b1e21d79bd6b93d6851d6915e84cd74cf29cce34764

SHA512
89f4f3ea530de4a2edd169a7efd0600c2f0a83a106d74f8219c1466f02b10247b303641143a7975f24133bde90b221afdb2faa8126deb8463acf92ad3d1d7b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\LIBEAY32.dll

Filesize
2.7MB

MD5
30ea27d324804a1af1f975f314306d47

SHA1
9dc15693ba646659f60da38d47bdaa827d65020d

SHA256
140576bd1bb2918274eb64f302142c9ad982d9e403c3d72d56e5cb5078feeee2

SHA512
92f4d8f29847fd6edc2ea6b219fe5fb6ca03ff025d509f33cefceab7a73284666b8c4611ec882c700c4e410f20e3835663f2b5cc43b97ba9fd30b65a6648451f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\MSVCP100.dll

Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\MSVCR100.dll

Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\SSLEAY32.dll

Filesize
809KB

MD5
9f597ddff0b54bddee92f9a0fd3e84aa

SHA1
ad6043fc868ca3ed82e1edc196de0d293c8dd8a4

SHA256
0580443e24b02002aadc04c4435baa71780cbc0cd3d89a86175a7badcc5f1446

SHA512
a4951444bdab6138beda72c8d4ec878904edcd9401d699348159e54560db5953000bbcdcedeff373063faffdd7344939d2ef5808a9119c33f676fd13234c3a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\XCGUI.dll

Filesize
1.7MB

MD5
ecfcb731d4881a9e5b6a9265aed74587

SHA1
077b14d0c93d14d191cda2c7089c40fa94217929

SHA256
a64cfe03a82ca344030b4ab55495c97e6f52b5cb7fb84dd4c8c2d886b524c34a

SHA512
93b25042ef9fccfdb6756f314bd5aec721094c61e2d0a136cb13ed3a834c13e5cb44d882de9d77889a3da0d4fe621ee513b3a8f4268f5d8526d5906bd75c5fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\libcurl.dll

Filesize
280KB

MD5
55b2f16ff33dbc3154d1edced3edd31a

SHA1
2489f238a6be35f5b506fa4f5d683c15fa259d74

SHA256
863f0a152e4caaf0352b6e0d809527f0a3bbc04983680e1c8b943ccd84299957

SHA512
f624c2f06e2a4d1a5da0488b1cb5286c2566f752080f28abc7e7ef1db369af915a6f30861a89a13f74c9ad5f0841a86f581733579e86b7016b2d1cda07322607

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_cata\liuxing_uninstall_second\skin_pic\prigress_bk.png

Filesize
1KB

MD5
fd1b4068bffec1284833c2f0335e6e9e

SHA1
3bc9eccf7cec4aab7f133acec9cfe927b89d56b3

SHA256
c46ff170d136e49df9fc37e86ce3fdef728f62d6b20a3e1136ff8476aadb154b

SHA512
5412abacc5109617323139852a8f7bcaf1a0ca342622169112a005d7235f8896c4aa54a9f15398ac20473d0f7f1e9b30604ca543a8c32b0528c1f8aee265b25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_cata\liuxing_uninstall_second\skin_pic\progress_ing.png

Filesize
1KB

MD5
a598ee04a1f43012f2134209e3c5ea4b

SHA1
2be530efaf1dc0c1ea5335dd71c35b750108e857

SHA256
fe95f26f0c65475609c13071e5e54ad99689278b73457e9b90dbb57946b8f75f

SHA512
09ae9878f6eee6c77f81bd3805513952b089871fd0aef9d987c85e7702f803524d00da524e916cdf266aecd32c11a22e96f483894bb6b88d774824669a64fee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_cata\oem_file_name.ini

Filesize
108B

MD5
b27880aea047169ad5121d86f1d34878

SHA1
a84e1288936c5436d3e583aaa22f3e6356b5eb38

SHA256
1510d5a902de498dbd7648eaad0124ed557eca6638a87486c6a2a40e8fbbd07d

SHA512
4ed0e8e2de019b74e3446b181b2ea5bfcf72b9f259690d200154a549a7f52872bed28508e3192402c710d6b04b51ce9e216e6b80f692e2cd7a978a90122bbe61

