dfee64d57c80cbe466ff2dac34fdacb2fc12e9956ab607169d310aa78edc66c2

Analysis

max time kernel
146s
max time network
130s
platform
windows10_x64
resource
win10-en-20210920
submitted
26-09-2021 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jkpdfjmkbtp007.exe
Size

92.0MB
MD5

aa420131ec9d014cbee50b5c2165862e
SHA1

b659fd3e31e93c6238cfaebf6ddbe40af4ab73d9
SHA256

dfee64d57c80cbe466ff2dac34fdacb2fc12e9956ab607169d310aa78edc66c2
SHA512

4a265d4f3d2acef52fea1d3910bdbb74f86e6f7863d116bd8d8787c5aabb7bb151da12c6e638e8da66f756434446709f11db1810e1420e955ab0f5f98a9e6e00

Score

10^/10

discovery persistence spyware stealer

Malware Config

Signatures

Modifies system executable filetype association 2 TTPs 10 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

JiKeHcores.exeJiKeHcores.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\JiKePDFReader	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\JiKePDFReader	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex	JiKeHcores.exe

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Executes dropped EXE 6 IoCs

Processes:

JiKeHcores.exeJiKeSteor.exeJiKeHcores.exeJiKeHcores.exeJiKeHcores.exeJiKeSoftUpd.exe

pid process

2716 JiKeHcores.exe
1664 JiKeSteor.exe
2376 JiKeHcores.exe
1616 JiKeHcores.exe
2096 JiKeHcores.exe
3936 JiKeSoftUpd.exe
Loads dropped DLL 2 IoCs

Processes:

JiKeHcores.exeJiKeSteor.exe

pid process

2716 JiKeHcores.exe
1664 JiKeSteor.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2716	JiKeHcores.exe
1664	JiKeSteor.exe
2376	JiKeHcores.exe
1616	JiKeHcores.exe
2096	JiKeHcores.exe
3936	JiKeSoftUpd.exe

pid	process
2716	JiKeHcores.exe
1664	JiKeSteor.exe

Drops file in System32 directory 6 IoCs

Processes:

JiKeSteor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\0bf3967fbb433682f55752c9633bd8aa[1].ded	JiKeSteor.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	JiKeSteor.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	JiKeSteor.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	JiKeSteor.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	JiKeSteor.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	JiKeSteor.exe

Drops file in Program Files directory 64 IoCs

Processes:

jkpdfjmkbtp007.exeJiKeHcores.exeJiKeHcores.exe

description	ioc	process
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-handle-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-processthreads-l1-1-1.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-string-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\msvcr100.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JkRtron.exe	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\pvt.cppan.demo.webp-0.6.1.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-file-l1-2-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-interlocked-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-sysinfo-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-timezone-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-locale-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\jkpipe.dll	jkpdfjmkbtp007.exe
File opened for modification	C:\Program Files (x86)\Common Files\JiKePDFReader\JiKePDFReader.ini	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JikeFmor.efx	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JiKeBbcor.dll	jkpdfjmkbtp007.exe
File opened for modification	C:\Program Files (x86)\JiKePDF2\JiKePDFReader.ini	JiKeHcores.exe
File created	C:\Program Files (x86)\JiKePDF2\JikeSnr.erf	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JiKeIterh.exe	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-synch-l1-2-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JiKeExtern64.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\Aspose.Cells.xml	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-file-l2-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\pvt.cppan.demo.jpeg-9.2.0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-runtime-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-utility-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JiKeMoint.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\tesseract41.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\JikePDFConverter.ini	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\JKCvtCtxMenu64.dll.aee	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\PDFCore.dll.config	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JiKeSteor.exe	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-profile-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\AsposeCOM.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\PDFCore.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\pvt.cppan.demo.madler.zlib-1.2.11.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-datetime-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-errorhandling-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-filesystem-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JiKeBbcor64.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\JkNorac.dll	jkpdfjmkbtp007.exe
File opened for modification	C:\Program Files (x86)\JiKePDF2\JiKePDFReader.ini	JiKeHcores.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\Aspose.PDF.xml	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-heap-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-util-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\PDFOcr.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\pvt.cppan.demo.openjpeg.openjp2-2.3.0.dll	jkpdfjmkbtp007.exe
File opened for modification	C:\Program Files (x86)\Common Files\JiKePDFReader\JiKePDFReader.ini	JiKeHcores.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\Newtonsoft.Json.xml	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\PdfCore.exe.config	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\tesseract.exe	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\tessdata\chi_sim_vert.traineddata	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\Newtonsoft.Json.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\JikePDFConverter\JikePDFConverter.ini	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\Aspose.Words.tlb	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\LocalStorage\http_pdfft.zsincer.com.localstorage	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\JKCovUtl.exe	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-namedpipe-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\Aspose.PDF.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\Aspose.Words.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\node.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\pvt.cppan.demo.danbloomberg.leptonica-1.78.0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-processenvironment-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-synch-l1-1-0.dll	jkpdfjmkbtp007.exe
File created	C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-time-l1-1-0.dll	jkpdfjmkbtp007.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 43 IoCs

Processes:

