Analysis Overview
SHA256
7b58dcbc568ce1400784f2101525498fc37a77ef03ab0f59b280a294daba9615
Threat Level: Shows suspicious behavior
The file a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Executes dropped EXE
Loads dropped DLL
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 21:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 21:45
Reported
2024-06-12 21:48
Platform
win7-20240419-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe | N/A |
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| Token: 35 | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\7za.exe
"C:\Users\Admin\AppData\Local\Temp\\7za.exe" x "C:\Users\Admin\AppData\Local\Temp\\downloader.7z" -o"C:\Users\Admin\AppData\Local\Temp\" -aoa
C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe
"C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r.yx-s.net | udp |
| US | 8.8.8.8:53 | gametool.down.yx-g.com | udp |
| US | 8.8.8.8:53 | hub5pnc.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | gametool.down.360-g.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | pmap.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | imhub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | pmap.hz.sandai.net | udp |
| US | 8.8.8.8:53 | score.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | imhub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | score.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | pmap.hz.sandai.net | udp |
| US | 8.8.8.8:53 | imhub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | score.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | pmap.hz.sandai.net | udp |
| US | 8.8.8.8:53 | gametool.down.yx-g.com | udp |
| US | 8.8.8.8:53 | hub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | score.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | imhub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | relay.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | pmap.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | score.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | imhub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | gametool.down.360-g.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | relay.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | relay.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pnc.hz.sandai.net | udp |
| US | 8.8.8.8:53 | relay.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
Files
C:\Users\Admin\AppData\Roaming\youxi_gjol_downloader\skin\skin.sk
| MD5 | 02c16754cef237c180a8dc2e1eef934a |
| SHA1 | b97881f8e621952e71d96f5816e623af4a037e55 |
| SHA256 | 48246af06eb4e33ade0d615e5d91fdd706ec1c67f9f303d27b26bbc844639bc3 |
| SHA512 | 6e3d24b83cc51eff1246cf59550aeff5ac9c1b4ffd43843995b62b8293946dca5ffc36732aab215d6280f1c034d8c869469983e6751646d4ede10b92f569f466 |
C:\Users\Admin\AppData\Roaming\youxi_gjol_downloader\config.ini
| MD5 | 4b34f6359a652c7596a0a9cf7f74a5dc |
| SHA1 | 8ff7816666bd495136ef83a0d2da2132f27f8e60 |
| SHA256 | 558d9528e417795f961dd65bde725a873b6a70780e217742abb42aa936dbcbbe |
| SHA512 | f784ad2f891b3602a12f7a078db4ab701778363688cb38947160fd8713663117e4ccb7a32cef246fc2fffbbcfe500f21d5e43dd138e42481d90846bf4e101a9d |