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\resource.res

Filesize
5KB

MD5
b932acf75476f48f506471aff7c83bd6

SHA1
27ebd0d12212654294c760bed0d1b64344ee90f2

SHA256
97100b5ed7fe75d324317b89f3a8f63d1b72f3430d2cb4991928f83adfb01b2f

SHA512
20cbf2ebf28e8c606ed6705b5f72b6ee59e31ef1c21dcd6791604c2534b65de77ec286320b2f5f706a0dd159fae1e7214d7f60c2420e03baea4075fd64cea5b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\btn_opencate_hot.png

Filesize
1KB

MD5
36cb3cfc519392cde81c83794518643f

SHA1
cb4a21cd5dbc99e4397be5461b8fd6ad47a68d9b

SHA256
0c23e10bca07c2c7c86b7da89294877e0637f73a0bbdf0b155e25ac01925a761

SHA512
56e1a82f9c582b4f9b75181da2a654f336201bb8f7b0c370d5a0cf1d956c32cff3df5b285af71df8bcc2721e80b600128cfe8362a1605962050fe17b374f1a1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\btn_opencate_nor.png

Filesize
1KB

MD5
e863fe59814fedf296ee6b8be149135c

SHA1
70f86d6e7610c2db5f33da9967b1577d107b48dc

SHA256
a37a3461adfcaf7720885f62d9746815dc5fdd8ac92af71e6abe8d2971a5e092

SHA512
41949f27cf410c9ee4a463fe8608ce06b010ec4770f288312cc2bb1fb995ce351d82c5f380997a0c451039e6c1403cc97e503513304b2da55c0867d36e7d2a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\close_hot.png

Filesize
1KB

MD5
46d7471fc199b3b03352084c43ba2c1f

SHA1
f5260c7d7a97dd262a0d87ab2352663dfcc9612f

SHA256
5571ac019ad2650f17ad824cc31d76bb58412ab650a14d9ee322fef186588827

SHA512
081f190e3a72c155e9584f2faa0eb2fc6d87f17bfb1b0795f93c50d054b7014333309bbb354a69c2c62a74e0eede2eb49bf64b25bbe4f85fb72836e35978410b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\close_nor.png

Filesize
1KB

MD5
1761e52cdf236000327a4b82de012abe

SHA1
eee9faed9e367ef5e46a3ba9fd605679c6ea2606

SHA256
c2a468a69ade9acb0a7ea5f39f773cb22ba0c170a4b2c08919259cb2e9234987

SHA512
a21deb122a02932723bfc8755e555142c07ff1b77e4aaad901706ceeaf95f384f44940e9d8d88c8a4086ab2a157cce691839013e0ad40573c28d8b87ac8e446a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\errorclick_hot.png

Filesize
1KB

MD5
1b24f71ae45ac610e015b7b183bbdcbb

SHA1
3c299c1528c200aa3cfa633e6c2d8031761a4844

SHA256
581da2e45df046092550b310053f98c3efa8d2cf82776c5c06ef0a8d673fd2ca

SHA512
bc26ce3435d8f1314701d4fa7f00169fda2f0364811cd3f2d88ed1b6049fe08b57ac28e2bc066035d3a15b43364e33cce7ac0cfc7070ec4dab9611da8ed0969c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\errorclick_nor.png

Filesize
1KB

MD5
081a5c5dc0313efe8a84c867d5caa295

SHA1
10839b86dffff2d1e2bb74acd56ebd838efdfbca

SHA256
2e2e108aa82fbe9957d8529145d8c28aa94984888f55684ad9db443820e3a123

SHA512
c856188ba83893e24755e69852b1ebd0a50d6735cb7521331e4ad91dbd7d32fac0218033862aee37f79efb7d046fa36b06bae1d374026fadb7c6101861e1493d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\errorclick_press.png