JiKeSteor.exeJiKeHcores.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\.pdf\ = "JiKePDFReader.pdf"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shell\open\command\ = "\"C:\\Program Files (x86)\\JiKePDF2\\JiKepdf.exe\" \"%1\""	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shellex\ContextMenuHandlers\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shellex\ContextMenuHandlers	JiKeSteor.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithProgids\JiKePDFReader.pdf = "0"	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice\Hash = "nG5zEwYNdq0="	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithProgids	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\JiKePDFReader\JiKeApp	JiKeHcores.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Classes\.pdf\OpenWithProgids\JiKePDFReader.pdf = "0"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shell\open\command	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shell\open	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shellex\DropHandler\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\JiKePDFReader\JiKeApp\CfgPath = "C:\\Users\\Admin\\AppData\\LocalLow\\JiKePDFReader\\"	JiKeHcores.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shellex\ContextMenuHandlers\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}\	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice\ProgId = "JiKePDFReader.pdf"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shellex	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	JiKeSteor.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\.pdf	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	JiKeSteor.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	JiKeSteor.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\.pdf\OpenWithProgids	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shell	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\JiKePDFReader	JiKeHcores.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\JiKePDFReader\JiKeApp\UsrPath = "C:\\Users\\Admin\\AppData\\LocalLow\\JiKePDFReader.users\\"	JiKeHcores.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\DefaultIcon	JiKeSteor.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\DefaultIcon\ = "\"C:\\Program Files (x86)\\JiKePDF2\\JiKepdf.exe\",2"	JiKeSteor.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\JiKePDFReader.pdf\shellex\DropHandler	JiKeSteor.exe

Modifies registry class 64 IoCs

Processes:

JiKeHcores.exeJiKeHcores.exeJiKeSteor.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\Version	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\JiKePDFReader	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\JiKePDF2\\"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}\InprocServer32	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\ = "JiKePDF_Extern Class"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0	JiKeHcores.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\shellex\ContextMenuHandlers	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf	JiKeSteor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\JiKePDF_Extern\ = "{7A85B249-E368-4A32-8349-E981244BD9E1}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\shell\open\command	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\JiKePDF_Extern	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\0\win32	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\0\win32\ = "C:\\Program Files (x86)\\JiKePDF2\\JiKeExtern.dll"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\0\win32	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\0\win64	JiKeHcores.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\shellex	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\Programmable	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\TypeLib	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}\InprocServer32\ThreadingModel = "Apartment"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\HELPDIR	JiKeHcores.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\.pdf\JiKePDFReaderBackup = "AcroExch.Document.DC"	JiKeHcores.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\.pdf\ = "JiKePDFReader.pdf"	JiKeHcores.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\shellex\ContextMenuHandlers\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\ = "JiKePDF_Extern Class"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\InprocServer32\ThreadingModel = "Apartment"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\InprocServer32	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}\InprocServer32\ThreadingModel = "Apartment"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\InprocServer32\ = "C:\\Program Files (x86)\\JiKePDF2\\JiKeExtern64.dll"	JiKeHcores.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\DefaultIcon\ = "\"C:\\Program Files (x86)\\JiKePDF2\\JiKepdf.exe\",2"	JiKeHcores.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\shellex\DropHandler\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}\ = "JiKePDF_Shell"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\0\win64	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\TypeLib	JiKeHcores.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\shellex\DropHandler	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\FLAGS	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\JiKePDFReader	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}\1.0\FLAGS	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\InprocServer32\ = "C:\\Program Files (x86)\\JiKePDF2\\JiKeExtern64.dll"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\JiKePDFReader.pdf\shell	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\JiKePDFReader	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A85B249-E368-4A32-8349-E981244BD9E1}\TypeLib\ = "{A0818256-7248-4703-9AFF-1CC147050DFD}"	JiKeHcores.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A0818256-7248-4703-9AFF-1CC147050DFD}	JiKeHcores.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\JiKePDFReader\ = "{08FEFE51-90C0-4599-8F8D-8C3D94C96A14}"	JiKeHcores.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

jkpdfjmkbtp007.exeJiKeHcores.exeJiKeSteor.exe

pid	process
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2492	jkpdfjmkbtp007.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
2716	JiKeHcores.exe
1664	JiKeSteor.exe
1664	JiKeSteor.exe
1664	JiKeSteor.exe
1664	JiKeSteor.exe
1664	JiKeSteor.exe
1664	JiKeSteor.exe
1664	JiKeSteor.exe
1664	JiKeSteor.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

jkpdfjmkbtp007.exeJiKeSteor.exe

description	pid	process	target process
PID 2492 wrote to memory of 2716	2492	jkpdfjmkbtp007.exe	JiKeHcores.exe
PID 2492 wrote to memory of 2716	2492	jkpdfjmkbtp007.exe	JiKeHcores.exe
PID 2492 wrote to memory of 2716	2492	jkpdfjmkbtp007.exe	JiKeHcores.exe
PID 1664 wrote to memory of 2376	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 2376	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 2376	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 1616	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 1616	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 1616	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 2096	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 2096	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 2096	1664	JiKeSteor.exe	JiKeHcores.exe
PID 1664 wrote to memory of 3936	1664	JiKeSteor.exe	JiKeSoftUpd.exe
PID 1664 wrote to memory of 3936	1664	JiKeSteor.exe	JiKeSoftUpd.exe
PID 1664 wrote to memory of 3936	1664	JiKeSteor.exe	JiKeSoftUpd.exe

C:\Users\Admin\AppData\Local\Temp\jkpdfjmkbtp007.exe
"C:\Users\Admin\AppData\Local\Temp\jkpdfjmkbtp007.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe
  "C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe" 690 --3de4=jkpdfjmkbtp007210926
  2⤵
  - Modifies system executable filetype association
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2716

C:\Program Files (x86)\JiKePDF2\JiKeSteor.exe
"C:\Program Files (x86)\JiKePDF2\JiKeSteor.exe" de9
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe
  "C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe" a29 --9d76=0
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe
  "C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe" c60 --9d76=0
  2⤵
  - Modifies system executable filetype association
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:1616
- C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe
  "C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe" a90
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Program Files (x86)\JiKePDF2\JiKeSoftUpd.exe
  "C:\Program Files (x86)\JiKePDF2\JiKeSoftUpd.exe" cdd
  2⤵
  - Executes dropped EXE
  PID:3936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\JiKePDFReader\JiKePDFReader.ini

