6fe73da6b83cdae741cf3ff8d2f4e520a6f0449d1acaaa9e89be4f3753cb7abf

Analysis

max time kernel
95s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe
Size

47KB
MD5

41fcff694cc9bbb15613df9936ef4694
SHA1

5360d4b22ae6d6f15aa008db2bb95261ed6c9492
SHA256

6fe73da6b83cdae741cf3ff8d2f4e520a6f0449d1acaaa9e89be4f3753cb7abf
SHA512

9db5caa20256d56fb9397101a45867c21bc36a7c27c99b372b154d5e750e833a8b60d65937955ab2a4a425db4df72999527181b098f8fdbf2134ec3cd95fb98e
SSDEEP

768:x1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJ0V33rUKimChnyV7Pe4pcYd:fQpQ5EP0ijnRTXJ0VHrEmCpyVF

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
1552	Au_.exe

Executes dropped EXE 2 IoCs

pid	Process
4220	uninst.exe
1552	Au_.exe

Loads dropped DLL 3 IoCs

pid	Process
4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe
4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe
4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uninst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Au_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023c9d-36.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31137201"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6F3EFA64-89A4-11EF-9361-D2BD7E71DA05} = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1134180544"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab44cbc7ac5e824ba8748f8001f100a100000000020000000000106600000001000020000000dd9d62bc6f74918fc677ecb0ae97f9c154e34f2473c6d3e67e59b8d5323112ad000000000e80000000020000200000008ae15284c9ac88ee2d8823f103d69581856bf07da46234f80d8140a189cb365f20000000dfcde3e7bd3607b88ac6855064a7329701a36c22018e325e23d62b143546db9a40000000c523da045219dd5939b6f330b64deb6f2168457fb227395ab102149bb86ceb1cce50e945efd788cd02ca10e6758ff5442792c3664b3479cfeb8a6a0ba2f5c934	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e012924cb11ddb01	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31137201"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1136211479"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab44cbc7ac5e824ba8748f8001f100a100000000020000000000106600000001000020000000c40f33f67bad8a32556791bfa19c9fc1cdba607c280a697b49440d9969e65dc7000000000e8000000002000020000000b947080f8d020b108a02817143fa6f0969d68014f8d255e9067028089f13191d200000001a586af2977072926281d2d30fa58f016843d7324896f2419f42c4e3f90dab1a4000000068a203eb2c13114055f83093f4345ca92e36ff9fd9992c327f5455a589088749adcff9cbfb8b557e62bfefee60f5861557357c21d06f3640634955cbb2b3bb3b	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31137201"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b096a74cb11ddb01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1134180544"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435617455"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1868	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE
4168	IEXPLORE.EXE
4168	IEXPLORE.EXE
4168	IEXPLORE.EXE
4168	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 2164	4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe	86
PID 4112 wrote to memory of 2164	4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe	86
PID 4112 wrote to memory of 2164	4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe	86
PID 2164 wrote to memory of 1868	2164	iexplore.exe	87
PID 2164 wrote to memory of 1868	2164	iexplore.exe	87
PID 1868 wrote to memory of 4168	1868	IEXPLORE.EXE	88
PID 1868 wrote to memory of 4168	1868	IEXPLORE.EXE	88
PID 1868 wrote to memory of 4168	1868	IEXPLORE.EXE	88
PID 4112 wrote to memory of 4220	4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe	89
PID 4112 wrote to memory of 4220	4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe	89
PID 4112 wrote to memory of 4220	4112	41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe	89
PID 4220 wrote to memory of 1552	4220	uninst.exe	90
PID 4220 wrote to memory of 1552	4220	uninst.exe	90
PID 4220 wrote to memory of 1552	4220	uninst.exe	90

C:\Users\Admin\AppData\Local\Temp\41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41fcff694cc9bbb15613df9936ef4694_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://cpa.loadcode.meibu.com/down.asp?users=ok&°²×°Í³¼Æ
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://cpa.loadcode.meibu.com/down.asp?users=ok&°²×°Í³¼Æ
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:17410 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:4168
- C:\Users\Admin\AppData\Local\Temp\uninst.exe
  "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4220
- - C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
    3⤵
    - Deletes itself
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7D60.tmp\InetLoad.dll

Filesize
18KB

MD5
994669c5737b25c26642c94180e92fa2

SHA1
d8a1836914a446b0e06881ce1be8631554adafde

SHA256
bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c

SHA512
d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7D60.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.ini

Filesize
102B

MD5
547edaa55569d603da9b9f4b67fdb74e

SHA1
3c5c161afaa85cc5e68225eea88abb15a1928932

SHA256
89b5979ad0a627785563de6915ec8ca9f0be957f99264f27a37361bb32c1d64d

SHA512
edeef7af8f3d3091280ccf96d970f08a7d1c61e5efbd548c0b8d68930082093ab26bfba8eb4a8e377ebf300a89c530d389d90b9271ae625713c23b5ee1c422aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\uninst.exe