Filesize
1KB

MD5
47e05c662b0d9d6b0d422a1baea5c8fe

SHA1
b5d0944f3550435ff14ac5b37f9fbca806c545df

SHA256
84682aaffbba44501182080bad73d87ba17552c7b54fe679b47a04a8075415ef

SHA512
54326f0f6894b76bacde26a4225357a169c3b7aa056e875c042d2f6d5a9d45a0f71ddb57eb691b4986cd17d8c23c33622189dc6ee6481079a51c17a83557634e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\first_text_logo.png

Filesize
5KB

MD5
5b10dc5e5eb344935af89feaf6d14302

SHA1
81783a033253843a42b9a888d6ab05b672bd1f9a

SHA256
42c0a4230d79bcf38d21a03b08a67678743e56b94bacc727cfed3c4a85325390

SHA512
eae13912db4e819b6caff250c941cdd647d6960040ae741572fc7b65f608ba6501194924bfbd065cc77274ff7cb9485c26b7b6d948d246bf494130374ebd3ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_bottom_back_.png

Filesize
1KB

MD5
c2de11ace8c11b5a8288b12942ebb822

SHA1
03d856294ed738e920b3998cf06b00516bf38d03

SHA256
311a09d9ece0b9366f4a646ca5c881ffe3ed053b3b7a595b3e1a27ead604ab5b

SHA512
2026f84854f65d56fd0733544b2634201d1e7d499d915ad10e5e0c6f55b3a3cfcddd2829d28670c71108d25bed16740c93be1c8f1e5056d256f91ae6387f38b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_edit_bk.png

Filesize
1KB

MD5
6fb41a86f6903182766658e7ae11f4da

SHA1
45850d10285dc57e86e19751c92cc5022ece512f

SHA256
576364a310bfefddcaa359adbb19f38bf38372cc0c27344a3e6461c200191ae9

SHA512
1cc8d735b1c4ce22e166c34eaf852b74cb92e6e25f446db9f9ab38d4dc141d5f9ea87cb2cfaa931384c3c99fc0303cce14c2a4f601cac1766232f2fccc586abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_logo.png

Filesize
1KB

MD5
113217d880425fc69bfe546a28c86fec

SHA1
dca3acd4cc5826e72cb206591677a57ef9b84a74

SHA256
03651a151a1e1f9c8fa837a4747bc1ad8130bc726ba1be4eef0fbfdc037643d6

SHA512
f0a88271b1c4482df0325b07f751cea0c03a9343719ec43bb1371fe5cbe3fa65a1a8c5a807d2b260e68d3588e3f62d6ca94f8c51334596f744d85a3328574ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_percent_logo.png

Filesize
76KB

MD5
41e12ec606ab071d94e156687a687eea

SHA1
320b303e289041a86b01bc3b25978fff3340a01f

SHA256
0b1eef8006963cb942330983cae061c19cc74c6c314fedb18b2418a42635a6d1

SHA512
abeb284194386b22a6ad508c10ad9f8776620882060f5f69c88833ce21a3ce820a03904ebe3047315955f643fdd1fe266f3204e051b6557de8a0ddbb8bfb6b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_popupbk.png

Filesize
2KB

MD5
26daafaeeb5ae3f8ded7861f2eb02067

SHA1
6709c94ff7437616a1f1ea5b17e3fc7a02942419

SHA256
1472ae2b9de1c35b703d0473867201ba70b3e62cafb2724b8bcfdd1bc2651e13

SHA512
7ac4cc15f70d7bac06135c683d5ae16bb7bfcfe637a06042176ade5962613532498c374035bd92cb8f121c0eb128b810e350677d0d9e3abb5856de89795f7ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_success.png

Filesize
3KB

MD5
a20f9e819945b651cfe9cd9d24154b82

SHA1
71cedf870b4eec891a0c7edad7b01371438f5a22

SHA256
3cbfcd2931eb60866812333b64fe2609b87b6aecac9beb8952730bb99989a50b

SHA512
5e943fdf7c75945189faeca5e7300bbb5cde77ac06ea216e8e0eb7f0d4211987b96dbd037465c155cb8c7a8d224a8ca51be89d35eb7def9b8a142108d2c94f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_success_logo.png

