35132f1ba95107ec2bb3251f0f0c05062dae3e8dcf2ec011009adddc8482d42b

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
07-07-2024 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
Size

1.1MB
MD5

29bc82a46b9cd9a6a50c031da2bfcef8
SHA1

96a5898c184cfb940d01ae2a6e42a42e661f6a69
SHA256

35132f1ba95107ec2bb3251f0f0c05062dae3e8dcf2ec011009adddc8482d42b
SHA512

17a7155083ed2c0df9ffc00f49f4de5fed9b3c0ed9b1b36a01fdf86a124bcf4537b91c92bb4af29636e5ee77530bcd48b79b49a9847dcf99b7c8fcf1c8a4c89a
SSDEEP

24576:mD3euKmLCkWZ+58gcHTrlQzSraIKu78ThO3pEUaUTV4s:43+pFs5OHXLaI8KaUT

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2476	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2760-0-0x0000000000400000-0x000000000049E000-memory.dmp	upx
behavioral1/memory/2760-177-0x0000000000400000-0x000000000049E000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2760-177-0x0000000000400000-0x000000000049E000-memory.dmp	autoit_exe

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\TheWorld3\2\电视直播.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.ini	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.ini	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\系统下载.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家电商城.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\百度.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\系统下载.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\KSafe\cfg\ksfmon.ini	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\在线网游.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.exe	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\电视直播.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\百度.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家电商城.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\在线网游.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\实用查询.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\实用查询.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.exe	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
File created	C:\Program Files (x86)\360\360Search.exe	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f3821929d0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000002c7d2dd34fbf8f5ab8c5650b0b57b60f007c5a7057a771072fbf61255061754f000000000e8000000002000020000000836d34bba7a7e5c2859ed2f8e9d8ece9a55fde5e82e915f4cbe99d774662a515200000003872d86f375261ea6cdee03533e6096382a6e752b95d699793990a7da2940ee040000000ef61f0a021018dbfe2397879b6f21f0ac27c812b4e60ce7afdc861e1c7cd411d1336071995cef6474460ebf61e428556bc88d13bb79daa66604760be8e9e02f1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426489625"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{445431B1-3C1C-11EF-A1F7-DA486F9A72E4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000001ed924d00d072b24cb36197b6980c70e1605a11eb318f61dc749c47679755fc1000000000e8000000002000020000000deb572d7222b0dffcfbe748c7457c31719f37af3a79c68d1224f87255c7a3d119000000092b46083d2f7303467fd30e7f0e0357750a466baf0e80bbdb66384d8fa88c0c792a27f1fdf7055900cd8e8a7d703e4bb233231d6f88bdc74916b6d3850c1a175867ebaf00bbd0e689d58caa02ec3750c2bbdcb3bec9446c4376550e06b602f90d82c8931589f83fd9a2464b5a7a074306be81bd1b4fc164ab715f2be91c72b11bb4b6bb520157602329848bcb6105763400000006b4c1cda641a1d6cc539d25d0caf7925260357597167fd72c5e0b535cad16308b2687b7a00cfb42324f69c5f756f64bdc68f26bd932f79973a52507ebd191587	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
840	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2752	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
2752	iexplore.exe
2752	iexplore.exe
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2752	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	31
PID 2760 wrote to memory of 2752	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	31
PID 2760 wrote to memory of 2752	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	31
PID 2760 wrote to memory of 2752	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	31
PID 2752 wrote to memory of 2428	2752	iexplore.exe	32
PID 2752 wrote to memory of 2428	2752	iexplore.exe	32
PID 2752 wrote to memory of 2428	2752	iexplore.exe	32
PID 2752 wrote to memory of 2428	2752	iexplore.exe	32
PID 2760 wrote to memory of 2476	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	33
PID 2760 wrote to memory of 2476	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	33
PID 2760 wrote to memory of 2476	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	33
PID 2760 wrote to memory of 2476	2760	29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe	33
PID 2476 wrote to memory of 840	2476	cmd.exe	35
PID 2476 wrote to memory of 840	2476	cmd.exe	35
PID 2476 wrote to memory of 840	2476	cmd.exe	35
PID 2476 wrote to memory of 840	2476	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2127.cn/?newth3
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2428
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\29bc82a46b9cd9a6a50c031da2bfcef8_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - Runs ping.exe
    PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url

