c51b7037122f43021b14c73d287a1ac0bde626e63ef97e1b5a2423477e5df543

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
Size

1.0MB
MD5

dc190ebf11914c98b36de1324ad2967c
SHA1

87a84ab16209c1097569bdd6a5cc5894ad357a88
SHA256

c51b7037122f43021b14c73d287a1ac0bde626e63ef97e1b5a2423477e5df543
SHA512

6645f4c7162ccc5b2022909fc5b18b0c0bee9ab8341fd0f90ef0553680a1bf2df8cf553d32d4c8d7f20648157536a645423fea726d5cbb108b2a61c4ca721238
SSDEEP

24576:iD3euKmLCkWZ94oPcHTrlQzSraIKu78ThO3pEUaUTV4s:03+pFv4oEHXLaI8KaUT

Score

7^/10

discovery upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2108	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2448-0-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/2448-176-0x0000000000400000-0x000000000049C000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2448-176-0x0000000000400000-0x000000000049C000-memory.dmp	autoit_exe

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\实用查询.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\系统下载.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\电视直播.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\电视直播.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\KSafe\cfg\ksfmon.ini	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\360\360Search.exe	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.exe	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家电商城.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.ini	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.ini	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家电商城.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\在线网游.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\实用查询.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.exe	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\在线网游.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\百度.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\百度.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\系统下载.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2108	cmd.exe
960	PING.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a04bace904db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000d196d01c94c8026d87784d8ed0005f8596bdb32fea48f561befe2bcfe213200e000000000e8000000002000020000000825cfb622be3888e68978807bd7fd039b9808ac6e7e935c26c94c249f260095990000000ba296adf9443d048631834e2fe51d85b7ed8bf96439e5989e797ea47fc04c65119213405b4e21a9374574837a014e06b64eac96fb5abc4e2224e50704f0a9382e984ed1895a7216ee5b2bb41be71af63a9c6f33a696ff2c2c6d045f8bc06744174dd35b8e47f4656b2a96c2bf3b5983eb2603c9d9be845c1dd7c87dfb6d48f23ed8952f73c16c211c109f157f91483c240000000d90aa6be58f1c34ba5aa13132ff55923fbe39cb732663174835d88b63910ef2e9c1186e33d88d907831ba0bae0321ae97bf212beadd39c75202f477ce8e399e5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000117e4eb9517d9ab34a6ccc55b045fbb0a10ce5ec2743a528429dc7608654379e000000000e8000000002000020000000695cdfb3d1da4d3c517577afdc6aad8221d352d5d89c7a193ff8545dcb7973a820000000da439b8ee30e2ad05da289ed4b89dfe4628fea4dea9cb33d1db16929739e82c44000000056457874ad3ad3cf2d1dd981c60e7a009d795ba3fd9af926b0d29fd5f6d34a354a05461b8c6ead16aa51db164fff39db12e6401e277497c7298414cc6e3050a1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5E03F31-70DC-11EF-BBB7-C6DA928D33CD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432289793"	iexplore.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
960	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe
2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2320	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	31
PID 2448 wrote to memory of 2320	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	31
PID 2448 wrote to memory of 2320	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	31
PID 2448 wrote to memory of 2320	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	31
PID 2320 wrote to memory of 2736	2320	iexplore.exe	32
PID 2320 wrote to memory of 2736	2320	iexplore.exe	32
PID 2320 wrote to memory of 2736	2320	iexplore.exe	32
PID 2320 wrote to memory of 2736	2320	iexplore.exe	32
PID 2448 wrote to memory of 2108	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	33
PID 2448 wrote to memory of 2108	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	33
PID 2448 wrote to memory of 2108	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	33
PID 2448 wrote to memory of 2108	2448	dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe	33
PID 2108 wrote to memory of 960	2108	cmd.exe	35
PID 2108 wrote to memory of 960	2108	cmd.exe	35
PID 2108 wrote to memory of 960	2108	cmd.exe	35
PID 2108 wrote to memory of 960	2108	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2127.cn/?newth3
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\dc190ebf11914c98b36de1324ad2967c_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url

