7a6c2787558600aca9a836e83593072fe54f9981b31792b9ea9e1c9f02492459

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

433d970910b60cf230e63059dd902387_JaffaCakes118.exe
Size

2.4MB
MD5

433d970910b60cf230e63059dd902387
SHA1

12fab24d955be94124d249ef71fb4b3ee8ae914d
SHA256

7a6c2787558600aca9a836e83593072fe54f9981b31792b9ea9e1c9f02492459
SHA512

aba8e51c1afc344be11eb01296c73792617357404c858f53765206dc8ccbccaa5e56f3ed44b5b6ba4182f3686434e0dd347072cc52218146e97691d9e44abb8f
SSDEEP

49152:bw1dILPAX8ln6aB4WP3E29V8S4Dhg0fn2J6Z2SLqFYziUk68yogVTpypN9C6vfwT:bybk6zVMNcSfJ7JpyXS24kxK8UF8/Um

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2524	jpdesk.exe

Loads dropped DLL 13 IoCs

pid	Process
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\¼«Æ·×ÀÃæ = "C:\\Program Files (x86)\\b1c5djpdesk\\jpdesk.exe /autorun"	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\极品桌面 = "C:\\Program Files (x86)\\b1c5djpdesk\\jpdesk.exe"	jpdesk.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1656-0-0x0000000000400000-0x0000000000462000-memory.dmp	upx
behavioral1/files/0x0007000000016239-70.dat	upx
behavioral1/memory/2524-127-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/1656-124-0x0000000000400000-0x0000000000462000-memory.dmp	upx
behavioral1/files/0x0007000000016485-135.dat	upx
behavioral1/memory/2524-303-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-304-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-306-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-307-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-308-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-309-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-310-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-311-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-312-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-313-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-314-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-315-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-316-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-317-0x0000000000400000-0x000000000071D000-memory.dmp	upx
behavioral1/memory/2524-318-0x0000000000400000-0x000000000071D000-memory.dmp	upx

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\TrainTick.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\uninst.exe	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\jpborder.exe	jpdesk.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\MyComputer.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\NetWork.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Progress_Top.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\QQ.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\jpdesk.exe	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\SearchPage.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Ì¿ºÚ\background.ini	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Í¸Ã÷\background_Horz.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\b1c5djpdesk\jpborder.exe	jpdesk.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\msnmsgr.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\taobao.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\tuangou.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\½ðÊô\background.ini	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Ó«Ä»\bg.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Ó«Ä»\separator.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Almanac.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\jpxiaoshuo.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\wmplayer.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\½ðÊô\separator bottom.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\À¶ÂÌ\separator bottom.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\poof.png.tmp	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\DesktopBG.jpg	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Weather.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\½ðÊô\background_bottom.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Shop.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\À¶ÂÌ\background.ini	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Í¸Ã÷\background.ini	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Default.png.tmp	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\updateinfo.txt.tmp	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Recycle_Full.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Recycle_empty.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\iexplore.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\À¶ÂÌ\background_bottom.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Í¸Ã÷\separator_Vert.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Ó«Ä»\background.ini	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\DesktopBg1.jpg	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\MyDocument.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Progress_Back.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\folder.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Ì¿ºÚ\separator.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Update\jpborder.exe	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Lock.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\PicLib\System\jpgames.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
File created	C:\Program Files (x86)\b1c5djpdesk\Background\Ì¿ºÚ\bg.png	433d970910b60cf230e63059dd902387_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jpdesk.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe
1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2524	1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe	28
PID 1656 wrote to memory of 2524	1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe	28
PID 1656 wrote to memory of 2524	1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe	28
PID 1656 wrote to memory of 2524	1656	433d970910b60cf230e63059dd902387_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\433d970910b60cf230e63059dd902387_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\433d970910b60cf230e63059dd902387_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\b1c5djpdesk\jpdesk.exe
  "C:\Program Files (x86)\b1c5djpdesk\jpdesk.exe" /NoWizard /AddGame /AddShop /Addtuangou
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\b1c5djpdesk\Background\½ðÊô\background.ini

Filesize
348B

MD5
15b80664967a297ec932db3eed08e7fb

SHA1
6371f858fb0150bdb13e47e08567b895df40db43

SHA256
8321ee7f61d00552aad57b2678632df9bc2bb36bed9a87b12dbfad919c8c67ed

SHA512
ddfcd97ef47f3a2083502a9582a8d9d8d0b6147b896768ba34a936eeabd903011f70a0c2eaf5255b08bd1bc9a0d18b65a5d79be1be77132f6b98740931d86f50