Filesize
194B

MD5
9018fcca1506b6e9998cf9483068765d

SHA1
ca7297f37507501b783b9384597b95f7a77e2602

SHA256
6589fb51a3d3c0128ba11a27383ef8f4f4a76d87e343a022555e1b8c63b76de4

SHA512
0811dd3febb468711702e15a32ced2f1bc29441cde1232f3f02f2c6f8e973aa550b32ebd0e097e3d9bd703e7774ab838daef9e126369ab7f4e23ac8613f2fdab

Download Submit
C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url

Filesize
134B

MD5
25852a9ccf176fc455d9752841d27114

SHA1
d7f298bd5fd616e0ec0778a69024d21653c83ef4

SHA256
22dd6f2b0ae0e373796457a5414a3535367a358f531d07bfd220f1f36213da02

SHA512
eec5fb3f9fb14e6bcd27b42165842a250eb0338085c054bdb00162a0e11663972764e07e8449a288a9b641dd5f3d2d11216f788b4f5676f179748dc1e4a24683

Download Submit
C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url

Filesize
142B

MD5
c931fadca55f88e0e5edb7552c4b1ad9

SHA1
aeec96c72c7db3ae94d25369e8ff73745af6cfb4

SHA256
93e8c38c6d5286c7922be4944a87787aedca8d5c9478e4f89c4fe1de7371b710

SHA512
a5c95e5a1236a9eb3bed1ba8cfd99c48516ad30ed28bcb1453928731c3e4ceb68cca61a4d1122a5c20717a539e3ff98fe86cd555216e4bf368e537b2927296a3

Download Submit
C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url

Filesize
82B

MD5
d8b0997d51b69f071b951de35a1f5f4e

SHA1
c0f634151c7c70c0d661d6e36e3298571854239a

SHA256
69bf159c06d52670174336c3a229afd1e3342fd3a25666fdd4617fe211945fc3

SHA512
d03b46f108e0da4bc800163fd60108d1f96cec69119b623e29c83a97d33bad28b7428f47a05cc65b8058cedf536fe1c35d9db6c1c6125abcca4d9d9d724ccbcf

Download Submit
C:\Program Files (x86)\TheWorld3\2\【网址导航】.url

Filesize
78B

MD5
15a0dfd6971a548e27da0e9e081fb20c

SHA1
d4e96db0a1f75cb170db214d2a3bc837d8cec84c

SHA256
0301c5ca25bf7462637537ec02af8d5e59d573ebdf783568b24cd7048e283589

SHA512
779392917f82d8517ea4cc0c48ffac06e20a1cdf6950ec170600cc789305eb9669559c67a097150f40d2fa676e41308abaf07a5e58f1994ccf6988477f4214b6

Download Submit
C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url

Filesize
134B

MD5
57efae2fa1413b359aa55ebf818d44e9

SHA1
a25ed510c0de2b7d714c20fdac23db9c1c5f4128

SHA256
bbcbdf46a55af3d1511f0b2d52939213810d2b9c0c54d073c8d09429961b88b2

SHA512
3a3a4074db5d4a3af95cadc3da8751012993d6c011de49f628dbe45a13d3cb8dae8278813eaed57b8e071df97560d05270ea3116b28e6d0de6a4d75fdd9ebc9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\在线网游.url

Filesize
190B

MD5
f48866be4b9729453057af8c2de8cb84

SHA1
f48cb381e5baaf598da3f464836ab7ef628b0710

SHA256
b0cab2c945158a89985a9d5b77704fda9a7495858ca5c7ebaad5b524f303861b

SHA512
a1a4caa9fcfe83f9eedfa7e435229e32c5d3574798b59700591e756a5aa2eaf2f67943b467e47088c685d078dba6eda30e7ac292068557fdb7f5316ff47625ea

Download Submit
C:\Program Files (x86)\TheWorld3\2\家电商城.url

Filesize
126B

MD5
f847c2a7d92d221480d4577b5f4a02f1

SHA1
287d2ed6b93141516651fd902394afe0ccfe8c5b

SHA256
4d097096fdbba3ed61c35598bb26cb66e407dad48bdd9cc6f630f272bf0b318f

SHA512
191515b24148a710f7d2ab6187005be0a09ae9bce72507d963411234b36458b5de9dd935818460a6af4d121c48aba7dc082bca23a06844948d3143ef0b858e9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\淘宝网.url

Filesize
145B

MD5
73e9d1a5c85a6d17cf6daf1a29747d68

SHA1
80586a1a5420d56f65e37d0b1b0b7c2faf19a79a

SHA256
9f4bcaef43c584c99aa48042285b3f744ee9eb1afb934bf2864759543819fae9

SHA512
0a68b2230fccb66814b5d85fa79beec4b633361e1273499417cdd9676320398c6056d2b95500e1191b467bd2f5a462f1cc0bc76ccb4e11120fe0cb375d3040ca

