f1307cbf493963b94a1b4c084de1f2cd6f3a647950facbae8c02b37d457c4e77

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
Size

1.0MB
MD5

ef111d2c52ab18ff644381a1a1390d0c
SHA1

43090366a00fc6265277c131cd0d22c66e7b5fe7
SHA256

f1307cbf493963b94a1b4c084de1f2cd6f3a647950facbae8c02b37d457c4e77
SHA512

66101af72f29cafaa37d3c8f8eaa9acc4b237fd0b0414785dffd816ad9252d17e906dab4802ae78d52c83dab3958544d413a22194392fb65687e410508723120
SSDEEP

24576:yD3euKmLCkWZSbcHTrlQzSraIKu78ThO3pEUaUTV4s:E3+pFnHXLaI8KaUT

Score

7^/10

discovery upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
320	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1304-176-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/1304-0-0x0000000000400000-0x000000000049C000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/1304-176-0x0000000000400000-0x000000000049C000-memory.dmp	autoit_exe

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.exe	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家电商城.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\百度.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\百度.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\360\360Search.exe	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\在线网游.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\实用查询.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.ini	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\系统下载.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\电视直播.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\系统下载.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.exe	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\在线网游.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\KSafe\cfg\ksfmon.ini	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\实用查询.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家电商城.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.ini	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\电视直播.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1300	PING.EXE
320	cmd.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000db239471aa43ce38584ec9b0dbd6e9be4267afc0cece1e6329e796a3bc012279000000000e8000000002000020000000c34d96f3ec9ab62503fd6d81bd5c6ac24caa99912d76dd3b7cdd16ae3248a70d20000000a1fa4a9085195b2b31d5eefed4f1ac0f2ec5c47547400cd403419e224aec505e400000005093e931740a19b1c8dea8e4061bae5863f35317de679ae2bb7786e45d79168cc957df2add53039ddca768b645eac2e2b725d042ee4cbe7899b3980327d9c759	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000009e906ab59639560702691f310830e8a40d767ede71378ceba4b5a525b7436a43000000000e8000000002000020000000e36d814f77b3bf44106085ba6c261001984e8108158f25fd4ff7af216b083a4990000000af1505de7dfdc655b5cebaec6366a86c99c79446a26e164af7166903fa3078c5114c76aa099c695bf0e5fca50cfe4456f102c81fe1186a8303f66b3d6535b4473ccebf03a780cbb9d74a4a191307aa34809782687d0a9181093547cd39ff0f5b822fb4e6468bff23574f6c16672903ebf94ec94a858aac9d657d0f539a795e0be95249d1ccd286b8c40db5584cce6e3f400000005fa297636a05ce954ab2da04ba9f0aff6415bb1d15c79029add4cc1a51ef029c5cba2e50c247b62cc854f94d4fd0cfa6d1deedb379ec746672f8b0a870e3ee2c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0bb12c0de0bdb01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9A50131-77D1-11EF-A6EB-D60C98DC526F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433054759"	iexplore.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1300	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2312	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2312	iexplore.exe
2312	iexplore.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2312	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2312	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2312	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2312	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	30
PID 2312 wrote to memory of 3044	2312	iexplore.exe	31
PID 2312 wrote to memory of 3044	2312	iexplore.exe	31
PID 2312 wrote to memory of 3044	2312	iexplore.exe	31
PID 2312 wrote to memory of 3044	2312	iexplore.exe	31
PID 1304 wrote to memory of 320	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	32
PID 1304 wrote to memory of 320	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	32
PID 1304 wrote to memory of 320	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	32
PID 1304 wrote to memory of 320	1304	ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe	32
PID 320 wrote to memory of 1300	320	cmd.exe	34
PID 320 wrote to memory of 1300	320	cmd.exe	34
PID 320 wrote to memory of 1300	320	cmd.exe	34
PID 320 wrote to memory of 1300	320	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2127.cn/?newth3
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\ef111d2c52ab18ff644381a1a1390d0c_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:320
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url

Filesize
194B

MD5
9018fcca1506b6e9998cf9483068765d

SHA1
ca7297f37507501b783b9384597b95f7a77e2602

SHA256
6589fb51a3d3c0128ba11a27383ef8f4f4a76d87e343a022555e1b8c63b76de4

SHA512
0811dd3febb468711702e15a32ced2f1bc29441cde1232f3f02f2c6f8e973aa550b32ebd0e097e3d9bd703e7774ab838daef9e126369ab7f4e23ac8613f2fdab