Filesize
15KB

MD5
8912e5c90993ee9b5f2ec00599a8774f

SHA1
29f16b5f5efe47100c38314ab929a2805ae14705

SHA256
e508a2552d39913275729184c4282be86d8e59a894c981ee284f1b91f74298bd

SHA512
3d59b53e267ec6fa002cf5ec033d792c66f09e2046f2b58f9bc4cc7c5528ca1b714bab2e3885324918caf8b40b90eae15d1a7e31c25879d7e7713faf5397d1ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_success_logo_text.png

Filesize
2KB

MD5
7068a8b3361db8a6e16d9a486d6944df

SHA1
4d5a50c94e28e260966dd5049833e8c2acaa479d

SHA256
c3392948ee41b70e2db1be0ae44bf3643ec1195d4c23e86f3b81c3964a86298d

SHA512
cc75c38eee43e0c63a27c5d99a5cdd90a1cafb66669487e58fce1abc865df0100f10204d9cb61b06a13f6e501eadf2ce4b9a019e52c67488c36792d38ed0ba18

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\install_top_back.png

Filesize
161KB

MD5
b14886abbc3f48f27a33cf263c3d24cb

SHA1
ee3c547c84f4b4008367e6afca8d22b352d7878b

SHA256
84e5d7d50e6c3d443117afc5ec179fec8fad4b9e209aa6e7702e049cbc80f73e

SHA512
9d7deb4003028b7f912c634bae67846460059e286e7b9c642847ae80d0da9f68be3863746f6f8a3f6b7512aad42b169f9479eb054049b3e639108898b439dec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\min_hot.png

Filesize
1KB

MD5
7094d2d0f3574d63ec8a03f958ad0787

SHA1
332c8b2184f30ea86f2181d8759282287faa4c1e

SHA256
db1794373e2629baf163290231ebb2699d2b6f681efe045649851ff3e3dd7992

SHA512
6c57e660026610633cc8be3505da9b528b57014eff0b26ca65e0d9c7772545b6001b3e99c7d460edb2fdd09b1239ef3f81c82df00cc9ae8c3710fe70c37bcb05

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\min_nor.png

Filesize
929B

MD5
7d49fb0c7e0fa67c061dc954b68a91e1

SHA1
8bcc300ebb491e40205183a16321ebd24de8eca7

SHA256
f2a594f422bc329c4d0e2264706ba17d22f006e1a79852572c0e22707dbb8c5d

SHA512
5e2e40e25325ac120015be8975a257aa6463a6a615866d7e489d263a872c9353b4c6f702f020c487547463f79be0342070ab756e2de138f5c92a0acb10c903d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\popup_btn_hot.png

Filesize
1KB

MD5
e87a396422459d7e23c6e20d05d0fc42

SHA1
7ba32ec20f08796ed7e0e030f484c3abe28f321e

SHA256
679fc070e0c95f4500eb2f47d97bffe5e7bcf81350135dd2f8eac0e96d776f09

SHA512
b5163038ec50a699fbddc8f49067536aaa228d1d117f433678fa56ff61501b371910597549faa010b24bd8471b2178c158f4d0a3ce814bd7bf05c568d25e5eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\popup_btn_nor.png

Filesize
1KB

MD5
4c28088345d299c42c3b46dcee3c2b1f

SHA1
1aea242a83b0c7d63550ee50cd8638b5d13b6db9

SHA256
176eec04e1a6a639d04254ca21f58055b3deae3dbdd4321fbb648a6aee9a943b

SHA512
9cb05ccc98456fbf7bd9e84b55b77fc93f4306938fa7c528e19c20bbb1da31c51adb9418f91ba95b2ef7011708888df61bc67be214d134b6bc130079e4cbbd49

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\protocol_cek.png

Filesize
1KB

MD5
0c1de804240fb34d9f38bfeee23cb161

SHA1
3f8f70193b39e70ccdeacda7e269bae0dd341bdd

SHA256
ad61d7a4896ccd9104ba42964d880eb3affd8c9e026e40962a9fcccfe1b99428

SHA512
a2d7dea8430b4d9926b1da344b3136651a2d30435b9443368e39dade2fdeeba626e0bb1315a2e0979a726245c25db2b2ddc18d24532c100f26df86039f9fc268