Download Submit
C:\Program Files (x86)\TheWorld3\2\游戏下载.url

Filesize
81B

MD5
cf8565c8ae2227e2405d6dfacaa04879

SHA1
471aeda36ba5044533b24886189e68e43538f01d

SHA256
4a1dd24faf80eda60d1f60e2c84a727e20be9b4aa6b032d61560ffcde73e9b44

SHA512
654fb592ddcd92b1979fe89edbfa6c228a757d52acc0afb49d4e2177bd0c3697a67eccf1da112340d02f240ead4554b01cd8a2ce13173d0aeef14f2526c4fe53

Download Submit
C:\Program Files (x86)\TheWorld3\2\电视直播.url

Filesize
184B

MD5
de76ed786e20dc35d1462da506355f6e

SHA1
f302c494fe862e046c39482ed5e698450c1771a5

SHA256
0fd9332ea18b83e7f313cc3960010b10fa4f1d1590f8f5ef75254d8ce121c9ab

SHA512
9261c8983f319210df9eb5c7439d79547f47f74218683d3d43b8a8a660925bf5a9b4415cb15011d7dd6732f56ee20596b465faea23a4cdc7e873b656bbb0a65e

Download Submit
C:\Program Files (x86)\TheWorld3\2\百度.url

Filesize
141B

MD5
78412d08796c909a0853a1dd18ccd586

SHA1
ceb2d947d41df77377aae60ab559a304fb405b59

SHA256
7e03a4aba9fe8f15abede66b5ea190ef7d1c16e200b342a7b9dfd417545150f2

SHA512
3beca38f6f757b3df3d7cf836ffc996e8a713df809fc5cad3f81363991943123acf55656c767b898b025760d0f113d53a1211c231332569f2027bf4f4b59e119

Download Submit
C:\Program Files (x86)\TheWorld3\2\系统下载.url

Filesize
183B

MD5
e321c8319ae133844943486b541461dd

SHA1
8e18a6bdb999a036cd407521e64ada293c0e61b6

SHA256
8d1dc50916793e02d99602dbbbcba6fe43346521ec8df4cb83a2399f0f7c684e

SHA512
cd0fd9fd5082c20045a43b8904d3c4a196cdd5f977bca7c6eb71f4968bf0d9b91eb78dc7aabd4162f28706312da78ba435e01d4412ca02fe3a83decf373a3b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a3a1b603313662048d8e885d202e460

SHA1
64c29a87132b004686a8b29b856dd54e0c1c135a

SHA256
81d5f700262f25a14ccd86a1fcb47bec3ff2495e378eec579055c328895e63b1

SHA512
3bec1df21ccf1de9e64e2e3d47bb1262f0dd33cbd371c624ead708230b6067993c37466fbacc5ab9aae7f2f7d7af0573ccd6c2c7a940c6a7ef481bc4856b259e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4937d0ae96a16e7c8fe79c3ce00d472

SHA1
5f1977151c6cbb02aebbc9a2ac99d2ad5da5db43

SHA256
a1804d4a703a6c8b3feb72e6ce59577ea8f8197680dd2b785e41c3b656033424

SHA512
ac0711b18b3c8035b01eec0bd1cf5ff00d626bb2bd154f8fdbc1979a14063024260d91ee7c2669011e353a6e81d3521fc4ccb5678eddfb6c278bebff2da83328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f7f23929f4856f0058e98030d8b73f5

SHA1
fcd677ba041e8a60dfd839372c3f4d28706bdb98

SHA256
bbcf0dbdecc62fc442c7af491984a9de4d15f885eda7c1b13efcfba4f3c3675a

SHA512
cf98f2ab19db1d92aaf1535acc2d668cecda38ca98a2ec2487f525f770bad4409d4e8f0c1df23b23d5b293c2c18089c23d442f5d5b161ffb0087d2401f1f92fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1ab4e651cd8ba604e2b2e6365ce71d2

SHA1
3109be4d77f6406822c673764f036eccace3f516

SHA256
a4804fac392880ec0503a1fa7796dd2bdda8dad99263f676a10d1b9dc1fb6001

SHA512
72942122b6a147360a8e1b557930eef6606ba0ab3857b836fd0fc5414b01a8421473879797acf9d553215b6e3a766f2528abbd63320df33c87328a7c46899d62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
333e07ab172004970887203865ca4e71

