9351690ff6f8a2ae22ed976a62786af01feddcb2d2657da1693199206ef8b82a

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 21:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
Size

1.0MB
MD5

d716a4a2c0db617c236c3319a68bfa6d
SHA1

7c67500e60984e587fa0cbc9729f264c9c3e784b
SHA256

9351690ff6f8a2ae22ed976a62786af01feddcb2d2657da1693199206ef8b82a
SHA512

751594ec5c0fcdbd1549cc34eec674bcf5d90c43db01aaafa53a086e9f6d5f326663eeb60f12950bd411ea761318766191d4924336433f2f90a83fc859da0993
SSDEEP

24576:HD3euKmLCkWZBcHTrlQzSraIKu78ThO3pEUaUTV4s:j3+pFgHXLaI8KaUT

Score

7^/10

discovery upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
992	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2352-0-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/2352-176-0x0000000000400000-0x000000000049C000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2352-176-0x0000000000400000-0x000000000049C000-memory.dmp	autoit_exe

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\电视直播.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\电视直播.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.ini	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.ini	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\实用查询.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\系统下载.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\百度.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家电商城.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.exe	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\在线网游.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\KSafe\cfg\ksfmon.ini	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\百度.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\360\360Search.exe	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.exe	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\在线网游.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\实用查询.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家电商城.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\系统下载.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
992	cmd.exe
304	PING.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000000c81a8d016a7482ca3b89e364360ed6cd78a6eb37adffde36bef770be53e9f28000000000e800000000200002000000069591772c5af0f5a28bfd3c14a2eb273daccbb48563f225c2eb447d032332f30200000008b879dc79200a50854f0ae5c132e351b9d6080d20324f9d761c00c9ac1045aa1400000005984a8d69a03af4a596c95326386eb0745a53277072200e1bbf0d92eb7bc9b48238d9f808bb54bf07951a8068be7e474fdc6c6dc96fa6867d8407137d68342a5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000a451ba2c82705f0310c14a8f9e706875561797b5f12fc2875b733ae5dee1ac01000000000e800000000200002000000051885c881660bdd38e0ca1f55633e2d91deec672f822046d912285fb6f65d77f90000000ad0d0fedd4e1f0a13afb92f565d3edf22d29ff2e2512fa671ef826657c1375e5d0bde3c28663b237b06f308c24a6ccf026e25cf690e3bb0fcda58dcde805e2850b37011872c97b6e192c170144cfe5287a94c7bc358d02f9de6c183a2e20e2d9d91b233ac46dbbec0bba9d909b7a56a9fe3ed579dbf93be203ed216b53d28f87d2b6bc76c5e2f2bf7f0acb5acaddae7a400000009d8485af18a0daf937be475588596e017d594e933cd2b6bd4e27998bb15c5125a715891209c2fb200cc42b79077810fc9275a8f2df6de52bd47e67af1a0007fe	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432077661"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDE3C5B1-6EEE-11EF-A160-4A174794FC88} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f9dec6fb02db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
304	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2084	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	30
PID 2352 wrote to memory of 2084	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	30
PID 2352 wrote to memory of 2084	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	30
PID 2352 wrote to memory of 2084	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	30
PID 2084 wrote to memory of 3012	2084	iexplore.exe	31
PID 2084 wrote to memory of 3012	2084	iexplore.exe	31
PID 2084 wrote to memory of 3012	2084	iexplore.exe	31
PID 2084 wrote to memory of 3012	2084	iexplore.exe	31
PID 2352 wrote to memory of 992	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	32
PID 2352 wrote to memory of 992	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	32
PID 2352 wrote to memory of 992	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	32
PID 2352 wrote to memory of 992	2352	d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe	32
PID 992 wrote to memory of 304	992	cmd.exe	34
PID 992 wrote to memory of 304	992	cmd.exe	34
PID 992 wrote to memory of 304	992	cmd.exe	34
PID 992 wrote to memory of 304	992	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2127.cn/?newth3
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3012
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\d716a4a2c0db617c236c3319a68bfa6d_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:992
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url

Filesize
194B

MD5
9018fcca1506b6e9998cf9483068765d

SHA1
ca7297f37507501b783b9384597b95f7a77e2602

SHA256
6589fb51a3d3c0128ba11a27383ef8f4f4a76d87e343a022555e1b8c63b76de4

SHA512
0811dd3febb468711702e15a32ced2f1bc29441cde1232f3f02f2c6f8e973aa550b32ebd0e097e3d9bd703e7774ab838daef9e126369ab7f4e23ac8613f2fdab

