a00efafb9deb99a99bfdd34f55818983e9cc675d1cac6b71b9fec4b0bea1aa56

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
Size

3.8MB
MD5

1a953973ae8428f6f44f37c6fdae3d68
SHA1

13337723278cf301891f6372451123552b9bf97f
SHA256

a00efafb9deb99a99bfdd34f55818983e9cc675d1cac6b71b9fec4b0bea1aa56
SHA512

8547d333fc7d24a9e6662e4a34b7cf544783acc8c54b422f51ed81b3fa6819e93a07ba46bdb4bb0d31c7256abb748b20797475c849c5b026574a9f08b26879c1
SSDEEP

98304:cdaT/7lJGQLHsaVw+OCzYSnKaWFZ45wVtew/ORnC0N5:cA7lJhWg/KamcMIw/OF3v

Score

7^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Coral.exe

Executes dropped EXE 3 IoCs

pid	Process
4984	Coral.exe
3628	Coral.exe
1936	Coral.exe

Loads dropped DLL 36 IoCs

pid	Process
3352	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
3352	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
3352	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
4984	Coral.exe
4984	Coral.exe
4984	Coral.exe
4984	Coral.exe
4984	Coral.exe
4984	Coral.exe
4984	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
1936	Coral.exe
3628	Coral.exe
3628	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
3628	Coral.exe
3628	Coral.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Coral.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Coral.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_vsoso.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_vtudou.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\Skins\Coral.xml	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_btn4.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_nav4a.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_search_smallicon_sogou.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_igoogle.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_sogou.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\js\iepng.js	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_logo_xverycd.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\CoralDb.dll	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\css\css.css	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\fancybox\jquery.fancybox-1.3.4.js	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_box_title5.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_search_bigicon_sogou.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\home\qq_small.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\js\unitpngfix.js	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\gradient_bottom.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\gradient_top.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\popup_dialog_list_button3.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_baidu.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_xshooter.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_yahoo.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\CoralUpdate.dll	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\home\kaixin_big.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_box_ks.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_logo.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\popup_dialog_edit_bg1.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_logo_mbaidu.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\Config\FavIcon\default_page.ico	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\search.htm	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_box_line.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_search_bigicon_youdao.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_search_button_bg3.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\popup_dialog_close.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\loading.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_grid_bar_edit.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_bg.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_btn6.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_nav2.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_grid_bar_remove2.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_grid_item_add.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_search_smallicon_youdao.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\guide3.htm	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_box_ls.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\main_search_bg2.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\home\fenghuang_small.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_mbaidu.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\css\jquery.loadmask.css	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\js\coral_lib_min.js	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\gradient_bg.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\popup_dialog_background.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\Uninstall.exe	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_wwiki.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\Config\FavIcon\8FDEAD446A8D607C20207D38D669E349.ico	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\popup_dialog_close2.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\switch_bj.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_google.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\Config\FavIcon\6E086A7049DD129DF69051413AC6AB3A.ico	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\Config\FavIcon\85131C29C8F7B398A345BD7F1A51DAB1.ico	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\guide_img3.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\popup_dialog_list_button2.gif	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\home\163_small.jpg	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
File created	C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_gdangdang.png	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\Coral.exe = "1"	Coral.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT	Coral.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\Coral.exe = "0"	Coral.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER	Coral.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\Coral.exe = "99"	Coral.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER	Coral.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\Coral.exe = "99"	Coral.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	Coral.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4984	Coral.exe
4984	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
3628	Coral.exe
1936	Coral.exe
1936	Coral.exe
4984	Coral.exe
4984	Coral.exe
3628	Coral.exe
3628	Coral.exe
1936	Coral.exe
1936	Coral.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3628	Coral.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1936	Coral.exe
1936	Coral.exe
1936	Coral.exe
3628	Coral.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 4984	3352	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe	91
PID 3352 wrote to memory of 4984	3352	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe	91
PID 3352 wrote to memory of 4984	3352	1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe	91
PID 4984 wrote to memory of 3628	4984	Coral.exe	96
PID 4984 wrote to memory of 3628	4984	Coral.exe	96
PID 4984 wrote to memory of 3628	4984	Coral.exe	96
PID 3628 wrote to memory of 1936	3628	Coral.exe	97
PID 3628 wrote to memory of 1936	3628	Coral.exe	97
PID 3628 wrote to memory of 1936	3628	Coral.exe	97