SHA1
35f6f53b0da20157c894fc494df7595d3ca05720

SHA256
09c3440baebb8fa076e18e24e7494a093179443a85134d5530cb5b77c04ad35c

SHA512
e0b8603e60d7f82d6ea02e4d90befdfa7b10b960de2102db7a5a0465b45684be07715924b6beaaedfa23fe19dcf79ce147955f4364c361a9538700f6255d348b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01f8751ba8066ed3c7febe679a0959a5

SHA1
e696c2f56dcb5ce2363544d3cfad2d6e8d7671b4

SHA256
bd8eb68eebd22aae16783661dd13f38095dff6e9d1f146a27ba6d7f3a500f1b9

SHA512
a4254f2068644cb5341c4fa4c2a9361b6dd577f8b08658cf42be7614e90400aeda011eaf9e5e5a1fe62d9a313f753f4435f3b2203ece346e88e7a53b824e335d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9ce1b675197d259f28e4e36ddf47cfc

SHA1
ab8cf83759672a10b0c4ceb441b0f0432647474b

SHA256
c0281758969a5a10bc2ea8302083009a7a7e9899fb70b52fcec94675ce0d15c0

SHA512
3a0cbe083a8c0e13def94474056e34ca8984336b6f22a3a3cc8350d38c9d68117ba5647084ab1a26a4f16cad0523bc9f2fbd31d80205ea8da9a3c2162d12d4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4350410498bb0de48bd4e735bf87fff

SHA1
787ef9ca6a689ef45c3c1d4634d8fca9a0c2fa74

SHA256
42fb29cc2a81915fcb10bedb27854fc520ebdb28e109ec2cba6007714fa8e754

SHA512
3e6a988331b55f6722e2382c7ba6260db59d60bb89e21f680ff25baacb68db14e83cf90ebaa44e1c0c5d814ce537c635d96f1a82f0aa881618b8703ccbdeab82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8460cb99da3e61979d7ba8805e51147c

SHA1
fa4e35e5d4c13e8185f1728a2358e11656a3f5b5

SHA256
095738578d520f72ba90df3da912cb3d066c547057f03971239724717b282baa

SHA512
646c00ae99a40f7dfc35b196372a4a9d30423a571bf6382808a449cac550a5404da60f47acdf28cbea19df55af2ed72f5f5e43b9ccc6f52c7b64933b6863b216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9192961a1a619bab952966cd4a38559

SHA1
63ecf577dd1c80fbbd24302d777244adb178b0b6

SHA256
aac75e80e2416c00eeab393b7e4fad7848a7cec3df59f332ace13153bc4feab8

SHA512
85a793fae1963523c9cb5e619b70bef3134976fb24e0f54a3184cbd6fb33037e83c34b43f659153037b9bcefa622d87e4217142842f578038152b02c5e936663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
904639fcaffd8af464c8e2c63c3bfe80

SHA1
ce204f776f999c39d2dad152d3c32cc5d8475368

SHA256
d0edb1d88fa7eb812f1ccb62a6110f5703c8fc3f32ef9fc3f384a0ad7233a08c

SHA512
5270e2867f3990b47cb60018b1d8b4f696498a30ecb22d11b49898da02d43376c43b362210561ccdd871facadb98f720e659bc65ec9b35d1f656efef911309e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
006397708a982f7a6c4b8af4b8bfe62d

SHA1
ccaf233c40676128526268b166a27d101c5e86ae

SHA256
775b8450287ddcc53307d3c203481401e8f83ad46a7cdf74102784590e97dfb6

SHA512
3d308080d2be7fcc26b79bfcb6af226d44794acbfa6b87c2b9e76f6f6ece35035f387322565b245bfa512710319018a2e362b9d6a2c3d7313c800fdd72a87ec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1590930ee70f0f89d5ad168238b3cf6f

SHA1
839fc98755ea3db343085c693801d263331747af

SHA256
7d7501d0528b1d30ef032f7973549ea5d953045295c97d62582233d54df523c5

SHA512
7a49caff146d66f86ef0cf9fb9a8fbc5754f7262727cd0fac007f209eced489d03bf0733d6aaeb63d587450328dd053bc47da06110faa82ed830fa3a1aa9d60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7e36b3f1dc676faff9312a135cf9d0e