Download Submit
C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url

Filesize
134B

MD5
25852a9ccf176fc455d9752841d27114

SHA1
d7f298bd5fd616e0ec0778a69024d21653c83ef4

SHA256
22dd6f2b0ae0e373796457a5414a3535367a358f531d07bfd220f1f36213da02

SHA512
eec5fb3f9fb14e6bcd27b42165842a250eb0338085c054bdb00162a0e11663972764e07e8449a288a9b641dd5f3d2d11216f788b4f5676f179748dc1e4a24683

Download Submit
C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url

Filesize
142B

MD5
c931fadca55f88e0e5edb7552c4b1ad9

SHA1
aeec96c72c7db3ae94d25369e8ff73745af6cfb4

SHA256
93e8c38c6d5286c7922be4944a87787aedca8d5c9478e4f89c4fe1de7371b710

SHA512
a5c95e5a1236a9eb3bed1ba8cfd99c48516ad30ed28bcb1453928731c3e4ceb68cca61a4d1122a5c20717a539e3ff98fe86cd555216e4bf368e537b2927296a3

Download Submit
C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url

Filesize
82B

MD5
d8b0997d51b69f071b951de35a1f5f4e

SHA1
c0f634151c7c70c0d661d6e36e3298571854239a

SHA256
69bf159c06d52670174336c3a229afd1e3342fd3a25666fdd4617fe211945fc3

SHA512
d03b46f108e0da4bc800163fd60108d1f96cec69119b623e29c83a97d33bad28b7428f47a05cc65b8058cedf536fe1c35d9db6c1c6125abcca4d9d9d724ccbcf

Download Submit
C:\Program Files (x86)\TheWorld3\2\【网址导航】.url

Filesize
78B

MD5
15a0dfd6971a548e27da0e9e081fb20c

SHA1
d4e96db0a1f75cb170db214d2a3bc837d8cec84c

SHA256
0301c5ca25bf7462637537ec02af8d5e59d573ebdf783568b24cd7048e283589

SHA512
779392917f82d8517ea4cc0c48ffac06e20a1cdf6950ec170600cc789305eb9669559c67a097150f40d2fa676e41308abaf07a5e58f1994ccf6988477f4214b6

Download Submit
C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url

Filesize
134B

MD5
57efae2fa1413b359aa55ebf818d44e9

SHA1
a25ed510c0de2b7d714c20fdac23db9c1c5f4128

SHA256
bbcbdf46a55af3d1511f0b2d52939213810d2b9c0c54d073c8d09429961b88b2

SHA512
3a3a4074db5d4a3af95cadc3da8751012993d6c011de49f628dbe45a13d3cb8dae8278813eaed57b8e071df97560d05270ea3116b28e6d0de6a4d75fdd9ebc9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\在线网游.url

Filesize
190B

MD5
f48866be4b9729453057af8c2de8cb84

SHA1
f48cb381e5baaf598da3f464836ab7ef628b0710

SHA256
b0cab2c945158a89985a9d5b77704fda9a7495858ca5c7ebaad5b524f303861b

SHA512
a1a4caa9fcfe83f9eedfa7e435229e32c5d3574798b59700591e756a5aa2eaf2f67943b467e47088c685d078dba6eda30e7ac292068557fdb7f5316ff47625ea

Download Submit
C:\Program Files (x86)\TheWorld3\2\实用查询.url

Filesize
78B

MD5
05f923433437db81afa7a2b19d3c6f51

SHA1
19b6b8a548c430b1fca8a214874d67c3915bef85

SHA256
ce2c4d2b876cdf11b707f79b45b891f674025f421b6e8c99c40509e849c67e68

SHA512
dc431b7ab359ee1d1147c2272461b0dc0b8f41bda55d8ec4f4e3d896013121bd88c32898a844494bdde8a37ce7823b49dfed3a31625d8b006d16e961d462ed17

Download Submit
C:\Program Files (x86)\TheWorld3\2\家电商城.url

Filesize
126B

MD5
f847c2a7d92d221480d4577b5f4a02f1

SHA1
287d2ed6b93141516651fd902394afe0ccfe8c5b

SHA256
4d097096fdbba3ed61c35598bb26cb66e407dad48bdd9cc6f630f272bf0b318f

SHA512
191515b24148a710f7d2ab6187005be0a09ae9bce72507d963411234b36458b5de9dd935818460a6af4d121c48aba7dc082bca23a06844948d3143ef0b858e9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\淘宝网.url

Filesize
145B

MD5
73e9d1a5c85a6d17cf6daf1a29747d68

SHA1
80586a1a5420d56f65e37d0b1b0b7c2faf19a79a

SHA256
9f4bcaef43c584c99aa48042285b3f744ee9eb1afb934bf2864759543819fae9

SHA512
0a68b2230fccb66814b5d85fa79beec4b633361e1273499417cdd9676320398c6056d2b95500e1191b467bd2f5a462f1cc0bc76ccb4e11120fe0cb375d3040ca