memory/2768-14-0x0000000000E20000-0x0000000000E21000-memory.dmp
\Users\Admin\AppData\Local\Temp\7za.exe
| MD5 | ea1ee87d7eb2d36ba9fdcf24263cd528 |
| SHA1 | ff22c6ac17187c0af8155000d1937cd6f5a5b34d |
| SHA256 | 9706c2ddd91e24317de3ba2f0c3deddf5424384e32b2cfd39ffd3a74c05f5ff9 |
| SHA512 | 2f31f9c47fbaa97a994e1dcb149921d515ad2408ee0fa0a016e5e173569b96ef27e2cfd5af4e86e622276e509dea3fdff8469284d60a69ee270c35100b7422cc |
C:\Users\Admin\AppData\Local\Temp\downloader.7z
| MD5 | 50a4726d12aed1ccea812c928f625cc6 |
| SHA1 | 7adc625d70adbc685d7363cafcd9781ea7fbbc11 |
| SHA256 | f8efe43c4635d278041d4c41f098827ab79189c16df93203a5f13c31d5019527 |
| SHA512 | f2140c1cd49b56a170aef22267f2621c8d790b3cd95f4d53c5448bf5b029d6b673bbb3ff4477699a59c2405019e63741d16724a655f0c1284c852a0bd0909e61 |
C:\Users\Admin\AppData\Local\Temp\DlMgr.dll
| MD5 | 1341d73573697c6af12d21911f913511 |
| SHA1 | d48fedeea2cc8c60c3518af8741c7c9b0bad4f32 |
| SHA256 | 295dcdb341098c8f1e402845b02d158cfe8543acfe651c06ce5e1845bead7b03 |
| SHA512 | d937cfbbfc2b3252b7c078d7a0ae91a06fe4495dd9ebb116c5c68302f8819d71a3f8d0a017e31ef4447d7aa758f450873ddd3c36237bd3aea470aba68652c0bf |
C:\Users\Admin\AppData\Local\Temp\xldl.dll
| MD5 | e914a9df187d217c0a1715eaba4eec2a |
| SHA1 | db662eab8b2da3bf56821ec23b0c2ed1dc8d9b63 |
| SHA256 | 95934dae479fc68db1e6cc4517ca0bbd5a72b4fc299062cf4033b87f7fe03660 |
| SHA512 | 996e1de053b588b3a8b9e6fb1c8cd3d2fad9c7f26b4a13c486ec95f4fa00aadbba42af2781678aaddbef872fdbb9e7c3d6c02c72b3d8c3833be3e4b007b73818 |
C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe
| MD5 | a83ef2375ccc10030e64508e1a802ad4 |
| SHA1 | 58f46307be974f0e2ed2e9115bc1243ba6538e3c |
| SHA256 | e3bf11413cefdcd810f047061e70f06a422e22fb36ee66007336c3b28cb073b3 |
| SHA512 | c6995312041e14b81a63690e2accb7c9e209ecaae092ab8f381d3cfef9be815b0cd07f19a1279ee18b0da96e0fa9ae6efd24ae053215e96d34c4fcd7d8d62f67 |
memory/2768-60-0x0000000004F60000-0x0000000004FB4000-memory.dmp
memory/2768-59-0x0000000004F60000-0x0000000004FB4000-memory.dmp
\Users\Admin\AppData\Local\Temp\download\msvcr71.dll
| MD5 | ca2f560921b7b8be1cf555a5a18d54c3 |
| SHA1 | 432dbcf54b6f1142058b413a9d52668a2bde011d |
| SHA256 | c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb |
| SHA512 | 23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e |
\Users\Admin\AppData\Local\Temp\download\msvcp71.dll
| MD5 | a94dc60a90efd7a35c36d971e3ee7470 |
| SHA1 | f936f612bc779e4ba067f77514b68c329180a380 |
| SHA256 | 6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9 |
| SHA512 | ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab |
C:\Users\Admin\AppData\Local\Temp\download\dl_peer_id.dll
| MD5 | dba9a19752b52943a0850a7e19ac600a |
| SHA1 | 3485ac30cd7340eccb0457bca37cf4a6dfda583d |
| SHA256 | 69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26 |
| SHA512 | a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3 |
memory/2588-64-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2588-75-0x000000006FFF0000-0x0000000070000000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\download\download_engine.dll
| MD5 | 3c2b7b3ff7de18fe47a77b712ff00a00 |
| SHA1 | 6d1768acfdee1efb942ef3c28934e127659125ef |