SHA1
567e095ff0a86b932fef546bd721efc5e594d57c

SHA256
6fcba72c26e01c302fd8428cb0fc17d31560872756761fa8c8d89e6610c13143

SHA512
eaf8f33158f32844de450d4920b069105b527282668d25d14ce3d9b9991ba454911705372ac1cdf662215d72e3af3021f8d4cfd5641bc1bdb73ce05d905348a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdf52adbdf3acafa9a9c202310006e95

SHA1
02a9cc5a5552a284b027981e983074914cf28666

SHA256
ad0485299ae37cf0e8008cae42760aed021944c99672ab590aae5d8527f561b8

SHA512
3d9b071442013cb52369efbc7245904770d4134af51329f98cc4607171f81149043c934e0e30df7b996ae601288c093dee5c9ffc2270ba9b5fe90995cc2b224f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe349d0577adc5dd1e59561376203884

SHA1
ab0e261401a1d50ad6ee268988bd86669f19f99a

SHA256
7ef1a8acda7cde2114fbd422ee792712c80efa80838bb7e3b5b5887a15dac840

SHA512
ac2d6fb9dfabc0886776474c907004655764537c278f5fa362b14c29164da341aa28152f8b1aa0f8de6a698a92076f8e1af64b52960ae243c1acf57fea9ffdd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e4d55c1d902fd2c62ad8e2cfc175212

SHA1
76be23c13595d5db76512700e94c1a747c0ed56f

SHA256
7216c6c6f0f50cc440b0e7d9224d3d6705011907f46aa33cd9f7302f4a045862

SHA512
1b990d427cf12fa8064756fa96e92589fe3367460a2513714276a93c0b9492e2e37f38c8eccdc30ec87b649c15e0af5566b2ac3c69216eb9f54543d01ab73e2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e58f66a2749e5fa24171e92ab8957997

SHA1
7b294c5425c8db13bdc8b38468159e7deaa20a06

SHA256
5f95c4cbaba7b60d9b1da76adcc7bb0a9a73138f16dbe2db7664ef64dc092fb3

SHA512
7df5575d69432c4c72cfe968531d4c4eb810b4d6dc570c1d192588cd738fc26ad9c64490cb3c40df105530c798dfac99f0714b448f25cf223beaa08987f99085

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab60C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar67C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\autEC02.tmp

Filesize
192B

MD5
531afa31e63f4340844de937716019eb

SHA1
7505578b1384caea8bd7cca0e0e4814c65b98453

SHA256
6361d0896bee3569562d2add5b93c8e1cd6250acec04206e219abe598c78326b

SHA512
b272598cfa49b8d4c7ce6fd32a14a64d6e1554ff1654f629d35311bf40377065d578c12745052ae9a889e5d7f798a73413273b027ab43140041c1ebdd0afa2a0

Download Submit
C:\Users\Admin\Favorites\实用查询.url

Filesize
78B

MD5
05f923433437db81afa7a2b19d3c6f51

SHA1
19b6b8a548c430b1fca8a214874d67c3915bef85

SHA256
ce2c4d2b876cdf11b707f79b45b891f674025f421b6e8c99c40509e849c67e68

SHA512
dc431b7ab359ee1d1147c2272461b0dc0b8f41bda55d8ec4f4e3d896013121bd88c32898a844494bdde8a37ce7823b49dfed3a31625d8b006d16e961d462ed17

Download Submit
C:\世界之窗浏览器.lnk

Filesize
1KB

MD5
c6d87e6b389d73b629e43f4e4c99fa68

SHA1
13bbe191ba881df603bb1caeb663ead072a604c7

SHA256
92975ef3582b6396a9c69d38fe63134ab351bd58a567a57fadbbde87c2043a1e

SHA512
348ea25a1921cca3ee41774a7590e1be0d5af84f0952e6d1b4f617b1324797a7a3a91549f8d5774c0a37a17d1db6211c6738fe8a921fe8f60ff8a6a9ed2febdf

Download Submit
\Program Files (x86)\TheWorld3\世界之窗.exe

Filesize
1.4MB

MD5
a521d52d7bbf6db44d9844be3688b46d

SHA1
16a01f91c58b75b6df32aad260a577d813ec9724

SHA256
35941f051fcc976d78300d1eb177a9e1342904f09adca7b32036373eb10392f6

SHA512
5958f686525234981402f7ce127e5f8601e8353ea9f848aec844c757391f48c43f1e5f27c4ddcf9f1def3108058db972a8053699635e494c181092545f4da66f

Download Submit
memory/2760-177-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2760-0-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download