Download Submit
C:\Program Files (x86)\TheWorld3\2\游戏下载.url

Filesize
81B

MD5
cf8565c8ae2227e2405d6dfacaa04879

SHA1
471aeda36ba5044533b24886189e68e43538f01d

SHA256
4a1dd24faf80eda60d1f60e2c84a727e20be9b4aa6b032d61560ffcde73e9b44

SHA512
654fb592ddcd92b1979fe89edbfa6c228a757d52acc0afb49d4e2177bd0c3697a67eccf1da112340d02f240ead4554b01cd8a2ce13173d0aeef14f2526c4fe53

Download Submit
C:\Program Files (x86)\TheWorld3\2\电视直播.url

Filesize
184B

MD5
de76ed786e20dc35d1462da506355f6e

SHA1
f302c494fe862e046c39482ed5e698450c1771a5

SHA256
0fd9332ea18b83e7f313cc3960010b10fa4f1d1590f8f5ef75254d8ce121c9ab

SHA512
9261c8983f319210df9eb5c7439d79547f47f74218683d3d43b8a8a660925bf5a9b4415cb15011d7dd6732f56ee20596b465faea23a4cdc7e873b656bbb0a65e

Download Submit
C:\Program Files (x86)\TheWorld3\2\百度.url

Filesize
141B

MD5
78412d08796c909a0853a1dd18ccd586

SHA1
ceb2d947d41df77377aae60ab559a304fb405b59

SHA256
7e03a4aba9fe8f15abede66b5ea190ef7d1c16e200b342a7b9dfd417545150f2

SHA512
3beca38f6f757b3df3d7cf836ffc996e8a713df809fc5cad3f81363991943123acf55656c767b898b025760d0f113d53a1211c231332569f2027bf4f4b59e119

Download Submit
C:\Program Files (x86)\TheWorld3\2\系统下载.url

Filesize
183B

MD5
e321c8319ae133844943486b541461dd

SHA1
8e18a6bdb999a036cd407521e64ada293c0e61b6

SHA256
8d1dc50916793e02d99602dbbbcba6fe43346521ec8df4cb83a2399f0f7c684e

SHA512
cd0fd9fd5082c20045a43b8904d3c4a196cdd5f977bca7c6eb71f4968bf0d9b91eb78dc7aabd4162f28706312da78ba435e01d4412ca02fe3a83decf373a3b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
681658ba6743871fd928177582d0fc00

SHA1
93480043b0c08616b05fbd4bfc7bacacc55b7e7e

SHA256
c15d2c49a2ca74177ebe7b5eb3fed39e9f6e9f12494fda09738108447cab748d

SHA512
699a8c71e4cb1e96211ae003a5edd0c10ae75e1e357a357c1fe5860c47a3e3614ec4c297c2efe265b67c655480319756896c2ea71fd9a9159f50dffbd51da4cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31b7c79f27d421d9711af737228cdb54

SHA1
6770374da1f95235ab7ddfe9d2ec88e689557af8

SHA256
ec6062ef982bbf9e1b6c8a6b0e8b3db57ecca1e92c5ee907035b08e1143999ca

SHA512
d4b9c560c97ad7c1a312e781903a56ecdfacb5491bea3e8e4791e3d472e192c2d56ff9de06c552ad648fd9d77282fbb7901732ad942621fd2b5d301ddcbc51ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84a5c52e846f5587f11be2ac65117fdd

SHA1
19bf8bb6b52c92c53c84cfcd6529aea68c20f629

SHA256
4e01604e84c30cb0334f95d497394e1cace13d19da211d7eb9b62b37cafdc681

SHA512
0c5175c5f1e774513b34034f5fa20e4079127fa8670417420a29fe312d15032a83c0d380763731d099bd3673a10a9a78dd51781790185014f0780c015f344639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd478a7d0e5b1bbdd5a83a2271edf31c

SHA1
485f8c979cac2f2a32d92b2d7af69e321171a1a9

SHA256
12520b8863f6f75871608270300a48f0aa0bbfef8efa7d615734f35aeb42b4eb

SHA512
8f81c70e67d347a9a25d68d721884529ece35d6c93414bd96ba67d5c5fbb9440b881179012bc23aa1348fdeff910233d1d7e4b7a804e2935fcac112089737dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fd82a0cdb4d3499476598403347bcd4