Filesize
194B

MD5
9018fcca1506b6e9998cf9483068765d

SHA1
ca7297f37507501b783b9384597b95f7a77e2602

SHA256
6589fb51a3d3c0128ba11a27383ef8f4f4a76d87e343a022555e1b8c63b76de4

SHA512
0811dd3febb468711702e15a32ced2f1bc29441cde1232f3f02f2c6f8e973aa550b32ebd0e097e3d9bd703e7774ab838daef9e126369ab7f4e23ac8613f2fdab

Download Submit
C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url

Filesize
134B

MD5
25852a9ccf176fc455d9752841d27114

SHA1
d7f298bd5fd616e0ec0778a69024d21653c83ef4

SHA256
22dd6f2b0ae0e373796457a5414a3535367a358f531d07bfd220f1f36213da02

SHA512
eec5fb3f9fb14e6bcd27b42165842a250eb0338085c054bdb00162a0e11663972764e07e8449a288a9b641dd5f3d2d11216f788b4f5676f179748dc1e4a24683

Download Submit
C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url

Filesize
142B

MD5
c931fadca55f88e0e5edb7552c4b1ad9

SHA1
aeec96c72c7db3ae94d25369e8ff73745af6cfb4

SHA256
93e8c38c6d5286c7922be4944a87787aedca8d5c9478e4f89c4fe1de7371b710

SHA512
a5c95e5a1236a9eb3bed1ba8cfd99c48516ad30ed28bcb1453928731c3e4ceb68cca61a4d1122a5c20717a539e3ff98fe86cd555216e4bf368e537b2927296a3

Download Submit
C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url

Filesize
82B

MD5
d8b0997d51b69f071b951de35a1f5f4e

SHA1
c0f634151c7c70c0d661d6e36e3298571854239a

SHA256
69bf159c06d52670174336c3a229afd1e3342fd3a25666fdd4617fe211945fc3

SHA512
d03b46f108e0da4bc800163fd60108d1f96cec69119b623e29c83a97d33bad28b7428f47a05cc65b8058cedf536fe1c35d9db6c1c6125abcca4d9d9d724ccbcf

Download Submit
C:\Program Files (x86)\TheWorld3\2\【网址导航】.url

Filesize
78B

MD5
15a0dfd6971a548e27da0e9e081fb20c

SHA1
d4e96db0a1f75cb170db214d2a3bc837d8cec84c

SHA256
0301c5ca25bf7462637537ec02af8d5e59d573ebdf783568b24cd7048e283589

SHA512
779392917f82d8517ea4cc0c48ffac06e20a1cdf6950ec170600cc789305eb9669559c67a097150f40d2fa676e41308abaf07a5e58f1994ccf6988477f4214b6

Download Submit
C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url

Filesize
134B

MD5
57efae2fa1413b359aa55ebf818d44e9

SHA1
a25ed510c0de2b7d714c20fdac23db9c1c5f4128

SHA256
bbcbdf46a55af3d1511f0b2d52939213810d2b9c0c54d073c8d09429961b88b2

SHA512
3a3a4074db5d4a3af95cadc3da8751012993d6c011de49f628dbe45a13d3cb8dae8278813eaed57b8e071df97560d05270ea3116b28e6d0de6a4d75fdd9ebc9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\在线网游.url

Filesize
190B

MD5
f48866be4b9729453057af8c2de8cb84

SHA1
f48cb381e5baaf598da3f464836ab7ef628b0710

SHA256
b0cab2c945158a89985a9d5b77704fda9a7495858ca5c7ebaad5b524f303861b

SHA512
a1a4caa9fcfe83f9eedfa7e435229e32c5d3574798b59700591e756a5aa2eaf2f67943b467e47088c685d078dba6eda30e7ac292068557fdb7f5316ff47625ea