C:\Users\Admin\AppData\Local\Temp\1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files (x86)\CoralExplorer\Coral.exe
  "C:\Program Files (x86)\CoralExplorer\Coral.exe" --update=install
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Program Files (x86)\CoralExplorer\Coral.exe
    "C:\Program Files (x86)\CoralExplorer\Coral.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3628
  - - C:\Program Files (x86)\CoralExplorer\Coral.exe
      --type=render --channel=Coral.Pipe.Event.Write.{A67BE651-5704-4157-B265-25E6422477F4}?Coral.Pipe.Event.Read.{E2FE3D34-BAB0-4F94-820E-7AFEEC147425}?Coral.Pipe.Write.D.{1E5D1E70-6F0E-44F2-AEF3-CF81EB5179C4}?Coral.Pipe.Read.D.{6F1B3A7E-1027-44E3-9441-19056361C6B0} --parent_channel=3628
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\CoralExplorer\Coral.dll

Filesize
583KB

MD5
afac79e92e3785299f191e74de3f366a

SHA1
d00b781bffff2967a434bc8cb69d4e6202e6f57c

SHA256
e2fd8e0e1de3035c9cddc201fea8cbdc89f91e89bfd60a1ab70bfd317e3043b8

SHA512
212f730fcd0c587ca3920c4dfbcf1266a96c87bb045f2b0ee7e80e0551c97b2978be0024ff14e3afc4e6025d273fe7508de1d7ec08d6d5ba24201a0f502f5806

Download Submit
C:\Program Files (x86)\CoralExplorer\Coral.exe

Filesize
391KB

MD5
f22c19dda6a7b1ee28a17c96da81708a

SHA1
2e562cd48ac73b66fdfe66389c57b05abc205be2

SHA256
2f54d182dc21951bf4bc083bc479bf5afa7fc3ce2bc0d4153fc122824d94ea43

SHA512
9c370d716f88db992e424f6899a50962eea9f19478022263c95cdc06d15d5663e8a25c2dede8b6728407e75b8c201fa162b91e5b747188f77e37b83c1c37234b

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralApp.dll

Filesize
109KB

MD5
007807250a94f82a475c21908f840ea5

SHA1
187cba9542083eefab386b2f51610a3a9eed0fde

SHA256
f8af22dcba5f19703cf3a8bb36b14c7c8f1c4797dbc383844f78db3eacbcf4cd

SHA512
58c48e86a9635bac92569fcd5afa48508c96a833576eedd76efb010883f0e711baab18f79bfa92be71a5b85256b60bbc9ab3bb2da3243a460d37e3aee898d241

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralDb.dll

Filesize
1.0MB

MD5
c97b98c70ec8e4407879270b3ffe8984

SHA1
f226b353a5090931186842b36f01fb6d3f089760

SHA256
4e7b5abf6df3b4ca12e1edb1543344452446da9ac3fdb27e5bf754ae09906714

SHA512
f8f3eca681855bbaee443053f8429c4785838edb379588beb501fa6ac6d0de8ea6c2ec9136a3d8a0005bb48efd7fd7a2a9741eb78d3dca8e49081ee4a817275b

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralDownload.dll

Filesize
294KB

MD5
6973407fda8c04e298013976ed07eb88

SHA1
fdc718fac0f1e122083f75771bffc32da90a8d38

SHA256
5c53566c36ae2d03aec24711ea33dba5d60f8943306a70a15c52836ab99545f0

SHA512
2e4af02cd94d72934c66e919d7f023b483491edafedbe0d59cd1118d098cd9e51bd07d7fe37f9d27955ee1a94bbe891b8037376c83705d33f47bca20a061ec80