| SHA256 | 4360f3b0dc6ae9aa5b7fb6a6e170e09505bf01df3e42846f2e5270d186f9fa06 |
| SHA512 | 6a795af49d14bcd8fb37a2d36788e226f0f4a040a46c7bbb683fc2b8f4eb18d60b992ea414a89f4ed8020c6b2235c1e490e2924b935e24649a81f890ae78cfce |
\Users\Admin\AppData\Local\Temp\download\XLBugHandler.dll
| MD5 | 92154e720998acb6fa0f7bad63309470 |
| SHA1 | 385817793b9f894ca3dd3bac20b269652df6cbc6 |
| SHA256 | 1845df41da539bca264f59365bf7453b686b9098cc94cd0e2b9a20c74a561096 |
| SHA512 | 37ba81f338af7de7ef2ac6bcf67b3aec96f9b748830ee3c0b152029871f7701e917b94a6b51acd7be6f8f02aea2b25f3b14ced1a218bf4868af04f5207bb5fff |
C:\Users\Admin\AppData\Local\Temp\download\XLBugReport.exe
| MD5 | 67c767470d0893c4a2e46be84c9afcbb |
| SHA1 | 00291089b13a93f82ee49a11156521f13ea605cd |
| SHA256 | 64f8d68cc1cfc5b9cc182df3becf704af93d0f1cc93ee59dbf682c75b6d4ffc0 |
| SHA512 | d5d3a96dec616b0ab0cd0586fa0cc5a10ba662e0d5e4de4d849ac62ca5d60ec133f54d109d1d130b5f99ae73e7abfb284ec7d5ba55dca1a4f354c6af73c00e35 |
memory/2588-78-0x0000000002A10000-0x0000000002D4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\download\ATL71.DLL
| MD5 | 79cb6457c81ada9eb7f2087ce799aaa7 |
| SHA1 | 322ddde439d9254182f5945be8d97e9d897561ae |
| SHA256 | a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a |
| SHA512 | eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8 |
C:\Users\Admin\AppData\Local\Temp\download\id.dat
| MD5 | 86092aebe0515cc017bc94d41ec484d7 |
| SHA1 | faf2ae219e716bb657a9efe7e110a505a669acc9 |
| SHA256 | f777dbd890ca94566d95d21d0398bff7c52f2d8c8825218322910d7b913687ce |
| SHA512 | bce95deabef04d2c3ebf85fa8ea9b2a2739bbac89d803316273cfb56dc08b5090d91b20296363b0ccfd427bc7448a717393490f3b11b50420c03c7cf918b0323 |
\Users\Admin\AppData\Local\Temp\download\zlib1.dll
| MD5 | 89f6488524eaa3e5a66c5f34f3b92405 |
| SHA1 | 330f9f6da03ae96dfa77dd92aae9a294ead9c7f7 |
| SHA256 | bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56 |
| SHA512 | cfe72872c89c055d59d4de07a3a14cd84a7e0a12f166e018748b9674045b694793b6a08863e791be4f9095a34471fd6abe76828dc8c653be8c66923a5802b31e |
memory/2768-94-0x0000000000E20000-0x0000000000E21000-memory.dmp
memory/2768-95-0x0000000004F60000-0x0000000004FB4000-memory.dmp
memory/2588-97-0x0000000000400000-0x0000000000454000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 21:45
Reported
2024-06-12 21:48
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe | N/A |
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| Token: 35 | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7za.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2893fa205e3e21051e634f7ebe1a405_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\7za.exe
"C:\Users\Admin\AppData\Local\Temp\\7za.exe" x "C:\Users\Admin\AppData\Local\Temp\\downloader.7z" -o"C:\Users\Admin\AppData\Local\Temp\" -aoa
C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe
"C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=1960 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r.yx-s.net | udp |
| US | 8.8.8.8:53 | gametool.down.yx-g.com | udp |
| US | 8.8.8.8:53 | hub5pnc.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | gametool.down.360-g.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5c.hz.sandai.net | udp |