SHA1
52e05865d4c7bfa70c121359e8b2ebad42e1a572

SHA256
215664f80c9caacf573f3479c3c91c6b341f0fc372f2786d791ebbde2c0f3163

SHA512
f9d1b82acecb6c70bb91dc4b76a2f9781b321a3cf18c66ca119423cb7b5f9b3e880c4bb58a5dab12083a79bd816a9ba5edd0e669a69dc30147895da3dff0fcfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993fca5cba04e50feaac00e3ef97ca71

SHA1
366d8c907626b5eadcaea940b1ff931594664247

SHA256
cbbbc29020efa6d77bd0bb7ac526d35db49ad3ca19102290ee17228f1a988cb5

SHA512
345c9f6a17e11121df2ffb9c76b0903cda26157a20dc74f38a3b36cf043d30d4857b276122147322d1b1922331674434af33106c891950ec09fa9af8aa8f59c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1634e0ac139eb0c644704d6a474162d

SHA1
dcc42d05f7b99011824a0bd2b4c5479483e5190a

SHA256
19036bc0b60527c76ebf114e9b59b562506ea18ca8c8b300638092b801cfd5a9

SHA512
ec6f414455249affff482e0ac823e8daccd3266919c1a190c0cfe4ae5b9edef59bbb3e188d58e5e06ee92b5b5e231dadd583ae9ebcd6235af7c6936c1178523a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5792e848a267dc17284bf8bd9ffba4e4

SHA1
5b0493058d5447f6fc95ca8dcb0dcc5e46187501

SHA256
bd61ce8fc7ea1f2a4064bdaff88db5ef459e172a4b9bf48619f07a24a5ce8fb5

SHA512
23224770cfba74b170343987838b4b28b2a7cbb08bb4ac4b752bea11c06cd0003b9fe0b3714095f1badecb4ab0b0960f6c186586f5c0c8b98383ebf90c1b7004

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63925b7640833766d866b2e311866788

SHA1
6c747626eb2da8ff747b845e920f021820b0b161

SHA256
d953e472217efd5e09a3c2287b205fd1bcca65080d34b2571fcac7443c433589

SHA512
66d6cbc8010bbe35a4b43fb6f42acd0addc7a7b47d5074054d320eaa17aa74196f5bd6ee3efd29156b54c0af0131078e0877b4a895a8a4a75b0d94d5f9f78ce0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba3e05d1278539632c26a036fca1278b

SHA1
5461d18d619ce29a07162a902b117c9b57c6644f

SHA256
0025316680a496d87446139a011aa968a82188c73c6aafce53194a8650bc5c79

SHA512
9101b8686999435a0e985d41b6cf724815a3f1acb6f67c4572a3f8cc6d2059b2ec52c99fd81d60ee5744c4e514eafe839065ba56f0cec48e37da36bf5d67d85f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a8eeae96535f5206b6a4da6f638c4e3

SHA1
0e0826c3fb99c0c0d0cfcb9c9a284d89b8a2e31f

SHA256
e60115b59bce2dd2d47565e9ae3dc759854608a2ee6cc73d1b59335b6bb28908

SHA512
c0019ff8b0fb3f0985095fc35ab8e36cd24b5997b4f3e5b9bd5f5c2127d2ed05eee06bd19fd653c29dd3ba9efa2df5fb64af164905a4d34b96e5a58d886faf6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3493282d10241f592306747e55d1d8

SHA1
79276eb9ce1a93b3a9fdb63aafd919224001941d

SHA256
d923704727ca5246dc0cbaf3aaf74bcfd0d16ec5c69e7c5617b30e3f6f384034

SHA512
f85ec0c5508a562fe5ecf8b7b8c930ee5f45ca825026a215f1a2f0757e50ff0ebc43607f1c6b38a7f9afd7bafd0f40f825766ebb2c423f4f3422917c4b5c34fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
060b2f6daf1c348a759c42279341b7f2

SHA1
a0178a3b4e191424398da7d607e95530580f603f

SHA256
3515835091a29ad732fbdade0d007a8ff2301082670e64b87ff401019a7da22a

SHA512
416be6788682618370c66276ae1aac02ddb8a005123cd9c4751f76226e0587638548fa08f1c060bacae356c29c1f753724ff75e4faeb11a6aadd3a6206f3acea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6321da5805a269ba467adc79ef5154c1

SHA1
53c5e6b6aefb53c6ef56c422cb9da5722142338e

SHA256
fef79e35d908217927c560fd48ff86bc8941041c5fac25b65a73305f6b26d107

SHA512
58362cfa3b81269827bcafff6cdaa5d8cb0ead7d9a598cdd89fb6c3370b2c5c267d95a660b860b9d8f6ac6d5ea6e6540fd0e1ac8063b267b4900a4b710e5c0b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6170995168b4d2b458d9613be79e493e