Download Submit
C:\Program Files (x86)\TheWorld3\2\实用查询.url

Filesize
78B

MD5
05f923433437db81afa7a2b19d3c6f51

SHA1
19b6b8a548c430b1fca8a214874d67c3915bef85

SHA256
ce2c4d2b876cdf11b707f79b45b891f674025f421b6e8c99c40509e849c67e68

SHA512
dc431b7ab359ee1d1147c2272461b0dc0b8f41bda55d8ec4f4e3d896013121bd88c32898a844494bdde8a37ce7823b49dfed3a31625d8b006d16e961d462ed17

Download Submit
C:\Program Files (x86)\TheWorld3\2\家电商城.url

Filesize
126B

MD5
f847c2a7d92d221480d4577b5f4a02f1

SHA1
287d2ed6b93141516651fd902394afe0ccfe8c5b

SHA256
4d097096fdbba3ed61c35598bb26cb66e407dad48bdd9cc6f630f272bf0b318f

SHA512
191515b24148a710f7d2ab6187005be0a09ae9bce72507d963411234b36458b5de9dd935818460a6af4d121c48aba7dc082bca23a06844948d3143ef0b858e9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\淘宝网.url

Filesize
145B

MD5
73e9d1a5c85a6d17cf6daf1a29747d68

SHA1
80586a1a5420d56f65e37d0b1b0b7c2faf19a79a

SHA256
9f4bcaef43c584c99aa48042285b3f744ee9eb1afb934bf2864759543819fae9

SHA512
0a68b2230fccb66814b5d85fa79beec4b633361e1273499417cdd9676320398c6056d2b95500e1191b467bd2f5a462f1cc0bc76ccb4e11120fe0cb375d3040ca

Download Submit
C:\Program Files (x86)\TheWorld3\2\游戏下载.url

Filesize
81B

MD5
cf8565c8ae2227e2405d6dfacaa04879

SHA1
471aeda36ba5044533b24886189e68e43538f01d

SHA256
4a1dd24faf80eda60d1f60e2c84a727e20be9b4aa6b032d61560ffcde73e9b44

SHA512
654fb592ddcd92b1979fe89edbfa6c228a757d52acc0afb49d4e2177bd0c3697a67eccf1da112340d02f240ead4554b01cd8a2ce13173d0aeef14f2526c4fe53

Download Submit
C:\Program Files (x86)\TheWorld3\2\电视直播.url

Filesize
184B

MD5
de76ed786e20dc35d1462da506355f6e

SHA1
f302c494fe862e046c39482ed5e698450c1771a5

SHA256
0fd9332ea18b83e7f313cc3960010b10fa4f1d1590f8f5ef75254d8ce121c9ab

SHA512
9261c8983f319210df9eb5c7439d79547f47f74218683d3d43b8a8a660925bf5a9b4415cb15011d7dd6732f56ee20596b465faea23a4cdc7e873b656bbb0a65e

Download Submit
C:\Program Files (x86)\TheWorld3\2\百度.url

Filesize
141B

MD5
78412d08796c909a0853a1dd18ccd586

SHA1
ceb2d947d41df77377aae60ab559a304fb405b59

SHA256
7e03a4aba9fe8f15abede66b5ea190ef7d1c16e200b342a7b9dfd417545150f2

SHA512
3beca38f6f757b3df3d7cf836ffc996e8a713df809fc5cad3f81363991943123acf55656c767b898b025760d0f113d53a1211c231332569f2027bf4f4b59e119

Download Submit
C:\Program Files (x86)\TheWorld3\2\系统下载.url

Filesize
183B

MD5
e321c8319ae133844943486b541461dd

SHA1
8e18a6bdb999a036cd407521e64ada293c0e61b6

SHA256
8d1dc50916793e02d99602dbbbcba6fe43346521ec8df4cb83a2399f0f7c684e

SHA512
cd0fd9fd5082c20045a43b8904d3c4a196cdd5f977bca7c6eb71f4968bf0d9b91eb78dc7aabd4162f28706312da78ba435e01d4412ca02fe3a83decf373a3b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebc83261c70c312867b5cbac847f6429