| US | 8.8.8.8:53 | pmap.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | imhub5pr.hz.sandai.net | udp |
| US | 8.8.8.8:53 | score.phub.hz.sandai.net | udp |
| US | 8.8.8.8:53 | gametool.down.yx-g.com | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5u.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pnc.hz.sandai.net | udp |
| US | 8.8.8.8:53 | hub5pn.hz.sandai.net | udp |
Files
C:\Users\Admin\AppData\Roaming\youxi_gjol_downloader\skin\skin.sk
| MD5 | 02c16754cef237c180a8dc2e1eef934a |
| SHA1 | b97881f8e621952e71d96f5816e623af4a037e55 |
| SHA256 | 48246af06eb4e33ade0d615e5d91fdd706ec1c67f9f303d27b26bbc844639bc3 |
| SHA512 | 6e3d24b83cc51eff1246cf59550aeff5ac9c1b4ffd43843995b62b8293946dca5ffc36732aab215d6280f1c034d8c869469983e6751646d4ede10b92f569f466 |
C:\Users\Admin\AppData\Roaming\youxi_gjol_downloader\config.ini
| MD5 | 4b34f6359a652c7596a0a9cf7f74a5dc |
| SHA1 | 8ff7816666bd495136ef83a0d2da2132f27f8e60 |
| SHA256 | 558d9528e417795f961dd65bde725a873b6a70780e217742abb42aa936dbcbbe |
| SHA512 | f784ad2f891b3602a12f7a078db4ab701778363688cb38947160fd8713663117e4ccb7a32cef246fc2fffbbcfe500f21d5e43dd138e42481d90846bf4e101a9d |
C:\Users\Admin\AppData\Local\Temp\7za.exe
| MD5 | ea1ee87d7eb2d36ba9fdcf24263cd528 |
| SHA1 | ff22c6ac17187c0af8155000d1937cd6f5a5b34d |
| SHA256 | 9706c2ddd91e24317de3ba2f0c3deddf5424384e32b2cfd39ffd3a74c05f5ff9 |
| SHA512 | 2f31f9c47fbaa97a994e1dcb149921d515ad2408ee0fa0a016e5e173569b96ef27e2cfd5af4e86e622276e509dea3fdff8469284d60a69ee270c35100b7422cc |
C:\Users\Admin\AppData\Local\Temp\downloader.7z
| MD5 | 50a4726d12aed1ccea812c928f625cc6 |
| SHA1 | 7adc625d70adbc685d7363cafcd9781ea7fbbc11 |
| SHA256 | f8efe43c4635d278041d4c41f098827ab79189c16df93203a5f13c31d5019527 |
| SHA512 | f2140c1cd49b56a170aef22267f2621c8d790b3cd95f4d53c5448bf5b029d6b673bbb3ff4477699a59c2405019e63741d16724a655f0c1284c852a0bd0909e61 |
C:\Users\Admin\AppData\Local\Temp\DlMgr.dll
| MD5 | 1341d73573697c6af12d21911f913511 |
| SHA1 | d48fedeea2cc8c60c3518af8741c7c9b0bad4f32 |
| SHA256 | 295dcdb341098c8f1e402845b02d158cfe8543acfe651c06ce5e1845bead7b03 |
| SHA512 | d937cfbbfc2b3252b7c078d7a0ae91a06fe4495dd9ebb116c5c68302f8819d71a3f8d0a017e31ef4447d7aa758f450873ddd3c36237bd3aea470aba68652c0bf |
C:\Users\Admin\AppData\Local\Temp\xldl.dll
| MD5 | e914a9df187d217c0a1715eaba4eec2a |
| SHA1 | db662eab8b2da3bf56821ec23b0c2ed1dc8d9b63 |
| SHA256 | 95934dae479fc68db1e6cc4517ca0bbd5a72b4fc299062cf4033b87f7fe03660 |
| SHA512 | 996e1de053b588b3a8b9e6fb1c8cd3d2fad9c7f26b4a13c486ec95f4fa00aadbba42af2781678aaddbef872fdbb9e7c3d6c02c72b3d8c3833be3e4b007b73818 |
C:\Users\Admin\AppData\Local\Temp\download\MiniThunderPlatform.exe
| MD5 | a83ef2375ccc10030e64508e1a802ad4 |
| SHA1 | 58f46307be974f0e2ed2e9115bc1243ba6538e3c |
| SHA256 | e3bf11413cefdcd810f047061e70f06a422e22fb36ee66007336c3b28cb073b3 |
| SHA512 | c6995312041e14b81a63690e2accb7c9e209ecaae092ab8f381d3cfef9be815b0cd07f19a1279ee18b0da96e0fa9ae6efd24ae053215e96d34c4fcd7d8d62f67 |
C:\Users\Admin\AppData\Local\Temp\download\MSVCP71.dll
| MD5 | a94dc60a90efd7a35c36d971e3ee7470 |