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralRender.dll

Filesize
137KB

MD5
832bf20d1d1ed5c247ed7367508dd428

SHA1
9715a09440933d558e208af914ab730e0e4789ef

SHA256
e1b1f74f7048c9d4bdba657912b622481271e8ac7519d1ff2ea7b38d68090253

SHA512
5550991e2f010585956df506d9c2c6a636afa556c29462e56cbf6c3ad26dcd493dd235f1e26f21529a07fee485d7398e61cb4ae9d78a85a8514d2b93263a0016

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralTrident.dll

Filesize
506KB

MD5
993b059afd143fcd153d4aa1e456a5bb

SHA1
8a7bdd26b963b65cd490f25c21340f5f10dccb1d

SHA256
aecae09d1637cd5910b06fa41ee73fb2cdde6c8756a535152c6fec9cb4b9253b

SHA512
dc5dc8ca1f4ee7a88ad43b790d1563ff27c335df6931eaa0041cf78c4602a56792c93c6a1cfa71b42693c91dd76366186b27b3f63c7f05a3440fb97f47761d0d

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralUI.dll

Filesize
1.4MB

MD5
2c157ecdaf8a1cec3106f214db9dd974

SHA1
a0505c990694c03b349fbc7597935807c0bfcf52

SHA256
6662595d4183df68a822c715ed3ea07e0db1c7478b76747ecfc737fc183b0aa4

SHA512
f52c4419d64426aa6a914a46a2885b77a488d2442e4b34109d569222c187a9a42872745eb0603221791cc4aae119bdfcf0776d597a5f08aebccbd051462c773a

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralUI2.dll

Filesize
1.2MB

MD5
f9cc511af5284c1de27cd87a76aa684b

SHA1
c1319584ef86228eb76b51c816024554e54e450e

SHA256
43e5e9f9e40a9cff4580e31d69a7c2851184ac69d98a7ffa1c768e2e17e14505

SHA512
d4ef4b62c07b262cc9d760645f6e819b41e28b1207ab9f1a968bc7584b4c63a2cf09c5b0e0a56384f1777f06a0887ced5172b32f05e940b92013b3f262e8c153

Download Submit
C:\Program Files (x86)\CoralExplorer\CoralUpdate.dll

Filesize
352KB

MD5
7b1938124b07781bea91fae264e99f87

SHA1
39ff40d2b9d1e5f51a2d9817d801c4242d21763e

SHA256
281bd67d445ccc728f5a92fb8200e306cd8d4d311a6a9edcb8c9760cf9d1ea93

SHA512
6bee84c135c60496eb79b272afbb5881cc3c1ac82bcf370b40209b5532d3922fec7be4b5af05044ef644146cda7d0baa32f344b86a40f1c27d416bb758c743bd

Download Submit
C:\Program Files (x86)\CoralExplorer\Lang\CoralLang_chs.dll

Filesize
826KB

MD5
2993bf60fbc99915bea84ec46b7f8c48

SHA1
2d50e9ea4a1ceaa97ff1a493fc98e5743d87b672

SHA256
1f357e6d38755f71199546f3bde20c285548105375ca9830742fb7d97f6b4759

SHA512
63b8cfb0b424cd86f2c848f7cd248bea339b1b5ef82c1437f6253abcbdfa252c49aaf8e51ec259cc2e87857ac9044328ecc2f8a60082016dae5ba2b893a0b283

Download Submit
C:\Program Files (x86)\CoralExplorer\Skins\Coral.dui

Filesize
14KB

MD5
b2b5ddc25bc4eaf198975c8a29ac536c

SHA1
8c705565c640e62e16e3b87a5a62a098d1d8b3c9

SHA256
ca537dcac322d1c01152b906dd65ba915501da1b9377b02b0fddf8a010bae390

SHA512
bef431dd66533bf77ec936cfd0c4ab6947cda92c27f83d4b0f5a06b8b56a4ccd0d42d28fbb57b71acf7c21cb09ae3fe613495f4cb0f73af9fc1b2220eb0d3259