SHA1
aae65adf900001942259a22ac049e1eba2d4cda1

SHA256
9fa3a6a417663ac3d7887166728fb7700f302a7a5656c34b428beacbaa3fddc0

SHA512
f30589c11055a71f7422afddbf3422f84775efa4859621c52dea5d430c2c4f68d4dad5687bbb1c722b31c288eaad7ad9b70e0a12036016b6229771021252a66a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61618d40dec8977e2c44deeaf1f2e9e0

SHA1
c670862164ce364ace0bcac1fa254fbe518f8506

SHA256
d81dc4eb570e3d8e8433b524f7d6102339f903af55a3c8442804b0186cdbb84d

SHA512
53f1c8717b3f6bba136522231038cc804b88130110203affd029e5248434f6a2bd3855fa956398e74b1c7ea2e0b08975c1d1bb4b8fe0e8415efa3db46143ce59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c16ad67ac33507e009fa1febaabfc34b

SHA1
a140fca984051a06bc918aa06d17d604e1c3c1fc

SHA256
d3770763b8a99c1853ef7ae3c7eeacd348c35218df11e369ca7f3abcbc4c65d0

SHA512
c020ad9f583e0b58d9722b5db046d150d6d7ec5fbb037c9ce9f0c74389293d14a7ae935b9061b44a09240bb3925db77d44931dc5732903d136876d2319e4b4a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b74b02dd52a4aa06458c33cd3b69e458

SHA1
89d8658df5592a64a3b75ce6bbff193931787fdc

SHA256
3b826b029abb3c784227d31615abfbb6df22282ad1f9ecd35a35bddc215b2432

SHA512
0e604768cccecf45895c647e6befd61c748b58297cf824aa049d32eb99a579153e519917470ff9131e413bfa108d9d9ff5384a5f610797f6cdfdc430bf4dd642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b348a380db3d1030afbd93f99735f92f

SHA1
3d16b320a812a41f724291492ebdb9cee4dc2671

SHA256
a9964cae0d89e4e0b1bcf9f70ec537e0532401d08ee1ca122bcabf5633883a02

SHA512
117f24ad31e61185c3fd5968faa8664e1a8b6e1f824a73f8ccd11957b92d13274a87c0f9d9f4189f30134f69f5a647bf5baa2f4affeb7ce69253be06c536633b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
747e70e5fa6ec9acab115f1ed026d8d6

SHA1
eef2368e0cca87466f56435a4f96a9309b551509

SHA256
f41ce4b65f5d1950767db73f537d2340e1e1ded3b747de3c6887b1631f19e83e

SHA512
cc847cc7089473fbaa0630cd5c29b488567d79f8daab9c11efe7f950e3cf54731a7cf05b73d17bf07e238c9b40ee6f076775728420bbf8df5e8f508ed66816ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9da13bf80860c08cf152713cb51cbfc6

SHA1
5aafea244d9a3950950334716d2b257b0e2131b0

SHA256
7bef3695ea324e51dec109bb154900ce3915a5578ef84561f3872d1a16c2d165

SHA512
6e4b7721e1daa09bbd59048b6e4efbaceca5903276d962e7ab84541afb73373c9d06127f992ff004dde6c47ae0b23aaaf088c34a52a923e620ecc7d2540e5cc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9b3fd80d80ead3dc0958c0af07c9094

SHA1
8515c648c15d4b3caa83107fcc65772874772dde

SHA256
a833b909d0b058f63d7941eca55467ca3dc0cc8d2f645cc6b1e95d5ff5b26231

SHA512
dd2203ce479c1de9752c99a6ee729dbe88a899e9b944a1fd3c1bd57e0c0ae52b31cee8af782dcf9d32945031bc837023f3add7957117c1f2c8ef92dcbd5d750e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c61696fac338bd6682a3663a7c898d5a