Filesize
32KB

MD5
11cc266b171797fee29484a788869fe5

SHA1
cdf477b7e5806489770171facf5cfb1f398edc71

SHA256
f58ea93b8ae34346580e011388efdc4e0175d5104455a4d963ff4359e53b81ec

SHA512
cebcb323108eca0ff28ecae978b5eae1654d42a8ec30f824a18cb151200d32e2d9b7dbc6a1977e30f0994c669567865501a5312aa34f1a26f11a19d0eb995ac4

Download Submit
C:\Users\Admin\Favorites\µçÆ÷ÆµµÀ.lnk

Filesize
2KB

MD5
7d9d68126952c1fd65942c01a8523881

SHA1
4c74d809e215e34cfe7205d96be92b9a7a5359be

SHA256
ce36a8fc52ce6aeb3f58692e51e9ab2fd896f3e41bcbcbf408d4ad32b598a45d

SHA512
dd8c0faad630498929c310a859209128a9996c96b2a66ec35c928fe0979136153f50a1a969498742bcedba89c7f34559b9ef439962b6a55dd58a7ad818dcd9a0

Download Submit
C:\Users\Admin\Favorites\¼Ò×°ÆµµÀ.lnk

Filesize
2KB

MD5
01176855f63b1c5039dbcac0d9a8677d

SHA1
754de6fbd957ffc7f6f59ebdd801214ea82603c7

SHA256
fd3db4146edbd10a0cdbcc711b5ae9dc1aeda0db9d65d873d8985a671b472c37

SHA512
12a7656f9395b310e28b25457883cb3dec61a4273749e4eb679ab44dc1fa112e5222297a6948e397bc90c6bc3af296e9c837d09a5e6fa49c75cfa6480f15dfbc

Download Submit
C:\Users\Admin\Favorites\¾Ó¼ÒÍæ¾ß.lnk

Filesize
2KB

MD5
e8ce6c688848142fb5b718e6cf9bef2c

SHA1
f3e8830f587abfc897db4a0f0398eee61a40c7c6

SHA256
a1121ec671f744ccfadfb79a2e35e5743cb527a914ce2710a3c26269729cc73e

SHA512
bdcbe0459ad21244cef3699ad83fe80cd8a368388fa3ae3b4974cda9c00373d99c672b6db49793b44bf157d19711cb8be2c55f5fdc40b7f7b60a50fa4edcf8a6

Download Submit
C:\Users\Admin\Favorites\ÃÀÈÝÆµµÀ.lnk

Filesize
2KB

MD5
b9f8474b9f706078853f7a96b4071688

SHA1
dafd2ab30b4d8bc83b5a99f3f017076885e0823e

SHA256
8fc1a44fb91614c5ddae151bd2fb07d62bb4a49bc15c834c303d8c258bac3238

SHA512
9ac0c4cb2f3931be9834ec9205d40e3dee00183202d71b8559746496fb69a56e34abfef07b52394ddcc1c2fcaab7a3f1898c16760e308ae5597688b76f2e8b42

Download Submit
C:\Users\Admin\Favorites\ÄÐÈËÆµµÀ.lnk

Filesize
2KB

MD5
22ac8ac575df9b3d9a62dfdc6b66fced

SHA1
f9a4d553699edf843b9e8e4e3f5ffb4fb6dac834

SHA256
27720eb3c76db093bdbb20c0bd1402bed9cbadf9c82ca396754a1e5ad1d86bfc

SHA512
46f551cce8d3dd3314c9a202846ad0d9bf6e5377d07ec294a77e53ed2eb599aa0c0b92c865b58a121d558ea6d08958ebdad84d2b5ce90a4e65327d9e5331b37a

Download Submit
C:\Users\Admin\Favorites\Å®ÈËÆµµÀ.lnk

Filesize
2KB

MD5
99fdee0082a99ef899b27b15ce77d490

SHA1
612fa14ff69bc8e4d15341f0ec400122381f8970

SHA256
4decb0921aa61c8beed0ec14379f6bec8532178e4db19c9f99c8ccdd48522704

SHA512
76a7aca4fa5eb63e8fb6f220158f5b8b9ccaa2472d804e9721b533e2fcfaac16b83f247e46b9c97654c9028ee90efd5e3b8de956bdee55cd532d4b9854846739