MD5
932d84829b0f31b2c72fda586ae782ad

SHA1
f6f8a1fd2cec97fba8254e2ace022bdcc2011dfc

SHA256
1b082bc8dcdc9d8e6d714e1850a05b6f55efc9c7dcfbc1726bc56a7c78c493c0

SHA512
c46ce305da2a3057177bece339f2ff15dc547ade983e9131c7ffe0fb799044f5885d5735bdcd6d617b17e791baa32f26523b7dcbc5da14531e365a81f6033042

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeAss.dll

MD5
752537093cbcb4d9ffb4788bcbe93415

SHA1
bc9114326639f1955209c9f61a6784796ffc2236

SHA256
ba0efc5a4fae18952cadac831b2288cc47edd4e169e586426df9bb8b4c474b46

SHA512
387a2c8aabd036098d0559124747bbd5f974853e84b747ab9e977f4f0029506e0602b9c7a933dff623c211e7814817064c65ca6c180a938cee861ceeaabc769b

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeBbcor.dll

MD5
55a386328643819f4a8941e59c36b700

SHA1
93cdfa8d0e6a5e5a5a45be26588233b2f81649b9

SHA256
478bfaf368559d7225eb3217458183d169cb80ca11a7573363a6d15a907211c8

SHA512
0802385720f0ffa8ecd8498cbc9333e53cae1416987801ef193853f8917f080d1694e5a01017da6e8c38a8a0fd42ccdeea3ed526eead3bb2208d9fcc2089d217

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeBbcor64.dll

MD5
4d07d5af65bc050970706df882beca72

SHA1
9aeb221d4fb0bf59f106d0186375259c1274b2bb

SHA256
14758c436c68a8507e894cfe6915d5d2d4673f1de7c061c86042b5af0172c331

SHA512
66ab7f94c86e7864c43d3dd8bb4e8192fe802580ab88e318bc26bace52c311239b446fb4c9003b6e6c68b0012429c2daf4ef8cd710a5ae166898e2068cfb662d

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeExtern.dll

MD5
6bf422766fbab810396b4ee21b8f4efd

SHA1
abd421e247974e3608e7edd659e7c4bdb58837ff

SHA256
f4000ea0b035d45ce837491a7740dfe73b49965a5ba1fc6c2a6fabed397f35af

SHA512
c5da6833166b9036b064bf21d74adad2574577b7646cb4308a01099a14ae566c5eb16e97d18d5c73e5ce362e1963e4b430d5e3de428c672b720188779d2a4fb3

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeExtern64.dll

MD5
8abdcd1996c033918a174479b52306d4

SHA1
56ab03ae1c269455170fee485d0a1a8863012d89

SHA256
a615b3b4275ea0aaac790d682db476eacea79ab46bbf661eb63056812ca77b0a

SHA512
5cc084bfcc17c81ec4170a36e5d63479166078f7d68d7340bb7ba4e475f4a6a1101411c275bf3bc3df7d9c2fa295404416c0c222aa84b1e446cbed13e65a5ce2

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe

MD5
afb5255c72aea47f88e773513077088c

SHA1
2d230076bfab493bf42ca37997e65f57d5fb5396

SHA256
b3eb2b484d8ea796dc138e367d6d6004d638fbba53f06525b4745283e9559bd6

SHA512
e02f12d5cdb4b17095836a6a1fff19708d029b98c1930a14739eaa886c0d13875e85baea86628291a4686accc0ba606d54d8fdff6f18f043d601a8d3d70167a2

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeHcores.exe

MD5
afb5255c72aea47f88e773513077088c

SHA1
2d230076bfab493bf42ca37997e65f57d5fb5396

SHA256
b3eb2b484d8ea796dc138e367d6d6004d638fbba53f06525b4745283e9559bd6

SHA512
e02f12d5cdb4b17095836a6a1fff19708d029b98c1930a14739eaa886c0d13875e85baea86628291a4686accc0ba606d54d8fdff6f18f043d601a8d3d70167a2

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeIterh.exe

MD5
589e55e5cb70ccec53318b9e237995d2

SHA1
7fee2d7587e51cf173e28d13fa38c56c43d82aa6

SHA256
4b6455eec58d3e86f9bf519f9cc079b255c535a4486e2e266a01644ea5a9df9b

SHA512
74ab423b18dcd602ad304886fc26ce4bb0ef881949da0eb824588f4c692c5aa293c5b8847ffd6b1186ae64dd1e60b59a47be367f93ad3c577e841560094567cb

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeKernel.dll

MD5
03871f7662059127ffee5fa196e31964

SHA1
a05b5cde22599739783823496096512c0b00c9f7

SHA256
30df69c0897d6ff88f232704c13458eeafb033daac85ed27d59f37077f7e0e5e

SHA512
6a0c77155f0828eac9e651e7efe6b54c27b39d59195f29019b89d5a72fe820db603b5f7bb13cdb45f2acfbf1234d3232454030608a0fb0f6929ae0c1a86a37f0

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeMoint.dll

MD5
e059c6429cc5a990c0ee682506a5c843

SHA1
172e70da63f6a7a342f2a80717e999607fea05de

SHA256
5be44b3766e91a414e2d4f3e2f419bde27dd71028b5eea5feadf8fa4f62bee61

SHA512
6c7db83dc7003d1123867e06cd39e5c8dada73a27350aade83db558b05da4ca4a1407c4a3d9fbfdef17ddb8cf81cf96eaf0ce083b47dac96ca43cf898f6d53eb