SHA1
19d83c2524a54b293f1fa3d1c71701fc97df822a

SHA256
1ff17afebb13475843771cd114c67c03f4666dd3b720332301ee574108865e67

SHA512
c6edea8771c772ba054d4c5d57e6b29491fad777d4be035e7fc05b079fe4b3e5a0ee00d9ac7869595bf53341b7e4e9a0cb0fabadcd18c55941c117a61e5d41df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80f8611eaab59071b1a9b5bb68dde923

SHA1
742c914d43c36e1b3d3f93d37d16c95f4955bd04

SHA256
edcf75cdd62bb2ff068af6cccc0ef8686ac05da5c87b50cb83b2ffcb47502d09

SHA512
696185918fc24b59b72208786823656ca5594d3097cf2ec5163a6087bc2beccd65354f5de0eb95469b438116d97339c99d45186533c3f12210ae82c1ca604b64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a20843ab620a0827d82ae1bd5b170929

SHA1
b4f809aa2474ba95c5921e489cbcf847d667ac2c

SHA256
17e6a91c763bb0564237c8022d830085551f88b66ab8dd173e34266c2bb2f140

SHA512
d68019a29e8f3183ab185a7df95f25c331a95ae7316205637df399b393f4fbbd13acb1757ebd73e4a71f72edf661e91c88fd13107b2d61f83e81bd9f304222ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d972b32f6626b6233c0462f29ce3a9c5

SHA1
7b9475e744cd1a2714bbf6b761b8402b67ff8f27

SHA256
693c3f5dbc1bae28c74312f8857441677479b2e8607e79a44c4deb2519016838

SHA512
4b7df0a6dacf2e03dd36e8e9d1b70141a2a9954a759f112e12cacd30a03377dd640f2d505a0d937efd1b6a37595f700a2118dad9fcd57838aaf4abe893bc7d59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1282e96629dd8f28f935acbbf675ef73

SHA1
e64327f2acf6a096f67aa9e83f96595d4fca9644

SHA256
4a669c5ab1d336cb825c1a91ccfb1a1b6890d211cab85b709c907aa9769e52ec

SHA512
8d47dfdcdc6774c6478c39f51eb39193753fdfaa1ba83cd92a855d8bf61ac83a490cfc5223af561c7aa249933356c3906c561b96d7317c82e1f0db72eb3c9736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55bc397efe930ff0a6e0c28b04f69852

SHA1
3dfe757d0e0a716135709433e361be5c49ab4f78

SHA256
9f0955077c067490a7d3c6903a8dce0f13e8049fd07a1b8c2395ab32a328439f

SHA512
6c0decafa795176ed9dea869cdd4e54b67722eaed8116db83e3d318c7b4ff2881e4d5c5e600590b64c0200989ecda24fc1c7edf4ecd613b16560ef4adbdc7435

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03fb8a004af84f221ab90e125ebf6bef

SHA1
3186013f8762622bb8712f2105965caf5d04f024

SHA256
6e33796ac3cd1cbfee2ad8caa7aa32c43e2d50d6409d18b8b477c534a8d2846c

SHA512
26617f66e916e1fadc10cba8f7b15f186ffda7be9ea437cc371f14c47283d5575b5f8ccf29885280ad3e29de9a55bf78cb92036c0d596fe87568d6d9ae679484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28c1db7ce9df2d89b404afda1683a9d2

SHA1
b8d030eaa326abfc4d58ef4ded459643cfcb949a

SHA256
0e9ab1d0e27f68f6d07804d3937b1c09b8a44f82a3da277b2d68dc85ef82e590

SHA512
181ec72d7e23b939acbb6d45dedc7c361a3be4ccf81a8e7ae257443b8db5396abdcd9e2bf123d5f5b1977ab816d8b859edf4a250c4a3cade0e0201b104fa0557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6895ddb6010c43f1b2f168bac7b916c9