| SHA1 | f936f612bc779e4ba067f77514b68c329180a380 |
| SHA256 | 6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9 |
| SHA512 | ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab |
C:\Users\Admin\AppData\Local\Temp\download\MSVCR71.dll
| MD5 | ca2f560921b7b8be1cf555a5a18d54c3 |
| SHA1 | 432dbcf54b6f1142058b413a9d52668a2bde011d |
| SHA256 | c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb |
| SHA512 | 23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e |
memory/2028-55-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\download\dl_peer_id.dll
| MD5 | dba9a19752b52943a0850a7e19ac600a |
| SHA1 | 3485ac30cd7340eccb0457bca37cf4a6dfda583d |
| SHA256 | 69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26 |
| SHA512 | a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3 |
C:\Users\Admin\AppData\Local\Temp\download\XLBugHandler.dll
| MD5 | 92154e720998acb6fa0f7bad63309470 |
| SHA1 | 385817793b9f894ca3dd3bac20b269652df6cbc6 |
| SHA256 | 1845df41da539bca264f59365bf7453b686b9098cc94cd0e2b9a20c74a561096 |
| SHA512 | 37ba81f338af7de7ef2ac6bcf67b3aec96f9b748830ee3c0b152029871f7701e917b94a6b51acd7be6f8f02aea2b25f3b14ced1a218bf4868af04f5207bb5fff |
C:\Users\Admin\AppData\Local\Temp\download\zlib1.dll
| MD5 | 89f6488524eaa3e5a66c5f34f3b92405 |
| SHA1 | 330f9f6da03ae96dfa77dd92aae9a294ead9c7f7 |
| SHA256 | bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56 |
| SHA512 | cfe72872c89c055d59d4de07a3a14cd84a7e0a12f166e018748b9674045b694793b6a08863e791be4f9095a34471fd6abe76828dc8c653be8c66923a5802b31e |
C:\Users\Admin\AppData\Local\Temp\download\id.dat
| MD5 | 86092aebe0515cc017bc94d41ec484d7 |
| SHA1 | faf2ae219e716bb657a9efe7e110a505a669acc9 |
| SHA256 | f777dbd890ca94566d95d21d0398bff7c52f2d8c8825218322910d7b913687ce |
| SHA512 | bce95deabef04d2c3ebf85fa8ea9b2a2739bbac89d803316273cfb56dc08b5090d91b20296363b0ccfd427bc7448a717393490f3b11b50420c03c7cf918b0323 |
memory/2028-71-0x00000000028F0000-0x0000000002C2E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\download\download_engine.dll
| MD5 | 3c2b7b3ff7de18fe47a77b712ff00a00 |
| SHA1 | 6d1768acfdee1efb942ef3c28934e127659125ef |
| SHA256 | 4360f3b0dc6ae9aa5b7fb6a6e170e09505bf01df3e42846f2e5270d186f9fa06 |
| SHA512 | 6a795af49d14bcd8fb37a2d36788e226f0f4a040a46c7bbb683fc2b8f4eb18d60b992ea414a89f4ed8020c6b2235c1e490e2924b935e24649a81f890ae78cfce |
memory/2028-67-0x000000006FFF0000-0x0000000070000000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\download\XLBugReport.exe
| MD5 | 67c767470d0893c4a2e46be84c9afcbb |
| SHA1 | 00291089b13a93f82ee49a11156521f13ea605cd |
| SHA256 | 64f8d68cc1cfc5b9cc182df3becf704af93d0f1cc93ee59dbf682c75b6d4ffc0 |
| SHA512 | d5d3a96dec616b0ab0cd0586fa0cc5a10ba662e0d5e4de4d849ac62ca5d60ec133f54d109d1d130b5f99ae73e7abfb284ec7d5ba55dca1a4f354c6af73c00e35 |
C:\Users\Admin\AppData\Local\Temp\download\atl71.dll
| MD5 | 79cb6457c81ada9eb7f2087ce799aaa7 |
| SHA1 | 322ddde439d9254182f5945be8d97e9d897561ae |
| SHA256 | a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a |
| SHA512 | eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8 |
memory/2028-88-0x0000000000400000-0x0000000000454000-memory.dmp