Download Submit
C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url

Filesize
134B

MD5
25852a9ccf176fc455d9752841d27114

SHA1
d7f298bd5fd616e0ec0778a69024d21653c83ef4

SHA256
22dd6f2b0ae0e373796457a5414a3535367a358f531d07bfd220f1f36213da02

SHA512
eec5fb3f9fb14e6bcd27b42165842a250eb0338085c054bdb00162a0e11663972764e07e8449a288a9b641dd5f3d2d11216f788b4f5676f179748dc1e4a24683

Download Submit
C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url

Filesize
142B

MD5
c931fadca55f88e0e5edb7552c4b1ad9

SHA1
aeec96c72c7db3ae94d25369e8ff73745af6cfb4

SHA256
93e8c38c6d5286c7922be4944a87787aedca8d5c9478e4f89c4fe1de7371b710

SHA512
a5c95e5a1236a9eb3bed1ba8cfd99c48516ad30ed28bcb1453928731c3e4ceb68cca61a4d1122a5c20717a539e3ff98fe86cd555216e4bf368e537b2927296a3

Download Submit
C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url

Filesize
82B

MD5
d8b0997d51b69f071b951de35a1f5f4e

SHA1
c0f634151c7c70c0d661d6e36e3298571854239a

SHA256
69bf159c06d52670174336c3a229afd1e3342fd3a25666fdd4617fe211945fc3

SHA512
d03b46f108e0da4bc800163fd60108d1f96cec69119b623e29c83a97d33bad28b7428f47a05cc65b8058cedf536fe1c35d9db6c1c6125abcca4d9d9d724ccbcf

Download Submit
C:\Program Files (x86)\TheWorld3\2\【网址导航】.url

Filesize
78B

MD5
15a0dfd6971a548e27da0e9e081fb20c

SHA1
d4e96db0a1f75cb170db214d2a3bc837d8cec84c

SHA256
0301c5ca25bf7462637537ec02af8d5e59d573ebdf783568b24cd7048e283589

SHA512
779392917f82d8517ea4cc0c48ffac06e20a1cdf6950ec170600cc789305eb9669559c67a097150f40d2fa676e41308abaf07a5e58f1994ccf6988477f4214b6

Download Submit
C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url

Filesize
134B

MD5
57efae2fa1413b359aa55ebf818d44e9

SHA1
a25ed510c0de2b7d714c20fdac23db9c1c5f4128

SHA256
bbcbdf46a55af3d1511f0b2d52939213810d2b9c0c54d073c8d09429961b88b2

SHA512
3a3a4074db5d4a3af95cadc3da8751012993d6c011de49f628dbe45a13d3cb8dae8278813eaed57b8e071df97560d05270ea3116b28e6d0de6a4d75fdd9ebc9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\在线网游.url

Filesize
190B

MD5
f48866be4b9729453057af8c2de8cb84

SHA1
f48cb381e5baaf598da3f464836ab7ef628b0710

SHA256
b0cab2c945158a89985a9d5b77704fda9a7495858ca5c7ebaad5b524f303861b

SHA512
a1a4caa9fcfe83f9eedfa7e435229e32c5d3574798b59700591e756a5aa2eaf2f67943b467e47088c685d078dba6eda30e7ac292068557fdb7f5316ff47625ea

Download Submit
C:\Program Files (x86)\TheWorld3\2\实用查询.url

Filesize
78B

MD5
05f923433437db81afa7a2b19d3c6f51

SHA1
19b6b8a548c430b1fca8a214874d67c3915bef85

SHA256
ce2c4d2b876cdf11b707f79b45b891f674025f421b6e8c99c40509e849c67e68

SHA512
dc431b7ab359ee1d1147c2272461b0dc0b8f41bda55d8ec4f4e3d896013121bd88c32898a844494bdde8a37ce7823b49dfed3a31625d8b006d16e961d462ed17

Download Submit
C:\Program Files (x86)\TheWorld3\2\家电商城.url

Filesize
126B

MD5
f847c2a7d92d221480d4577b5f4a02f1

SHA1
287d2ed6b93141516651fd902394afe0ccfe8c5b

SHA256
4d097096fdbba3ed61c35598bb26cb66e407dad48bdd9cc6f630f272bf0b318f

SHA512
191515b24148a710f7d2ab6187005be0a09ae9bce72507d963411234b36458b5de9dd935818460a6af4d121c48aba7dc082bca23a06844948d3143ef0b858e9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\淘宝网.url