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Background\½ðÊô\background_bottom.png

Filesize
6KB

MD5
1fc5683474faae67fe6e634c815cfb1a

SHA1
1b8aeb09bc0f112ef15f259ec11084fce4219db2

SHA256
54e99536468e614e7ffbcbfcf2fd80c7d3c5b1ade75a19d86456372c0fbcff7b

SHA512
69abbce97ff0067210c31372adddf98710bd4f759f2ef23f6f31e33ee0dbd12aea5b405d33733ff4e84dcdad6e78ab63b062fd66c8b4fabd8451b8aff058d899

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Background\½ðÊô\separator bottom.png

Filesize
1KB

MD5
2bdd0d0147769011a115973772f56c17

SHA1
66d838f42294b0a83eab5f017a28d047862b8f22

SHA256
aec664e6d9f5d64e21a7c1dbc4904fd39f7f008287ef1341e9a3ecfdfee3f2bb

SHA512
9dfe4462512ce5a10bc291e7ee9b74f6dc9558773b7755b604ca9d072dd2830bd5204042cd184bbfbf98eca4b80dfbf10f1c0e07c3a088198fc12588ca70a0bc

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Background\À¶ÂÌ\background.ini

Filesize
348B

MD5
0e2c7e5e060a08fe28c1a81a5ed74682

SHA1
071d4274aa30c830d5bff4dbb7ee29f3d5f6bb6c

SHA256
c0dd00941107dd9763ce7ce942a8962b5fc4d4a7ba7973b6ece883ff3e916c76

SHA512
fbed6c2c0d44955d7d4e0db950a1f2aa3853de050731e3916b4bf30ffa1b654efdff7d471a2a5bb6ce53827e066dfa0752e8d8a35a77d2ab47fc37ea03939121

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Background\Ì¿ºÚ\background.ini

Filesize
326B

MD5
fd5f63594053876d0afa98a9538f0bda

SHA1
ddb2767b058917356dbf7c28d16688ba95c58e33

SHA256
ce304a58f25c2c6d939eb5c90b69fca9fb1352eb326a466a308853fcd742bceb

SHA512
47058591131dc46a19e4b1656a62de71e4872fcf7a81d11c9161fec1869373a0eca23eaed13930657ea27949bf0f3521d40685c94a8c9cb098f356f9c9ccccf2

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Background\Í¸Ã÷\background.ini

Filesize
344B

MD5
44593ed6b67c897f4156daa3de9db2a5

SHA1
4b3fb92bc4bb311f26381f6637702669c76be14a

SHA256
05ac6d2567841d83b629e5f871e65cffc80a1fc994b37b39f91bed890ff3c906

SHA512
f1d6f312a8f60aeb2f2a2c5c1a081cc61fc00d78a33f87f786d7130cd9390a839d00598f1f820f875d98cf311d17e909870b91a7b264d2bf0462002efb4374cf

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Background\Ó«Ä»\background.ini

Filesize
326B

MD5
49d77a1266620a259e6d86593067e85b

SHA1
bdf6cf1c29e3ca4527581b661dfd81f4572bccc0

SHA256
b574e317ce0e6fffb413579b8cc9bdb92d4599cadba3e39048a51af055bd9345

SHA512
204a853e97575ae4c885ac937d976e4f763cd36697a983319328076a17c4a66a76f2238bb7610153c45092587cad3584aca95ab4e13319e260c0cd7c3459c5fb

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Default.png

Filesize
17KB

MD5
26e12345d2a3fbac8e2812545ea682c4

SHA1
6a1374c096904f99ba9b740b7824b6613bf5b965

SHA256
b6e6858f80aa0b13f71726249f6bcb875a2573b7e7768fcc2952a1ed575f5efa

SHA512
97ba1b053dbd5399f33910dc651122495e8009b691f829e5e25dc0621ce125de7993fe1df130acff36dfdb518e61339d69a2c6070bcb638f83ab2b4eb30176ef