Download Submit
C:\Program Files (x86)\CoralExplorer\Skins\Coral.skn

Filesize
489KB

MD5
bb604f2a8b6ef74401a2a4833a3a20fe

SHA1
b87ad169a7c407a23622ff912898de172a313d48

SHA256
905f0bff9d4749df74bcacf08a4e9ccf5e513e35c697ad6c005052ba6cf80a0e

SHA512
d73125c814b8aa145b72565c84dd4584c356252796a32bcc25982a9bb8669f488a15f3297f80c36a469c150c477c196c77549f54b7f0da7a27b258eb51e27816

Download Submit
C:\Program Files (x86)\CoralExplorer\Skins\Coral.xml

Filesize
9KB

MD5
b9c86de86d2ab067feb4ea96afdcd6b3

SHA1
59686f51c86d21c831892b3caa2779e6d97063b6

SHA256
e04f2a39559590f42dc829f16003e5f447fef29d9e7d86f80ed823a6f1917332

SHA512
5721ba72db4a2b6d5f7671eec1fc2e0c06e0ed79b6d00803a9a34f6b3f2fb950eb078f5ade582c1abe758e62cdd36b232920e969e5cc8cc7f177fbb8b3ef8355

Download Submit
C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_vbaidu.png

Filesize
3KB

MD5
30e1c795f8a8bb9e99be96d3865dacec

SHA1
f003657321292c8997baa2d35753eeecb20c820f

SHA256
cfd0f3eb5c342d5e81babb5e5cb99ab4aaa5b1110bf39c95bd09de4139eaa72f

SHA512
40a295c5e031fb66a7a3563d2ea695971c9c0763f6f21d8c94e1837ac69e4ef35ff696b52169409123acfa6583d36188df04b3687d400faa44f4bc39383894e4

Download Submit
C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_vgoogle.png

Filesize
3KB

MD5
dd72f6dd49580b9edf590d3f9b925e7f

SHA1
3575f34c75e250e74cc0c2b8086766241056c63a

SHA256
42fc51da62c7bee278492770bb3e56856c34eb8b040ba3e85646e62f89957608

SHA512
a7e0da46bc5ac4e281907c00eb6df45b84d3f6160abefb294826eeb3483271c1da56ad4509c74fc40c4a8af2525f1b3ef6e6864b43caada17d8451b5a0945ec9

Download Submit
C:\Program Files (x86)\CoralExplorer\StartPage\images\search\main_search_icon_wsoso.png

Filesize
3KB

MD5
64af18e9c6b07c2c60b4d90d19e78320

SHA1
1bafd7b79ab3022ee8eabf6a546948af90591b08

SHA256
fadb9f6900ee8b6d64e1588a45fa657e74b0cd7eb49b10581ef266ed65ec475b

SHA512
29d8c917fd15f4d57a2b26d919fcb1611734266d528ee121ce2005ea37a36e2256fee1dece75465abe6c91d30adc218aa3c53121c981ba77cf31cb899a6bdb9b

Download Submit
C:\Program Files (x86)\CoralExplorer\Uninstall.exe

Filesize
100KB

MD5
c3f1b19b4099c1b7f518a12fc841f199

SHA1
f19ed6973bd67481dc54a4ba3517a4b67b1a4848

SHA256
c6d5aea8c2cac96adb2c5612b2aba53d9afa71b4e4eeddcc30236e08d2029b7a

SHA512
12a1d939fc700b63ec55351494959e36a1b919702634585603fb60ca3540c6ef6f69394349d9276d9e963961ba0492ca6f5e30599facede019460276bfcca346

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz37A7.tmp\FileInfo.dll

Filesize
46KB

MD5
25aa25fcec2065cdf81f77d2153a63a7

SHA1
e09b96d596323201ce5586daa16c9b8ecfaa7654

SHA256
ba62fc93cdd027de00af9cbaf31bf102d47fe9f1d74493ebf6faa2f2c9982435

SHA512
5de8b9ca1b38fba4f63756066d10a0312acafe9c051645fd192e500d1cff23a21845cec2d1fb1002ddf7002f9f6ae3962fd6087f3ab793d9630c33e35d6aba64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz37A7.tmp\System.dll