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeMoint64.dll

MD5
36ab586ba1d843b85cb660727e53cbe9

SHA1
28208ac07db973b91f978148eb63167c2ae02abd

SHA256
26bd43a63f4ad484157c25d560b2938e622cc22e6a6c9c250b5df531db4ab963

SHA512
7808bb28e64bd465495fa38e86eacf918d37456569f9ff875438cc75f74be35102d3ebcf19abcf8e5fd8045d5c0acda92009261443f87bb1a87f54929d4e4acb

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeMrong.exe

MD5
b6c19c555de6abb765ded6e44cd9cd22

SHA1
70586cf0f90bf3be85f790b408d4a0e908157de4

SHA256
0145f338536bb0cb4229033d7ad46cb4772e1faf85fb76c8114234711dae5343

SHA512
363e9503cfd41d6ea86bba44615e8d96ba597746401534532f13bb6acc6fd74ff37cd07f85820d53e88bcb18d847a27d1733353a0789786c317eb29b89f1f1f4

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKePDFReader.ini

MD5
88e10a7826f09b5de99c24e2a33f613d

SHA1
379ae71e4bfb16b17b6ded095b53ef1d4d55a182

SHA256
7d5c069e6fe2047df1bf40021f3e2142c867d0dcf3306527613f2eb0c3881eaa

SHA512
47546881a070a96558bdb19234389f9fff522ee0fd8c1f21c4b75c1f35a220941b843c4e7c1dffeeb9f52211e6e010c98d11ee3569269e02d288caa60969812e

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKePcors.exe

MD5
b3f53f1197b9f22b7ef49a1a156ac42c

SHA1
1bd70ff0c0e20d4ecbf9a2d060251c8267e168e0

SHA256
e8cdef5a2b95931c225314076d12bb0ef1c4a4f0dff2bf32fdcfef90698abe13

SHA512
1ea3243b164a203be41c51ca17aafb289f23fbd600208923a1053894ea493b0b6b8a5cf83121a90b1ebced001c6964760750b9d3c9c0f6eb3a70eafe725fd6f3

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeSoftUpd.exe

MD5
e56c57d7089bfcdd1a26a0584163edda

SHA1
6d8f8ef6acea9c725b44d25525420dbe72cd6a10

SHA256
fc5dc85183ecb2727398911cc7093a54e8846e103abe3438a13d57c092de8363

SHA512
34373ad11c4fafcf189b3e4b8e5226dd29086929d8178a0dc64023b3387cfd66822980ce528ef3f84804e6340c1ea4e35049b408490d5edaa1f3fe64774b249b

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeSping.exe

MD5
ce2763b300b838b957cfc4dde10703d7

SHA1
8a1234cbbdb89b645bce7b53a3547ba2e3cc42b9

SHA256
1efe1481f32d68c35315e3bd7cff5ea40d7dec138de98be68d723eef52ea0bb1

SHA512
34eb36fb2394dbe432d43fada7303ebc58e0654b301c120b895bd36660418ef66bbbc9520ba8b0242c359224fe129d850a8fee9d36d6828279b5fc8b666ad1e4

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeSteor.exe

MD5
aa75ed9c2cc77694c81317ae61256c86

SHA1
8f98688fd87ad63ab5e2ef126039bf2348b70b2f

SHA256
fd519630f32d1220b79685a4a2c37b6443ada0c639fa76a9b5014861fd6c88dc

SHA512
9f1250f36623cd12f972df10a43df86e9e7cf32ee6993ea27629a26d52bc10a69f241931a2ef53b97384db5bbf1a03303f88041bfa0e4fd32632ee7b26f79647

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeUctrds.exe

MD5
8dcd899f445e73fa054162b9483d679b

SHA1
c4a0e218575dd9c23beef2814f8a05af4986b632

SHA256
81482c676a6072f83e0d8a139543d6e6f5eaede87d705cc28787620df9234596

SHA512
c9b4585e6e338530d0f9fe5523d20330460bd69bdd259d22b37eb206e931089d89c83f40872fa325f3dfe9f533d7c8546646ec66dfdef50014f7fd58923e7fe1

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKeUninst.exe

MD5
1cbcebe569174b18e6a7d3580f53938c

SHA1
04afe6cb87b0b681ebd324a4d8b8dc3a44a444ec

SHA256
6a5f438c28553a316a2a0d85dee0b6f52d111f670c423808f732f21d6eb466a5

SHA512
c491be0446c34d5bb6d4aabb69f738f70b4b0f61acb0f4c5ff8da705bc751bf93e01f18c2d68071d418c35c6eba08b266baeca410276771570434bc174b3f2f6

Download Submit
C:\Program Files (x86)\JiKePDF2\JiKepdf.exe

MD5
0c9b1a5922d22ab311a1c78e3211b272

SHA1
7c25ccd5e5fc46100398c9fe20ddc466d6dd2b9f

SHA256
6b640cadbfc89f5c709668e7e2d324c7e6fa7288856dd95a77b7093fb65d9c60

SHA512
2c8c20302d980250ec0faade8f2368b551a107420b143e2fbbd0e7fdd245a0efaea13fd5380253d67e2f45c8a0c0d0cf2b810b3afc1a35744bac04b821e63fdf

Download Submit
C:\Program Files (x86)\JiKePDF2\JikeFmor.efx

MD5
c83b553fe4eb2025ad003278f426d9b8

SHA1
c1b0f87acb28df6f61e12900eab5b5de34b13f48

SHA256
8c48e6209677f88ad654f3a46b33c3d6631979eeea69039bd7a38c7c383bfbf2

SHA512
5949a892246b4acb0c9b85a1c8961210f16ba8aed18a3c470f45de0e076a25fe5af6ee1dd8fd059769b6e260958ec0642b7cfcd8bb5c37022944d8fb8e469c17