SHA1
6b40be765eea6b442316c2aeb4a6de41cc372071

SHA256
04370e8b718e1468b5ef0e0787e762c600bf5eeb7803bd9677b175e105de52c6

SHA512
5bb53c509c3a29d86ae9033793111d02f7c749ecbe89097814254f9e1ee8d193ee467cbcb3c637915162292579771d1446f0cc4f64cbb7f4fb500c734fbd2406

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1362cc3b27a0f83b7e065646da6aff6c

SHA1
d3264745bcd4bce265668f7955864b84909da7bc

SHA256
9548b2019e3fbabfddd45a63e56685894b44a216dc545b0ea55e8548e13ac9f1

SHA512
b83d5e609ad7692d18e6aec02277a19c66fd2decfb0182149d7af3835fb49dd6fcd677d68fde85e425d948b9bc2fd26cd0eb3a88a5935f1c0a4879298375d5d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b098f6ad595a923adbd60f81c868cc2

SHA1
7b79001e47db2e22c57b6c39396e3188c1cb77f8

SHA256
084b1b182453abd8447d1ab54be7e5d8ad0d3c0a9207f7e75e2c211d8b09303a

SHA512
33202e1109b7b2f0589e1e3fe6b7bf95b903fb68cbd7c6b99ab0c4b2d2a3feeca549514d8588d85d3abac8cdbb23eea1d9cdad965aab81b05c191826d3adb896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d39ab7dca8041048f31183d96f5721d7

SHA1
b4b6741210e1df260f4b979a5fb0c5d59578d2c3

SHA256
d4e759c736d751940cfa32c789a0b98088711591084deed8038a60ab3fa907a9

SHA512
2bd0c6354baec020bca0b915738b003f5fa264046f8d3c1916d50e758794b075418da1e65d18f8d97c482e7591404eea99f1001a4f64be22b185a06aa2022c75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50933611215aebbe86dc50b46c0e1cda

SHA1
7d7d9b98d8c62435217224b9a4967604f71fb887

SHA256
f752df5a684494f74b0a9e678bd0e6a6636c4e65671866963deaf647065c68ab

SHA512
7b4d2b5badcb525b3eb17d74fd4551f01ef2257180040f1311bdc2ab764e7ace6027adae945191373b8132bad6792474eda27c62732faa0625b6631d37260acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa024e31feca1fd64f3332d0204ae573

SHA1
7bdf5e667b41b8ee8aafb61c159a7c1e332a4b88

SHA256
28daa6f40ed73259b5f8753f8b1a0301453ffad81998222cba829b97a835a44b

SHA512
04ba0168129cfc7cbee1e2713eeabab48f248be7531be210aefdb088d980535f0c49006aa72d741212e7f9214b3d58996a72d1191b2f2431beeaa2cfe9bee1ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC850.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC8C1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut957A.tmp

Filesize
192B

MD5
531afa31e63f4340844de937716019eb

SHA1
7505578b1384caea8bd7cca0e0e4814c65b98453

SHA256
6361d0896bee3569562d2add5b93c8e1cd6250acec04206e219abe598c78326b

SHA512
b272598cfa49b8d4c7ce6fd32a14a64d6e1554ff1654f629d35311bf40377065d578c12745052ae9a889e5d7f798a73413273b027ab43140041c1ebdd0afa2a0

Download Submit
C:\世界之窗浏览器.lnk

Filesize
1KB

MD5
e4abbb0aa3d8e95d306b7f980b710383

SHA1
4cffd102fa390a4d01b2f0f0ead9cd58ac412449

SHA256
a044ca50a2f5715d8be444033ccc620ddc9d1d8523fa8e484cffff4b8c64370f

SHA512
763d070c9da3d220e5e82845934cbaedc24affa204b2fdad1618dd4c7964405171c240802895a4f0b4a606f205af4c3a2c395788a26bf5c9c854bf2a26fb43c7

Download Submit
\Program Files (x86)\TheWorld3\世界之窗.exe

Filesize
1.4MB

MD5
a521d52d7bbf6db44d9844be3688b46d

SHA1
16a01f91c58b75b6df32aad260a577d813ec9724

SHA256
35941f051fcc976d78300d1eb177a9e1342904f09adca7b32036373eb10392f6

SHA512
5958f686525234981402f7ce127e5f8601e8353ea9f848aec844c757391f48c43f1e5f27c4ddcf9f1def3108058db972a8053699635e494c181092545f4da66f

Download Submit
memory/2352-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2352-176-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download