Filesize
145B

MD5
73e9d1a5c85a6d17cf6daf1a29747d68

SHA1
80586a1a5420d56f65e37d0b1b0b7c2faf19a79a

SHA256
9f4bcaef43c584c99aa48042285b3f744ee9eb1afb934bf2864759543819fae9

SHA512
0a68b2230fccb66814b5d85fa79beec4b633361e1273499417cdd9676320398c6056d2b95500e1191b467bd2f5a462f1cc0bc76ccb4e11120fe0cb375d3040ca

Download Submit
C:\Program Files (x86)\TheWorld3\2\游戏下载.url

Filesize
81B

MD5
cf8565c8ae2227e2405d6dfacaa04879

SHA1
471aeda36ba5044533b24886189e68e43538f01d

SHA256
4a1dd24faf80eda60d1f60e2c84a727e20be9b4aa6b032d61560ffcde73e9b44

SHA512
654fb592ddcd92b1979fe89edbfa6c228a757d52acc0afb49d4e2177bd0c3697a67eccf1da112340d02f240ead4554b01cd8a2ce13173d0aeef14f2526c4fe53

Download Submit
C:\Program Files (x86)\TheWorld3\2\电视直播.url

Filesize
184B

MD5
de76ed786e20dc35d1462da506355f6e

SHA1
f302c494fe862e046c39482ed5e698450c1771a5

SHA256
0fd9332ea18b83e7f313cc3960010b10fa4f1d1590f8f5ef75254d8ce121c9ab

SHA512
9261c8983f319210df9eb5c7439d79547f47f74218683d3d43b8a8a660925bf5a9b4415cb15011d7dd6732f56ee20596b465faea23a4cdc7e873b656bbb0a65e

Download Submit
C:\Program Files (x86)\TheWorld3\2\百度.url

Filesize
141B

MD5
78412d08796c909a0853a1dd18ccd586

SHA1
ceb2d947d41df77377aae60ab559a304fb405b59

SHA256
7e03a4aba9fe8f15abede66b5ea190ef7d1c16e200b342a7b9dfd417545150f2

SHA512
3beca38f6f757b3df3d7cf836ffc996e8a713df809fc5cad3f81363991943123acf55656c767b898b025760d0f113d53a1211c231332569f2027bf4f4b59e119

Download Submit
C:\Program Files (x86)\TheWorld3\2\系统下载.url

Filesize
183B

MD5
e321c8319ae133844943486b541461dd

SHA1
8e18a6bdb999a036cd407521e64ada293c0e61b6

SHA256
8d1dc50916793e02d99602dbbbcba6fe43346521ec8df4cb83a2399f0f7c684e

SHA512
cd0fd9fd5082c20045a43b8904d3c4a196cdd5f977bca7c6eb71f4968bf0d9b91eb78dc7aabd4162f28706312da78ba435e01d4412ca02fe3a83decf373a3b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23eed201b2f967e3fdea036655e8d6d6

SHA1
1caee69d5161fd522e181b11d2cd1413e66df4b5

SHA256
8cdbc874c69a951f5e999bca7b5627e932fd8625087ca71d1ca229cf0d4fafc2

SHA512
330bf4c4d3722c1ebfcadf6de9e25745a5046578a3d6e5b3761e37dc8b0d2e78de88223baf4f8d6b44e8804e394ac7831bd8c8461c79be539ed992ee6e7ec431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f525360c1e163f1468ab74550c52f9d

SHA1
6fd95b455b733e5566f1ef573c0902f3147925c8

SHA256
62c9507062379ce386277fa807519354f55734a43b8e13c5bb7f49e31741567f

SHA512
4dc5066343d2a2014e3de0eb353ff14dd36041fbb08b1aa37166a10cf0697ff974e908542e4f2eaefc3e8ad09b42417199837858082a44767dd69bab358b5328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14392be1649cdd3a8c7d8698a9be82c0

SHA1
ef8e891c169ce5b9c27fe8d8243dffef2cc737aa

SHA256
e5f6b3737754a4bcf7a17383db22ff4f4fb6ddaf73e99f40a0b733f2805b4220

SHA512
504804e92dbaed0dd0f22f046f25a5a74b3db4d34486ba0be5653d97e7c426344b1194dd35b40fe490c9963d2457967dd57b2a375db445593b8efce0093eab56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00df67b8a6d65a59fdfa6cabac7f8256

SHA1
e75fb8302b639628a83b8730cafd7d1e46da4bbd

SHA256
0ece7ae56ce0829f6347968b4032801da22e3e54f7e80f06f11ee1b1cd1e1a3c

SHA512
1ad38d3109d8f24ff8dfa11bc79eaafeddf2be706ea77e4654628beed6d99abe2592e497e0ef96b8584e45d89cf9f782d777d432c66f15123f3244c67e844d5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00b7c1601f038369ad543127e10e920d