Download Submit
C:\Program Files (x86)\JiKePDF2\JikeFnur.efx

MD5
c0a73d3b5aac58b3633eaf86663cb994

SHA1
297b5742c5c67321b14dee34f96a4dd8060c24b5

SHA256
4876bea4e97aaf573700e5469409a459632b8fe85ed8a6afd0a02e6d64e1ebd9

SHA512
67a47aa0c3e4ee7d279f90beb7d2bc38369d9fcd4efe62885c0ef3af9f5fd3e06bb99959058b47abc70259f67f4f856d4d7b22e0f0ec398e85af3e8b3c02dbea

Download Submit
C:\Program Files (x86)\JiKePDF2\JikeSnr.erf

MD5
7aa2cf26e4df8b2b602d4f1fcc77f5f6

SHA1
2fa34a51c7e23fd3ebc7d865efae4b6c9afcbd2c

SHA256
04619a60120f859c776216a2826977a64d685f788639786066e4c4e6621084d9

SHA512
45313f965650c3d3702d165b1f55423da1ac5b8eb1a38ba1257eb6c7b6ebb35a99fda93d3f47e8b18fbb2d4834978a3bc087bee0fbb8f5b5aa6df46f02db938f

Download Submit
C:\Program Files (x86)\JiKePDF2\JkNorac.dll

MD5
76d53c83626c77626a6c661d91fbc1f3

SHA1
7c4f1c4348f6e12e1e19bdb8b648a3e010b328a4

SHA256
0bf7f2f04d151c050905944d19e9b0eb57739d94e6009173c367ec50ec02f355

SHA512
45c0329031591ad0ef41c3be8360b22cfccec5e0f59bd714f3a62dde3f56eb197af15c056c27fa7d8e43babe7d0038068a9b726676a161eee93495ab42230716

Download Submit
C:\Program Files (x86)\JiKePDF2\JkRtron.exe

MD5
a1913bdf699add3061bcb7fc2919dba1

SHA1
bf9db31e4ed8b472e2305c720ddca1d524aa345c

SHA256
39979b4545296272f8658f0e7231a98917d536b817d23f81960594a3ef17b4f8

SHA512
f57a5687f38ae9e9bc5d1f41e6cbd27780e49d6842f1ef28c6d85cd3a6526472d9da0691708561b1224f63c44c066a701e0889bab4ebd1256abea79ac65247c5

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-console-l1-1-0.dll

MD5
7e904179afcc1b02cc0e9bcd2944ba64

SHA1
f91325669a584c47701499e63a956d5ad3d9c97a

SHA256
62c5f45158a3bc654437ad213be105225b10ebdb1e669deab1da41c7872d0e83

SHA512
891b43858c9fe591b9697ff6cac82852da63d3877834cdf8ca57e0e1251fefdf28e4f8297336dfef2e012f7ef8cef8a33b446141ff255ecc09549fe6dd0d4b49

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-datetime-l1-1-0.dll

MD5
f681ff4f399b175ccd82773891e4c737

SHA1
1886940aebe778cbee4ff197255bd53a804e711b

SHA256
7c4d2607087bbbc381f79864ad669903049132d559de5796b1cda50d18e2f101

SHA512
8d73f9ddb5136e837c2c1f15f81db83c0854f087a2abe158324733819acd48055e7cddeb0ce6013c85a944908b25dceab7d771f78636634f1be2002fcfc76105

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-debug-l1-1-0.dll

MD5
c8aa8578848c8b4c80e897f39647a396

SHA1
d10f9c7342441ff7fa044fe0c47eb1ee68d4d0cd

SHA256
8cd3367b62e2066644686781ddab6c6f36e43b627456c70a551f3735d81867c8

SHA512
2f7a52e223dadb5cb0889b4bb58bd8d1540bf87f6886aa469120bd51233da67d1c8b9ad9b660a23169e0e1bfd9db51528837cf870b2df90f83a58b74896d7779

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-errorhandling-l1-1-0.dll

MD5
ddd776f3165dbf79548622544c6f3301

SHA1
d364ef050cdd9d5b84c2f97b3e414a449b04ad9b

SHA256
ceac31174d939c8cd2a30eba7eabf6dd598a0185484bbb6e3f20b8ae90d85b9b

SHA512
61fc0fad9f63bf4f9c85d8ce867dd7997f5b104a0b83ba782475af498947a84be9cec4ba7d29e6d381299a2ab403df8d20c6da550304a26a6333bc0d88ba0b5e

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-file-l1-1-0.dll

MD5
9e0166e3e6b6c8240a37edbc577c5575

SHA1
94d0909b062919d44fed056a56024484836c56d9

SHA256
8aa93d6b84274a1d2a61fd0901207c9366216ce3f211445f1a788288127916c0

SHA512
4aea630271d07cda996e2daeec461093cf8fb15da33bc692974261953a809fe24f426df4b74fd3fb64248c39f785c0ec932c5df296646d434a47643dad157d5f

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-file-l1-2-0.dll

MD5
400515209e1610a3b88a54432cf2d89c

SHA1
a3929cd1893b11415bfb2cd17bfef3f059a63e45

SHA256
0c581dc123cbd67362e88dafb4c1a59ebb008acb43b04ce7b85384c6a2c7bf8d

SHA512
8a6a21e1daa9e353f92df1470bef162e06d15356738ac26f841bd38affb6f186bce0fbb4fa6255c6068910f12ae4e59f56fd24e83fbfe00221b344db70e8a59a

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-file-l2-1-0.dll

MD5
45f743ce0dec364dde9d022781bb7d31

SHA1
58a2f7b03eca15151241b3fddf819b9ee805fc4a

SHA256
270545a7e37eae0163be0b17a0b8764e67dca885497da976c213f282e87e30be

SHA512
220e7fa96d9d054128448d89726d21b8a2bfa0fa994c04f2620d2e4540c2aa2deb1c1494d9a049284caab67991153d0b285f40995b0aa395f6d08125ae74ffab