Filesize
11KB

MD5
a82b0479708b96c7bf4dd6b798aedee0

SHA1
7e47b402848a86bdddd5f0de8bb4620471caaab0

SHA256
72410442a894b8316da6ad469f03997ec17c0b0d117745bb6ac5cac3232c7d20

SHA512
02e07def3897d87d546c0cf1492191591be587f64ae5c165b9a91fb977585c65a860135eb8c102b67dede913ea935459ce70c4ca973b292122c8d097ab130d58

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Coral.sts

Filesize
112B

MD5
c1af9f78c90db162de4eb1b77e4c0bec

SHA1
7f1ed180e1e1f2c9ad4a985ef53993c16e780ee6

SHA256
395f4782bf70620c8f829820d9fb5fd49b991de94a726d82d3e40cf72d2ee0e1

SHA512
e9354a674c1222fd50b187bc0d4831ca9518b65c6782d0f1db457f2b8e302139935d4bf6358c64cedcbd51a4423c27f4f04ebe5bb0f817daeb111df5dac2d58c

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\AliasUrl.data

Filesize
4KB

MD5
af526fa244343ffbee61f1aee051d02c

SHA1
154ce939b125190ec9d0fc70879e272a778f3bcf

SHA256
bdbfeca948c6323926f91ebeb07f935830ab12cf94456f0321c05024ef3c790c

SHA512
641fd7ca3bc5615aa66a8a86efce003b2e662bb664f3ee7daca93246ba78edbebfbf75e31ddcebbf6dcc5bf732f3c8288c0d843e71b82dbd58827dd50102a104

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\CrashUrl.data

Filesize
4KB

MD5
bb7de173f28b7d5ffee13b08b1470dba

SHA1
03e6eab927aa755ea76b1521b5c57b1f9e489b1a

SHA256
766db4fd30fec35c7dc056021d68f1b2e44dac5808faf8baf2aee2c70e0e4bd3

SHA512
ce39e8dada47048eb4e846dfc09d80dec2e486db91fd7fccca9d776ef4da9cd51c02a9c65371356ffe19d625dc1b2583c45190181fd979e8b48fceaec5af6528

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Default.cfg

Filesize
29B

MD5
99fb8e84b8aa92889349054a60e1f359

SHA1
1b3dd1afb4fe4533ca16db4dd3e7845c13b0e1c5

SHA256
5313e624a817ebcb34675027d12b87465de4fc4fdddfdd74d244490c4911b8e4

SHA512
2a99095109445c3ca1b9fad5c87fdfed331641401ca8d19d3ab4d109e18b9dc5feb739485f14f390bd3bcfa3a4325e3b1278fe1bb8690dd8df16edb9af52faac

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Default.cfg

Filesize
1KB

MD5
c6f595e0c965414927315233a58dd6f1

SHA1
9842a93cc5f77e8db3bc53de4312970dd61c55fc

SHA256
9aa580042564535dc007c955a89ee64d73e3c9ed3b520d66ffe738d8dc60a469

SHA512
b75c2c768b56636b8b1742ba219542d11632e5fc1f67bf42ff24ee47ef9c562071845188354df37b259b5d18ca8a5b31203aa93a72b7f99cf6024862cbb4cdf7

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Download.data

Filesize
11KB

MD5
90f748d2e698c98d82f2ded5e6e7711c

SHA1
ed5e91c7d21db4d3fc18d7906d7490d44d7ecff9

SHA256
1b547e776c5fa34c462f61850731c2f1914c6d9adbf6970250d3180805c1983d

SHA512
c9280f849bf9a97a562b44c6e87d8fb3a5ce75dc3e208c910d6ae89be071b3fc37b7914ec839c64ffbbd2d15dd0bc75659f76e514fae3d1cb0e3f35972c66b9d

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Favorites.data

Filesize
12KB

MD5
affd76f526d587c23e51b15ef39a030c

SHA1
84b585fe15033d3dede2669ce2c8dca3e159e32d

SHA256
ef30e0e5b90af57b09fb51d57a9d28794b4bec7eb82b16a2434f29dbdb91b048

SHA512
6f00d86178454f0e204e12c8b17c21eff0525562119e7f3023162b9738c35d3cf04580f31bd5a95f52aff53454e29a81a108ad09f46817448761b32a9ae1f08c