SHA1
159af0acb93b4e2454c4351af27000ffe3258707

SHA256
0e2080b611511d2aabb8825b52df380bd327ea6ff7e8aacac266d8bc6901df1e

SHA512
6ddace1b41f22acab91ade6b956f97cc80adab38b429dc7d7f029773c774aa1e521899a77c72093426891923d15446c29bef92e204384810531aecbe1bafcf37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e24ecb954feff27d0e5180262b486f3

SHA1
8cf307388297fd6038abd88a4b8dcc0ba7eddd13

SHA256
71cd713f99b5e17ec635079a788977c02feae385fd6060b430220cfe45e2e127

SHA512
9bfead149f85be8cc9e24d37d19eccb531084d97195e08d987077f67ca421ee6615fed28ecd971de74304ae11bf0ffdd71d2172b4f3b6403936f20c51ee9c7be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b39a4c0190605b6dbbed809aaa625eb2

SHA1
b6ee297bf65a81a5b7e5b130babee6195347bb4e

SHA256
d58d33c10f7d22753791699a9a86b8486d9f27302b36d923fd2c40bdd9d98ca9

SHA512
d3b7600e5978c0b2ae3bbab6df8d07fb7d1fec729e11cb1dba07bb691ff694eb811ccd2657ca40b1932c338c6e1f3cf35c29ef8c24292fd925f53197b6fafa21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b159ec28b3a2cf85f986c120328a633

SHA1
e4aaaeeed0ff9d24f3812f59b24e31bb0ce2ab37

SHA256
e2361fab192a0cd0b3fa275400f26c25cf5b75ab4cc510da00103f1f8088214d

SHA512
6f78914b8c9ecf6bf1025ef671f1cdcd8a949486932157e863f4a87bbcd42f201e2d7cb5364b694c6000eb0458569cc41291b44c43089d3868d811967d1a59a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21ff290560a74023548c69f2377c7c4f

SHA1
e41ecbcae3dca4fbba4c85c7ee51f378ecd31e16

SHA256
6304e15b6d0debf67cc2ecd7d1bd4b8e17cc86220ba6bb7391fc687de38d0d05

SHA512
dd5dc4976e6e0aa69c0bf04a55206533b3dbd559b90b567435cc2efb563a09b425c028be51bceda1caf98227ddf41203e07a1a3c99c0dac5e2cb0aa4e5a9e32d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1df5f39bffc8601420a032ae12ef5f88

SHA1
82fbc2618fdd243c94192c12da63c97b93a6bc85

SHA256
f93a141d10152cef893ad3707cda24d48438c8898360e644e3f981590aafd118

SHA512
2c26c8a917efc440747b1665485ea9b9f644bab585a0147015f262a782eb7fb40409e7e83df80204e3c5fd5d5109a9fd8d8e8dae5f30149f5337528002ea10d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81173b2740d03d85d8054ab1ea0fb9d0

SHA1
3aca68f579642ec267ea83337326c761b90498ae

SHA256
7fe7b162eb4c5b577d79fa2953e2e45a49c9b44e9e7e9969f18553006ef31a47

SHA512
3424f6197de2f552ec25c39ee0a423bb57e5599e3be511379fc42537376b8bad6a83467f09f8e6b45fb75ea5c18a4afeb0905e98b8576b561922dd6853d10bc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
131977a817bba834d8b1ac4ea58ab348

SHA1
7ef0dcf7bd50619afabe1fcace15241c54c629d8

SHA256
ffa6635b386520698f69994efd250fa38e3bde5ce9cf78d926ae35c955833f61

SHA512
d2572aab9068546c2972e55b5b771776d3902f23a28ee1de5f58770437a55cc91e649a40c74595883bda823d38fcc5b3417a62942458ff83f3ce77f9cacd5d95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d9015cf99337b6a69be681d9f03ffa

SHA1
77e4c01f19e913b2e1792f78be95d23719cca7a6

SHA256
e328bf19077bcf23f3d01ecb86356525734460954cdd7466edf6bf504dafa8cc

SHA512
d043aa067b2625d40d174ce1fd758e01ccd5970b5b7c6dc6a250702ee4b1c1b103d46f41cbf1be62c86ff6f817b63fb54abc134f8d0659142b783ee18e6a8ae7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d1fc8af1adfee75a897afbcb9b965f