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-handle-l1-1-0.dll

MD5
3ec2c0ccdb286d8285e5b9c6e810a619

SHA1
23cb177ca3c8ab588a4ff3ff0a2f8a4fe96ba27f

SHA256
8dce1063169505f0a6b1759916c137efb770ba0b10a1816ea43f25ecea1a70b5

SHA512
9628a32eea1c5a65514ac8e757d81e757df0be848fe73e63fab4b7343d7e44319b26a349f655bddcbe7fb9d62717ad97255e9c92668b05aacc171bee159902f0

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-heap-l1-1-0.dll

MD5
57110ef9a54eb6809df847442dc48ac0

SHA1
17db2b805f8087c0ac40a0bf3300cb80d01a399a

SHA256
72d89d753e733feee1d38b0ab8a70d1db14a35391237185d81e4a0e6cb9a0612

SHA512
0e825d5f546b62b69278bd40e58d6cb0124ba0b60e175dff9b919f00be9e879b108554905fd5d46b5aa1a16aac689ef22c649e425b4870d132b22cd9b8b56693

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-interlocked-l1-1-0.dll

MD5
446b40c7129ed1a51b7954c56d6ecf44

SHA1
35de979308ffc27aed1df1a44bf24203d331c2b9

SHA256
feea70d2a092db6e7e594bd8bf90604daecc37098d3f3e370e7b6d5ce9e63c88

SHA512
0063747ef5a9cae0cf112153c0ed1e0ad72233274592afd429019a725e7db89f5bc67632729d2a644563c04e75f932634e199ebe57d3b3e06e078d23fa0f84ab

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-libraryloader-l1-1-0.dll

MD5
fa6fefd941b20423b5756219f969aa19

SHA1
7d3971dfdf492e4aa5b33e6ea0a16ed07632ee6c

SHA256
a0928bdf2c6841690f17ef480df6d4496eee2b84172ca0d7e54c4343a4a09d07

SHA512
cb329930b374de04b5d4b25702443eeba8ff4eceb97685e9c355f5a5bf99c750f4c70163ebbc7e2909dc40555b77c3c6572b692ef3230cc122f5a3dbabb847d7

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-localization-l1-2-0.dll

MD5
845bea43cf7b50dc3088bfbd04a45f5e

SHA1
eeee23849c01d0b309b872eb48fc127e1f8d349a

SHA256
26b32cfca2ef35e35b50223e16f5977f4921777688d2eb6567c7487ce8becaf2

SHA512
0f9b91abe8f6941dc0b44bc507c73596d026621ac4580fa6d66a02b5d474e3578643a6d2a6c1675ef3822787de643d3612bd34f401631bcfcf144a5b3d540d43

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-memory-l1-1-0.dll

MD5
c450fad67f46ae705fb28eaff079e1a0

SHA1
35bf22d03dc1c9cce2a48da9d54686c631488a2a

SHA256
23a1d657079a93b216ff0658b2e7c236465aa24b41000bd0df9b52ba7075ced6

SHA512
c3ce911513f381de367ceb4304bcd869c882952e73ffb6d916740fdb9a5a70b34c0d24f087e932f30839bbe6ec70d0d760c2e3233731c4468d2e6115613215d2

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-namedpipe-l1-1-0.dll

MD5
81f7bd3683b251329d51a1ac210b558b

SHA1
e3ecbc0dc45da9883dbc666dbeda30cb7905a3d9

SHA256
91e564cbaac060c0c95348605cf39985627e0da7a1ab0333c7cdcea06e38dff5

SHA512
15372113194d953dcee0ee86ee881b21e260cb17ebbb822db41d3660a8e30bc06d4e04681f22836c1d348c59804ed0132d18ddfd7edee64d1636afeddae197c4

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-processenvironment-l1-1-0.dll

MD5
f70f2eac45b1d3f3300281f4da6eb279

SHA1
0e410267595511f304aaf21be3ca1308077d2b4f

SHA256
cba8aa70411c8e3371d746fb1e90dd9567cb7d5559254f0486b2060148fb3da9

SHA512
60a3f5a60c1ffe41afa9322557e2a811eaca1a2790ca8e280b572847e88567d5713793b656080d38c751a4e2e9c9dba8059a099e348ab3f0a80336e0c3526ddc

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-processthreads-l1-1-0.dll

MD5
05aaecfba5258c91f125fa737f9d434d

SHA1
3fcc825f9a3c20faecaa849618618666b70626b7

SHA256
7808ae2ff4acb72c2b07dafa279edc61be614adc37b13ceda6e4bcd1c9c7c25a

SHA512
6f99608140491ceef6575b600fe09f71a3f6322c0151083b641fb9e6586cb94c46e3cb38aa374becff7a91398105e586a26ad8c3ba31b2df6a39df3bb072c2c7

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-processthreads-l1-1-1.dll

MD5
c7f1d221773174617749434fe2dd7fb5

SHA1
da264f360503555e4ac6b1a62ff93f89ed18611e

SHA256
189c3b1a6023f52cda2e966b13b4f85b4e70994c940b3a9f395ba053ec1ff4a8

SHA512
709d16e4d7598bae027c0484be8a39f64c8990b44dc293502b3efc57b2e97b2ce668c95451c665cdaca3d3bbd71ac1522f966f3fe63b321c85c7dceca46fdb8b

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-profile-l1-1-0.dll

MD5
4e52568434ba49312df946b540f62074

SHA1
ca4cd04c85468eab825ed903811d7fe61969ec0a

SHA256
25520d24064e57938db20bd4495e377e059b47677de098cae83f17ab7ccf8671

SHA512
66ee410b649373ee7c4c329bcd61c5de02dd61fa2f4dce9049cc12272ada1e2bf337d9968e4cb447510c7c27ddb292cab52f235d54c0937e81caf1af3e4ba60a