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\History.data

Filesize
16KB

MD5
d4f1dd4239b0ca9acac4cf88e437d7a6

SHA1
b4e9eaafa845fee3578f269ecf96d9180ad143e5

SHA256
ca23dfaf4033c7880316d0885ef8ecdba24a1aa2989e2e0d1d0a5b2821e5831b

SHA512
c0765a81b9ada4680d5fa36768795f2bdbe52d4388deae11ded409bf9b88f251ac3fbc2240a8e9e19b03afad7bed5e0695f282eacbc9a2273fe536404e599c15

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\SmartUrl.data

Filesize
13KB

MD5
3ae66c004be7509939b5dcb8bbe8988f

SHA1
0737768985874cb0e3187c91aca886fac056e1ad

SHA256
c79a6aaaa5a0e83a5ba8fcf1caf2a534b02051c304ea98b89752631391a78023

SHA512
841b9edbc45f421b1050f4b682d3f96c4083713bb4cfe3ac360f31f6be007fea7bdd7e2cac3ba050e5323be27130cd0c1b316069d383b0e472e089b0ff437d41

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\StartPageConfig.data

Filesize
2KB

MD5
819d5531372718e04f3591482dcb5181

SHA1
9bb415c3661a35e7912fdb4b12ad750c128bf857

SHA256
7caeb6c92434911ee27789f1a113c4fd3f1d4ec78003dec2c8e394f398af9c9d

SHA512
7a1ceb41364f2087401cc577f5d5ee202bad5523d7875aaf0c4cd2ca6326efda38b7e07dba72879767414f1d4aa2c8ac6900f5a09601f3dba8e21b30ba7ba4bb

Download Submit
C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\SystemUrl.data

Filesize
885KB

MD5
69ba8f1ae84519627dc59b8ff35e1d71

SHA1
613057da9f0629654044e09957014d141b18db51

SHA256
eb2c3dfde241191030c486817b58404d0f68fc14fa4be83b51eef48a4d97ba78

SHA512
1e420eba50516f69445d596d303bb68963474f032f7610a95b337b354e46ebe7b50380cd25675f6d54bfbbdb99e006be7a03c4d00b2f6fc465769d53d4b9d755

Download Submit
memory/1936-473-0x0000000002B20000-0x0000000002BA0000-memory.dmp

Filesize
512KB

Download
memory/1936-469-0x0000000002A00000-0x0000000002AD1000-memory.dmp

Filesize
836KB

Download
memory/1936-464-0x0000000002140000-0x000000000218B000-memory.dmp

Filesize
300KB

Download
memory/1936-460-0x0000000002230000-0x0000000002334000-memory.dmp

Filesize
1.0MB

Download
memory/1936-456-0x0000000000710000-0x0000000000734000-memory.dmp

Filesize
144KB

Download
memory/3352-289-0x0000000002450000-0x0000000002461000-memory.dmp

Filesize
68KB

Download
memory/3628-439-0x00000000030E0000-0x000000000323C000-memory.dmp

Filesize
1.4MB

Download
memory/3628-430-0x0000000002DF0000-0x0000000002EC1000-memory.dmp

Filesize
836KB

Download
memory/3628-481-0x00000000035C0000-0x00000000036EF000-memory.dmp

Filesize
1.2MB

Download
memory/3628-446-0x0000000003980000-0x00000000039DB000-memory.dmp

Filesize
364KB

Download
memory/3628-434-0x0000000002ED0000-0x0000000002F1B000-memory.dmp

Filesize
300KB

Download
memory/3628-419-0x0000000002BE0000-0x0000000002CE4000-memory.dmp

Filesize
1.0MB

Download
memory/3628-415-0x0000000002290000-0x0000000002323000-memory.dmp

Filesize
588KB

Download
memory/4984-399-0x0000000002C40000-0x0000000002D11000-memory.dmp

Filesize
836KB

Download
memory/4984-311-0x0000000002380000-0x00000000023DB000-memory.dmp

Filesize
364KB

Download
memory/4984-306-0x0000000002220000-0x0000000002324000-memory.dmp

Filesize
1.0MB

Download