SHA1
66d75a7eb5465011213e6459bc090f6296e5cc13

SHA256
43d2f4ae031a4ddd27ee5ff1f57be98016a3114392779b3ca93ec3d35b368821

SHA512
a768eafbdd7547cc5a5a8fb60246ea10ce7786b79c79d0b4f81faedcde5d036ee57cac7bc45d8fa151942dc3c7e0337b3dc9012078a9e55b420c7569f26be8d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84be05879fdb1eac6a71e3d8c9f6c31

SHA1
0e8f700ce5c3c1cb316118965f179ff0d9ed70ec

SHA256
2e63f41ec438c0ae8fb6d25be24284ab02a1a9b647b44ea140256897c7f38750

SHA512
4167748250d38807d000dd8997d64f5fb4864de0a729f490ea4949fc1d4d3465e1541db81fd55327f8862a0d2fb7631c48ed40ad080e61c5ded1c4bf458d1da6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1140a2d595ed4669e99ec25d02f4ccdb

SHA1
1383cc731ea85cd9dc7b407870f138ba254f11f4

SHA256
836973daf0e554723bf225cac63c5b79477d717486307d1f81f1bfd951b99bd1

SHA512
14e19bf5a18e16cae412207fb4cea629aa7b67fa2c977e1dcea0dc5d10ef42d8e16774a9b3b2c81f2653ee05b23788f9bcdc8a2e817cbaec94761722120b43f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
061b96fe8f3aadee45c51aeec0d2a32e

SHA1
38fa898565bdc86c1f47b9fa1ca12ab2c04baa86

SHA256
e7aaed8b810649ec1a7d51c3c9db1433b3b1c03439599bdedfaf3e65a389f1d9

SHA512
a1e56a3bdad0e40d3fffd62c4bd4cdc7d414ecab73bc210e8fcd0b8a1c1cb9b0b0e80fafd17aa079fc2f8f623ba6b8559b80b70a53a4491533a1cc966a7fd73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23e92598fc1b5a3451865d245e9053a9

SHA1
ec8cba73d94e0b12f01aaa0f35861c3797ec461e

SHA256
88964b816a7aaf77b49a04acdc45be07ca3823a7aa3233969fc411a32fa863cd

SHA512
c1503ee2c59b9002b830c07cf642fb0c6ed9446b2c343dbba32a8cc22558eee98fe505b7da83b9fb4daf87d82286d57bc954b5d061df5fe99589a687085d3d11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab570.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5E0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\autE34C.tmp

Filesize
192B

MD5
531afa31e63f4340844de937716019eb

SHA1
7505578b1384caea8bd7cca0e0e4814c65b98453

SHA256
6361d0896bee3569562d2add5b93c8e1cd6250acec04206e219abe598c78326b

SHA512
b272598cfa49b8d4c7ce6fd32a14a64d6e1554ff1654f629d35311bf40377065d578c12745052ae9a889e5d7f798a73413273b027ab43140041c1ebdd0afa2a0

Download Submit
C:\世界之窗浏览器.lnk

Filesize
1KB

MD5
e1838bc99031aa3c2e6c73e962c20a3d

SHA1
ae917973fcbfdadf1c02b3fa6fdde9ab4083ce13

SHA256
3b9a8db32ae7a4f3b21544ff59b82c6eb3c57e72d4e7f6b0a668638227f8f525

SHA512
6f53af40415247cb7f2c5d683a5a58e1f5100872e797d8c0b6904a2d1156f7ccf5f1190295fa597268bcf95217b1e0b5e901e99fc2e5fa0074c6d78702a29b3d

Download Submit
\Program Files (x86)\TheWorld3\世界之窗.exe

Filesize
1.4MB

MD5
a521d52d7bbf6db44d9844be3688b46d

SHA1
16a01f91c58b75b6df32aad260a577d813ec9724

SHA256
35941f051fcc976d78300d1eb177a9e1342904f09adca7b32036373eb10392f6

SHA512
5958f686525234981402f7ce127e5f8601e8353ea9f848aec844c757391f48c43f1e5f27c4ddcf9f1def3108058db972a8053699635e494c181092545f4da66f

Download Submit
memory/2448-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2448-176-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download