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5
c616498406235b6f89484938015e8e28

SHA1
ea0b4cdb8d19e19ecead6530d7fe00b08e8def9d

SHA256
784e47d3ff2844108e287809bc5d17ff370b2172be52b2800c52af2e32f9369a

SHA512
7d8a3db7dab591edb062fe08acefa51ffd9a234194520f01d453ab3efa57178efb1a958b31f5c5b62f2879f17fc5802fc3bf55b803dfbda6a3e0c70d1e4ab88f

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-string-l1-1-0.dll

MD5
22c10881a76ec9ff9adf743b57ba6019

SHA1
ea070a2c02847b018ffe8217467d5b953b68aa0b

SHA256
9609961f24d4f9c776e9069f0ee56f3f4bffb68ffbff442050ffccb70503c45a

SHA512
fea37dc8c570e80a065974b8b2ee59281bf5d6aeb6dfece55f61f23580a7707dfa756c1ceb798baabaf6da63d1e602654e6556c486f14250db024e7cb401cdc4

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-synch-l1-1-0.dll

MD5
260ce6593850586dc991e2335cbc1309

SHA1
b6253543be28177e534ffb1676399ea1a2e9e5e9

SHA256
dff1c97e1ec4b4739c0856de2f524f10cd2ded052bf116b9cb07bac651366d4d

SHA512
5bfac7c69b18ea1f7d8da4c951b8b507340af798ca4fddf3080949fa3d179ac5bbd11ca112a39df466228cdafee4377e8735562afd0ef620af41bd7d8f6947e5

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-synch-l1-2-0.dll

MD5
0f61da055382b4235759057184044b43

SHA1
ba26a72aeacd1bcb87767e1ca3094f73a0b4d673

SHA256
94331ff85ead29c3fc6e8e88bca5f4e5029f129020d52d7c7a5aad14aaa88e2f

SHA512
66aaf0cd85b136573f63f145f9b5d14aab2559d243010849750884afa8e4cc1bb779e57d205dc567707c75d106fb03a269c9cb529f5cd16b2b719c6a8aa2aac1

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-sysinfo-l1-1-0.dll

MD5
f653b23f04c95c58b0e65abdb4ade1f5

SHA1
e6175eec91325131d455df0d48af64170f556f3a

SHA256
49bf5df8872dda012a988b4d4a623ffb227b0e7c8e50a78ed4afda54c5710045

SHA512
f63fa445b9d58400bb5445f63c89eb3b7f08cf3663832c8665e932b6e0f3b592ac46547426da3f3e7ffe630b990e0e14a72821e55a654b9523e520c4b8605fa3

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-timezone-l1-1-0.dll

MD5
cd0288287c6e1defa723a04af39aa46a

SHA1
cc71a9e0d87047b7c6da5bb28aad7527b2b9c2d4

SHA256
006b1e7d72a903697fcd07cdb3fd3402d5bdedd316e43bebfaeed2a2e482748a

SHA512
51dbdf4fd7b384b12a2ff8dcd79c61b5872271c2201c36aa42dbcaba613d81a7d24e8fcae1d87b19b5d50274eac565d536c7765c3983f4cceb59322d88dded1d

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-core-util-l1-1-0.dll

MD5
a74bde4bde894f31f88115a857bfd32b

SHA1
3edb0b7260ce31f1bb66bea7708b99a4b0a9251a

SHA256
689c44b81079d1ba6c207b92964a3ab511a6a9815875b12700def75cfcdbb04d

SHA512
0c45f5494bfc0a9ebfa517d81e424cd56dbd37c22e9273b8d5620be5535b6a68fcc194643b38761978529b77f4cc8aa2222779b8b52515eb0d195d9fd682f593

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-convert-l1-1-0.dll

MD5
0414227ea66c194f15935bc62f6a7c66

SHA1
89abcfb89a3615bb661b691ed19f97e17b4b9916

SHA256
765d6081d075f512355ecbbeca1cb847b44e25c21eb0c9fe1304ad79f52e71be

SHA512
099e5aa1c17ffb0b4f83f30e2aac596f1d0997a48f247ee95c59edca984afecaf0f98cf98e4510a556b3c78b671a5fb030165a449e7af5a6e4e860f493bcac10

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-environment-l1-1-0.dll

MD5
5cfd94d05599a9e022d3c80a5c275815

SHA1
22858b7d570c58682dd7f00a403be200697a18ec

SHA256
09d167a09679bb45c722c64bce4229ce7bb6354cd4cf885b1c76cebed3d98491

SHA512
d104f51edaeb534e5106b06b233cc264edcbe124e28434dddd6ea4d52488f55ccf54c3fd1ff3e422275b73191067b638eb457ba1c183139e3446b48dca34a871

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-filesystem-l1-1-0.dll

MD5
4526f072699bb26c9fa2550b6184f451

SHA1
cfef4ec691005bf90b286a7f0ca51e36c1ba61cf

SHA256
6d43bf40f518d7bd04295e0f5ad0011e9e897744f8f3ee0cd5caeb090f7fb53f

SHA512
4fb95be0d360a9540e86f55a1486b05300228c3c0a4886194632f1494413e0682c19c7539d98111cf8262d6f9ae413cff65eb68de914ea3755338e42b1b7b523

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-heap-l1-1-0.dll

MD5
115d89efb6ab3e3fa249dd2921c86cd1

SHA1
e031a4f361d211982f508a733252040ebe53a827

SHA256
5a9c4964607d7c7d3e871ba634fb0c6c04b8532af1c0481d105223aa835c4daa

SHA512
e183ba953cf75a06a923bcc801433ee5aff35a32cb694d321f78c81886636b71391b241b43519d350f3775da082c0fd5385ad342ea5c7af3ff28133d49a54886