Download Submit
C:\Users\Admin\Favorites\ÉÌ³ÇÆµµÀ.lnk

Filesize
2KB

MD5
c446a92333512745e3efe417b2b03971

SHA1
93917247d4860c3334ac8e5317e6644c0a0d0e37

SHA256
e5281af7978edf703bc94bdfc2a757164a5ef3aa833fb1107d991a8afadb1c63

SHA512
dd86aeaf045c3c7112c28d4d3425655c487b90d67355e6159fb1239cbed266dcec97c5f5e326f95e672382010d31b486de48864e41bfa7094cc30f2ea506468f

Download Submit
C:\Users\Admin\Favorites\Ê³Æ·ÆµµÀ.lnk

Filesize
2KB

MD5
34fde31aac88acd15ceab67eb37f4bc1

SHA1
c8dae654e18e5b3477e627b2161c6c0ddb65786b

SHA256
c7030ab56ffb2e7cadfb05f4777a51b6ff2c75d2ed7b2ac01489869bac651dc5

SHA512
e70d46fdb3e66bc81681e322d9063d22040940aa77494868d079651e5561d1124f568b988599041ad4afc66d33cc4b1719902c2ff55c8056d9323723f025eae5

Download Submit
C:\Users\Admin\Favorites\ÊÎÆ·Ð¬°ü.lnk

Filesize
2KB

MD5
82954e7c99992c59440b6c6662c684ad

SHA1
ace6879cae19a950c13c062e0b5249b5a1bf05eb

SHA256
17f66e5a46ac4c69ea4247191e19c74cb5370a8b49cc4f7ae9bb1996a21cd18d

SHA512
0dc4e1639ca40b934d2ad0b622c104a889868c08a45b488d19cf21a849fbc812e748fcf3f797bac9062c8ed298177ed5cf9b9a36e5cdc8e03a5a8f45d5a9818a

Download Submit
C:\Users\Admin\Favorites\ÊýÂëÆµµÀ.lnk

Filesize
2KB

MD5
652617dd4e2da4630b5cfca87c5f1771

SHA1
2d1c7698bca736e00fa07da7b3c2e903ebfcb746

SHA256
2271ecec99a9e39ae1654186cbce4843795e9b469240010a7fa094f61ffd2a33

SHA512
ce0799aec0d72de7aab44f9a3e6dc86e601a2c86dd52e395d9c8d1f26afda3ce5d391144a61c5295260d90ab49223c972427b2ccd386001da5ea0cbfa62a3251

Download Submit
C:\Users\Admin\Favorites\Ì¨ÍåÆµµÀ.lnk

Filesize
2KB

MD5
43a9dd9677c9f63322f06fc51a39e6fb

SHA1
931942abaffd6e133fce7273541fe63109837e4d

SHA256
a8a5c885ef481520280e2f07ef03b70e9d4f84dadbf777e245bf43ceaf31b567

SHA512
36d0083d9845feca941324a2a9b91be229a8973fa75ff365d34acb53ed3d7bbff6b560c183c1db740cb4243d1825e566258ed82e1ec21fada8948c48fd9679e3

Download Submit
C:\Users\Admin\Favorites\ÌÔ±¦»Ê¹Ú.lnk

Filesize
2KB

MD5
9b1a3a6270bb7c43d07f8e720c2d04b7

SHA1
d263c49f2ff0d6105a34ac9b350dfcc436b382e8

SHA256
b3ed89e42a4b27db405fe51a6183fdf742a96c6d1a4d05ad6d6e798d1e3980cb

SHA512
77438fb3e81324ea595b5678458f95fce7b70eb6e7545964c4535ef9b4028ddb7e03a12ce8cd4e886ca7e508eac310d90eb3fb2f0b1b1ff73fd31becd32e8761

Download Submit
C:\Users\Admin\Favorites\ÌÔ±¦ÈÈÂô.lnk

Filesize
2KB

MD5
4f0f4779886ebc6c133d5ba431a3f7a7

SHA1
8412faeb3a5840777878689c157837933e02f42f

SHA256
e8342545238147d9821b7432deacc821e5414dda358724c252754d325c54922e

SHA512
92a6f3276fc8b016b275d4e1e8662e070db56d093b0edf2ef12f8086c585d836263a6d30c3c4c052e377f05c55385da223ae4dafa3b027ffbdea928c17541c1d

Download Submit
C:\Users\Admin\Favorites\×ÛºÏÆµµÀ.lnk

Filesize
2KB

MD5
e8ab9467b511efe599583205c662d4b6

SHA1
3f3fa3d07fe1e76aa2406e6ac94484b207b4b4a2

SHA256
f34446cf4585cd4db5dc145b6ce553206bcf576048f4c91628cd7cd43910d3e2

SHA512
e28270a5447f070c663d062bf612748fac844078d0bab884755aa74f4423e29115279d5cec72f85eb4992cfe7b95cf7cf81dbb72e3df86e07ef6e7de1f30735f

Download Submit