SHA1
5e11d479b35e23ee6184f7a83cc03cf1872a369e

SHA256
e8bec43a5ae8e9c730bac1e00cfe1439a81e08ec00307932e7055c03eeaaee40

SHA512
e7d3a353c9f286b0a0368cd2cb14a95f4d0916003efb12ec34c0e14641aa89229a938950258cfccb2f29408871cdf5b10af9ba573934bc3236ba8a74690a28bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
143514fc2ca596e0a261ec0df27cd971

SHA1
4915b58fcbaa9503e40fdd07e3487b5db89f8f56

SHA256
f782f32d3efe8049407c7490903d4b33d548b2f5b9f52a590fb0e12f10dffcca

SHA512
53aca4375af55ef3a3eab02af5d60a5170f5da461562869f755f9380ed0d44ea07675ad00dcbafba5504616eb100f1a437e5bdbbdaf897051e6045b241c3ecdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cb60c4d26762b64e81b7c242ba768a8

SHA1
5a7f0588ad8c953832ef1992ef0e783f0a88a592

SHA256
70c4de0d3c23af2cafb2d6d4899c5efafe24948e16a7882de8ee7cca42ec984f

SHA512
b863a41b42503df527fdf269b8bd103edf7da8ebefc08d8200bad41d14d7b63fcd944a3168725059ab4d99924341aae844acd2781cbbca422cb495f44ba6e642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f731d69ef573ce2725a64056ac926673

SHA1
1aff2055b703bc820f4b9568884b0159333c7529

SHA256
0c2cfdb1f400f87c2cc7d0fc84022925abeb550b4f40a3e73dbe7e0641a117c8

SHA512
c4508f653687858dd0bcee0e4d6b9f69384f63cf025e9057718c58bf2cdf8ae63fa11d2e256f58fb35f68caa1532298bd5bda309893a0ccaf99674715ff4677c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f7efb8b7fd9d73a47ff2ac82f66366a

SHA1
250548df2f002eb16af6ef8b25ec6e6d543630e5

SHA256
495f81e47232196f1b947b5a6ac7362654882d984c45186b98bd95af178d5216

SHA512
131ca11000147fb2218572977c7a08f28542c68231a60f3e4f6ecb1e06c14f6e5bd2be8c47460e958f01c55ce7b63f6d624835619166122882c20a1c7dfcc46a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a7fc4cef981657f9b6a30664e9fa0f0

SHA1
811559d95e9db472013eefc3fe36d53dcab4a1bc

SHA256
874cc109176be0ca0d9d990b0bebcc71ba44e1f051191016ae0ed269113b3449

SHA512
7bc71a54b306c884ebcdb7082a599944cf039f6eb6aa9fa05a242d727d948648748a8e34bdd01f367c3bb248c5838a2d5d2e607506082036c8d1113cb97f693f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA74A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA7CA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut8583.tmp

Filesize
192B

MD5
531afa31e63f4340844de937716019eb

SHA1
7505578b1384caea8bd7cca0e0e4814c65b98453

SHA256
6361d0896bee3569562d2add5b93c8e1cd6250acec04206e219abe598c78326b

SHA512
b272598cfa49b8d4c7ce6fd32a14a64d6e1554ff1654f629d35311bf40377065d578c12745052ae9a889e5d7f798a73413273b027ab43140041c1ebdd0afa2a0

Download Submit
C:\世界之窗浏览器.lnk

Filesize
1KB

MD5
a2347b485d9b2d19ee0c7bfc7e02d994

SHA1
4c69b470975cdc7492f845ef81251364ba734a21

SHA256
c9defcd32e881c0eec6bcf1e5c25c5d1e1e9f28d49c0047a22ec615525f5fd58

SHA512
7fe9bb1d85fbb7a6ea40937f4d246ad5afce304564f4a4bdf16fadb149f481c9e55079d39343929feb14a16aeee7948fca07eed06f46d972d7b41d1ea12e1551

Download Submit
\Program Files (x86)\TheWorld3\世界之窗.exe

Filesize
1.4MB

MD5
a521d52d7bbf6db44d9844be3688b46d

SHA1
16a01f91c58b75b6df32aad260a577d813ec9724

SHA256
35941f051fcc976d78300d1eb177a9e1342904f09adca7b32036373eb10392f6

SHA512
5958f686525234981402f7ce127e5f8601e8353ea9f848aec844c757391f48c43f1e5f27c4ddcf9f1def3108058db972a8053699635e494c181092545f4da66f

Download Submit
memory/1304-176-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1304-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download