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-locale-l1-1-0.dll

MD5
b773b90c8c3177631cfd11824ccb09fb

SHA1
a1aab979e8c1bfe48a593e34531df9c6a6906f55

SHA256
73811274e32e323d7616110f55baa756f9fbb0e539e015f95893bb278ce10168

SHA512
c93373a7f14d23002d218faf8bc551d7f1d070f886625c5244c8f5c9e5b0c84b5a7e8fd925d7f244836f319580aceb984d7aa9559459d76e136c591c6f256ef7

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-math-l1-1-0.dll

MD5
5e9f33d28ebcc3dfaeefe3ff01b4f153

SHA1
0ccf2ecf197c73ba2df46563056ec79f0f7c22d0

SHA256
42da652abbef152b2f3082f3fe161799d8cf2b895dd03085efe2be2e4a99b7b8

SHA512
9dee50b29649b9ee76a8ceb306be4bcc713014fd02b90af62f0fd94ea06088618371023f0c584ba73058f852411ca9d1d69424c6f99062c8fa2ee833df0141e8

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-multibyte-l1-1-0.dll

MD5
b605721cdc3be075649eef17c64ad1b2

SHA1
45902e73826267604d68a572c7e96cbdbea82215

SHA256
92dfac7664df41c7fa0e105f25aff5340a2a65afb3fd7cbd9d27f94d32ff69c5

SHA512
cce0ed93a010a7d3176aa8b77d06ecf235506691bc7d72ad1b2f9c5563b9f6d079b8d7f816ab58b037fa59c7f2cc4cb361fe9bcc278dee6bba14734bee4908e4

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-runtime-l1-1-0.dll

MD5
f502a02744c01fe010c20f55148c685d

SHA1
dd70de11620aafe04e7b8f544b06398b71593475

SHA256
6305557031e991b7afe6980192bb715b06d3d10a6bdfa96aff93b65d9bcd6dee

SHA512
7afd38eafc779ab5cb5fc01b8704e883221e8d143f95ea96c494be8a3f3564aefff88ae4f88445f1668b159be43b387d56edee4afa301857809e960d51c9b6a1

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-stdio-l1-1-0.dll

MD5
285e9fa4e70b15f59d7d14cdb061bbcc

SHA1
c55d685fa38a58532d05839790efcb5d74e64e5b

SHA256
e22783186328d4b7deb59fe11712d585508a192e29547d3ccfca3f67bb454229

SHA512
0aafa8e5688f0a3827c34c366246b1783178fa82f06a51a31dd482761e30abd84cb51487a4f51ec10fa2c28d613a0c138e41ba7ec878c8cceee295e54ed82e1b

Download Submit
C:\Program Files (x86)\JiKePDF2\PDF_Convert2\api-ms-win-crt-string-l1-1-0.dll

MD5
9c806af44c193729fb7987cc1b06bb1a

SHA1
f744d6e57594dc1b9801ff7c0feb2714072c6165

SHA256
f44d814f404f951bb13e3421e977b3746eccf9bac2cf80733d4159154b124af6

SHA512
e37e2156fa04a8e8892ec3bf8b605f8c8effeb0bab7ea93695b375bf675380e8232d29df3a40ac1f6f30af008cdf0b344cf10471f12e36b208bde60db663afc8

Download Submit
C:\Program Files (x86)\JiKePDF2\jikecd.cat

MD5
1edee3c48ff3e1daf8155cdf891bdd12

SHA1
fd3e0fbda99963d33120a7484a4e59ca4f959db5

SHA256
9ab1de4cc59e39d54780966f93bf8fca6fbc8edd2b8092ca5545350e6a0b150c

SHA512
385a0aed3ba386732f09b6ea54635d45a3c47b27ddea398c474c6c5a86f0e383f48bc8c4b31800f174346f0b9683f813ad2460e16de641239e36ae95734ad4c7

Download Submit
C:\Program Files (x86)\JiKePDF2\node.dll

MD5
eba2754f5b8965073733a98976b2efa8

SHA1
54c56b5d2953e04ecade84b1cec66a0da904fc31

SHA256
9eb3cbc3003334f287a12ac9983e5b7ed5d7e1179055be8cbbda5b33581ded22

SHA512
0cd6c18f80a281881cc9b1cb605a4c3e0a43e2499943fd07a86bde708124e79c9ed07685e90e78c343b45ad6c59fda36fbe446c74b968fdc50733e7101d61763

Download Submit
C:\Users\Admin\AppData\LocalLow\JiKePDFReader\CfgPath\Use.ini

MD5
d86eeb732512dfba7ee9aa070ec8178a

SHA1
d012340ef6625c5a6e6c73ca1bf0f4a0fe8e8eb5

SHA256
d1ced104849fc9792cb0145b8cc9ae21cfb879858377ada77c85eff01ba7ad68

SHA512
c08ac9d00ab03c6374cb7ec29de7507534a1a60920ac45d970a89a07bec09a19a647082d4c9266e62358381000b9935681e4b888a0d7f1ea50711e77cf606488

Download Submit
memory/1616-185-0x0000000000000000-mapping.dmp

Download
memory/2096-186-0x0000000000000000-mapping.dmp

Download
memory/2376-184-0x0000000000000000-mapping.dmp

Download
memory/2716-115-0x0000000000000000-mapping.dmp

Download
memory/2716-180-0x0000000010000000-0x00000000100E4000-memory.dmp

Filesize
912KB

Download
memory/3936-187-0x0000000000000000-mapping.dmp

Download
memory/3936-188-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download