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\protocol_uncek.png

Filesize
954B

MD5
67900eeeef2e826babc8559fc2855fd6

SHA1
6c0053f7ce8035648e1266dde04d617ac213f2ca

SHA256
68edd834599eb77c90cb9ebb9e8efb7968f5ffdcd9c2284d380caccd7d8a568f

SHA512
038c616950a998c87a0d3bcf42b4576289690841297e681da8d8e7179d6b0f1225a9fb62526964c7622a5d7b50467ffa1340267b2011f08854e5da53eacea246

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\robot_logo.png

Filesize
25KB

MD5
664fa24030c4669472b40ef33d692c9c

SHA1
8c3a37bb26f4e11541344b24030d80a5309eea8d

SHA256
072e60b9ce32f68738ca09e33495c22a030edc1d426dcec779eb033dc3e5615b

SHA512
2509dab8e681cf0a45d2a750e0f0590d00920d47567416054cddfcfcc699c74694235157772911a6f13face9dae5914ad66c9935355d03a5050693e439d9aea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\senven_last_logo.png

Filesize
42KB

MD5
568c7c6af80673f555f874659da81c50

SHA1
73efe9513302419c00391efff17967caafcbeb75

SHA256
e3e15cd0e93ff0b7d682720917a6b4b8827c5509c2e97be0dcb2ef8359c9e2b7

SHA512
b4849d4ae1ba5ccae5b96bd29d39db022f16faad8cdba3ec670914e528e42c44872a8f3c5893320feeb0c3bfc09f9aaa4c918c6ad451fd7089108e71601ea0be

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\skin_pic\senven_tewnty_logo.png

Filesize
47KB

MD5
0512f22a82b165ad7497437f7b30d33f

SHA1
36652d8cf8bf1d8a16a31fe19bcf03b22b565066

SHA256
f73f4fbcbdff6d129be07016f7a96ca7509c11bdaaa8ff1ac8c394e22878251d

SHA512
9e85765b04ac960f1f3d07b659476529ce8e204a3f58a47b4ae577fc38e1a46de55fdf971ad29ffde84836178928bff8529cd43adf8975cd2557456bed43f5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\style.css

Filesize
70B

MD5
3e641bb2a30002850e157a95b5bfba4a

SHA1
77edf8878d36239f68ce2d6489f9844f8e055dc9

SHA256
4493063b79fbd76098d5c55da9d41220260d4040ccc66833ca2edf6969106938

SHA512
81c3d68644846000f07c1870aca744845c3435a7989fecc92672f0778038757fd00dc489076c3905f6eea41596e11ae0d06da04e362475a0a1239b296bcfed89

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\liuxing_install_third\ui_install.xml

Filesize
26KB

MD5
72cea665f8699d47cce3f05e9ba59a1d

SHA1
7f916bf930d56254c88e834c8c5d4f2dc8304fbf

SHA256
38e0cf61ca3468be3763a140728f845f835d2920857d43d5e7f1dae63759da59

SHA512
7ba68e5b3db9ac55a7ed2787fe9b3fc40633cf6536eb430551c712b225b16c826d5d0dbb6c46fafbd192e559e094fec893d78e999d302a4472fe98b7008f5b0c

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\liuxing_second_official\install.exe

Filesize
485KB

MD5
30e414e1e7297e9b5e955bcd1ca427a1

SHA1
6b5c97f5c960ae5cdc2cca3e7cf8298823674068

SHA256
232c60f3232be01df7f1dc3785a64069a601c4bd16674deceb185a6dc5013563

SHA512
fa3d4b83f2e7b34c1370d3a8bc9093776cfa64fafe892f280d0982ce6654f74fe159465c39e89302121d5cb61435a0125cfcaa01d1bc3af2158c7a080cc6554f

Download Submit
memory/340-946-0x0000000074C30000-0x0000000074CE4000-memory.dmp

Filesize
720KB

Download
memory/340-945-0x0000000074CF0000-0x0000000074F3E000-memory.dmp

Filesize
2.3MB

Download