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\Lock.png

Filesize
24KB

MD5
3ad791ac182a5f4b5d2d6709ede562f8

SHA1
274f064e5313fe64d1a28d97835077c31b309a12

SHA256
21b9b226d93bc0bf3ce75deca1357e01fe96b3de44b4579165fbd9ab6d5274e7

SHA512
d2906acf9c5fc9189ce75e4c036aea2ee267d17f0350a6d0c29eb40b5598ff299a728a2df01c29a5256496f666e6a01dfb63100b1ccbcf39161498c783c668cc

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\MyComputer.png

Filesize
11KB

MD5
853aae4649a43e618afc1ee22bf28ced

SHA1
7ec0d8cc4789571f7cca578acf9b2ad1c9a4ab02

SHA256
4a653663aff24fe95cd423737f8d6c6cd5152df3637b862f08bd95b93ada0415

SHA512
e2993bccd1424062eab1152f6276c34be285b50ac50009756ec1009c67e33078d470016d021c521e8b9e68ee8978810537ad8dc645986353bd8a5c8b31dec27e

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\QQ.png

Filesize
19KB

MD5
0aaa2bfec5c7365b313a9ee09f7fe021

SHA1
4a77efcdf621b39e1a6900989ca2f168dfd1860e

SHA256
4bf5ac2c8bdf8f548c07f5db9494f87e7d500fb2e8df9c6fb2fcdaacea5644b7

SHA512
6e0e071c929d42f5e8cd5515506386a4253d8babf2f51d45455741345f67ce575905571390c02ff98300c54cbe5f2f9bb2a3fb2a20c28795c1db4738ed2d62e2

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\SearchPage.png

Filesize
17KB

MD5
094629d32298b9ecd4ceb031cce9f76d

SHA1
746b96e16c2a3d32064010b1ea5ca4ca10178f68

SHA256
b3ee1501c5386f437fd232b03ea17ca3aaa4bc97077d089d0828f5f1187e4c2f

SHA512
bf8553e5c6a3c42c2da52341633f53895628115859cd466bb14c64ff25ba2ba8a30842aa85f70b72c1024d08faee335db51efa575a70485648cf527af49b816d

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\iexplore.png

Filesize
23KB

MD5
06a8e1ac974b8479f5096b593ca32d0a

SHA1
5f49e6c008ceaa2dcc141ed057170b4fb133de97

SHA256
4722e4294ae156fff774b8433a3b559862396ad4bce83fecf30c5980f88fd4bb

SHA512
5a7a9e6abea56852e697253e52120e99b296776250ea98ecf0a20b2061e71d51276cd7e977249d9116ce4794b37f4693473ca3c9a8b007d770e8e03bbf206b4b

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\jpgames.png

Filesize
11KB

MD5
e6711320e2015d3334085a0672876675

SHA1
c6c97cb0b40a3e7aca024299f07441be4bb524f9

SHA256
d9d208fd03ccfd807d17e1b630a91d5b719bb33f755b8bcced9beb2d6302e137

SHA512
49c9428a4a572b4ed9aaa05d1f899c02aa4e652705c488d2098de0f8ac2a0a90f06b567be167ec9853e0abe26b79fde15518f634f5a21eff4af2c7be796f99d3

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\jpxiaoshuo.png

Filesize
7KB

MD5
8aba6ca818fc9de944ece0c10c3088f1

SHA1
ac13202f1034d7ee109826268d63099effabdfcd

SHA256
70a22b32fa77b296f992f5697cbe19c5e7e20a0e1a3d6f6fd16855c8a27d983b

SHA512
43239110131b0fe4165b3da40fca4b9206628c10c9a0173a549faa7111ae276ae1a0cce8bd92798b0c5c43bd585632649e4bf46892628895c41b8fa145804c30

Download Submit
C:\Program Files (x86)\b1c5djpdesk\PicLib\System\taobao.png

Filesize
19KB

MD5
4ef62b2d453325973bd607adb8ac2e40

SHA1
b80ab7cc0cf58b62ad0a9c94849a891ad461c45f

SHA256
f414df48f1d76304b8473a5449ec50275d1734065eaa2204941e3a24381947f4

SHA512
51aefbd1d50c78af681a8aac06fe21bb323a45dc9435d7b9b66529d73a9725bcbf647f1f41922582f61cfc676246144b9e8af12d7a71ffa1f95f904d7b5a1688

Download Submit
C:\Program Files (x86)\b1c5djpdesk\Update\jpborder.exe

Filesize
627KB

MD5
7d19e6f730bcf70547ee1f3d3942de33

SHA1
49508ab3ec07b4fa8cd258d503226690efb77854

SHA256
61cce76a8e47bb8df52c60e19ff3a0db36aeb76cc5cedcdf18aaf2e44424f917

SHA512
d49f040e1be08c30b812e773b7bcafda6ee18265a8c9de5619ea5fff69b52d7e48975e1e87d6037c64faf108d77e97e4b1aeae69d526111432d8ed153bd3e06d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso95CC.tmp\nsWebJPDesk.dll

Filesize
303KB

MD5
064c5337ed2c6f123f5270d7dcec2a40

SHA1
51efbdc6f795510b84f6c0e3b9796f8720a55983

SHA256
e73b9d938fcccf600d3fa743965b7190f376c830091b05f828b052d1f439d389

SHA512
5c840dfcc346ddc1a4de2ada1ea311cf1ab049866ce9bcf02c9d20422a92f521e35413323d818393ba0b452499c394eadc39a94200afd35cd6fb1e143e11bd7f

Download Submit
C:\Users\Admin\AppData\Roaming\JPDesk\CurTheme.Theme

Filesize
976B

MD5
496e44fa89e96042c907d140368313fe

SHA1
85fa96d203b9c3f78dc73b34d66f4e756819044d

SHA256
4a361afae8923d404b8a6f8ad1646eae338cc5c54acbfc90e85f0fde6cf2f7f3

SHA512
8725c60617f30f07907189fb0964a2e5e5f9a028452e6fbb76abb2afd2bd4c5652f852f3bb9ef6c20869e2c0e0798a866d60d44fd34fd9a0067631f6c0aa1beb

Download Submit
C:\Users\Admin\AppData\Roaming\JPDesk\jpdesk.ini

Filesize
288B

MD5
869ed6f946bf70b2eb96503c404e277f

SHA1
8acdc3d543cb7368f9d4ffd0fdf3f357485838f0

SHA256
59a02ebf68b9cd9868064a08e991a34f70d938de8763055da9559d30ea03023a

SHA512
40c67c3470d5ee6812afe4aaee234f6528c2197b3e8cda23ed094df1aa688c75e8b86fd6392ab11af64bd78f941537f585649826b1f3443cde13f1347701f5ed

Download Submit
C:\Users\Admin\AppData\Roaming\jpdesk\mods.ini

Filesize
28B

MD5
3eafb2bb2de67cbb237ecc7403208906

SHA1
f7765fe98fb18984b7e2dc1240ff411183d69f1a

SHA256
a0b9ed6794a2ce0615f23f3e4032049f1473fe97b26e64e9dfb9fc3b0ad3152a

SHA512
82c307a32eb2ca967c0b5c3a141c2e895d8189358e4407f7f496cd53b78755abbcdc81d97447904a1d17bfc88ef4834275638d59637dadb7d0b83117604cd7ac

Download Submit
\Program Files (x86)\b1c5djpdesk\jpdesk.exe

Filesize
903KB

MD5
fd11f6fe68c6a543576fd06e9258b359

SHA1
df92e8b8f6e1e16f00667387f249c1f6b9cc8892

SHA256
a5e2d6c7db54bc2e15ff5b7bd0f0bf4c416b842fdd2a609e5d85b67b9650c686

SHA512
4480373c91cc23174c08852cdbabbb0cca10b938c9c1ae73dae775bf83dd8977f65fc54955fe593dc32bede246002c310d32bad33a21c183c212ff0092ff6c2d

Download Submit
\Users\Admin\AppData\Local\Temp\nso95CC.tmp\KillProcDLL.dll

Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nso95CC.tmp\NSISdl.dll

Filesize
14KB

MD5
254f13dfd61c5b7d2119eb2550491e1d

SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6

SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

Download Submit
memory/1656-124-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1656-77-0x0000000000380000-0x0000000000390000-memory.dmp

Filesize
64KB

Download
memory/1656-126-0x00000000035C0000-0x00000000038DD000-memory.dmp

Filesize
3.1MB

Download
memory/1656-0-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1656-72-0x0000000000380000-0x0000000000390000-memory.dmp

Filesize
64KB

Download
memory/2524-307-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-310-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-303-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-305-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2524-304-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-306-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-127-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-308-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-309-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-129-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2524-311-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-312-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-313-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-314-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-315-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-316-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-317-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2524-318-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download