badfaa27e85fe1db685e88a975255fc0e4b5e4b02470c639ceecdc69ae21e223

Analysis

max time kernel
9s
max time network
118s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

badfaa27e85fe1db685e88a975255fc0e4b5e4b02470c639ceecdc69ae21e223.exe
Size

29.0MB
MD5

45c1d011b44db62cc95e4e84a7599587
SHA1

e1dadb1f4658b63c3f3db7598afff7bb2f79e6f9
SHA256

badfaa27e85fe1db685e88a975255fc0e4b5e4b02470c639ceecdc69ae21e223
SHA512

6b2f8da0e7190b4e673d18ca5e30b68371dfe490e97ec069109a4b6929ae0439872bdb9c619903c9550dbd73d27da49f91174b6940ffc18edd21e03603639a83
SSDEEP

786432:2CMnvD2PsjKwDwKG4OPvy+fFQGyBfoTcukQ:Cb2UjLG4OS+f4ook

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\badfaa27e85fe1db685e88a975255fc0e4b5e4b02470c639ceecdc69ae21e223.exe
"C:\Users\Admin\AppData\Local\Temp\badfaa27e85fe1db685e88a975255fc0e4b5e4b02470c639ceecdc69ae21e223.exe"
1⤵
PID:836
- C:\Windows\SysWOW64\cacls.exe
  "cacls" "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166" /T /E /C /G SYSTEM:F
  2⤵
  PID:1112

C:\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\BDDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\BDDownloader.exe" /install
1⤵
PID:1992

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\BDDownloader.exe

Filesize
62KB

MD5
195aa9284478b7f2444f8826ff3c00af

SHA1
f389dd484407ced05e9464027afe5b406ad71275

SHA256
c282b05fd0b5797d049ad8320bb033476fc59cd2eed5ee9e892fc68be00ce9ee

SHA512
f6cbe12e5dfea31605e2fa2ec72c375b3f28127d1c267fa70c04e5a53ceecd0f6e48139a464dc3370b1b5db3224f82a400e7962aa357119ef1eade309700d299

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\BDDownloader.exe

Filesize
40KB

MD5
5b3cb643270f9ba4ef808e7e61733761

SHA1
4b536b51ac5aaae288a317b6358786049ffca7e5

SHA256
7427c7a80451f4c298a90d3a3c2db86c418618e3ed1cdd77256df7c3ab4c70c7

SHA512
7b2f84e2d61f680552ec0a0f92df15b365a5adf1299ab5d128ffd4e65356ff1e2d58c0a4cb8ce7d9df2e3d8ab79e48cb443b867218dda37c0176812c4f5761a4

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDConfig.dll

Filesize
99KB

MD5
93055243034f762fb3aff0e1faa64d76

SHA1
b26e35d49f8c065518e750ae44d5b972f6c7899d

SHA256
9dc3cfd4fdfa00806e228adc6a452a13873b6b65872121509256356aefd1196c

SHA512
718fd20de713f3c0ac8a186e46f5f529984bbf92679a5a173b195d02050e0ec75941fc79b59f6e21b58353d4de20c88c14b5c720b2f9e3c2342ee8750c2c1009

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDDriverFixer.dll

Filesize
71KB

MD5
e03a8d4491777749ca1b59d6ccf95086

SHA1
04ad59f03f3f4fe5b916f8a420609e24b1e9540a

SHA256
1e522814b3868a38bb9f562933a6f9476cd5926da6c9d4dbb64172111035be77

SHA512
3633babd0cc38964216c452ade902b7afbb923cde326507ae289d0f496a803a586676705b5e5f3c6a06d25e66da3526f0216838e02ce7bdf1eaf1884910f0d4f

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMAVCached.dll

Filesize
68KB

MD5
6d850a05d022898b7b20d35ad84f7c48

SHA1
7f9033124d94a72a01a23f498e5e812e8a66266d

SHA256
b12675496a499ccccef1ab6026694f128b1f3853867c016f89b28469c6ccb8b0

SHA512
a54bcba65aad2046d7dfd3126c350e0b38f45b03422da6dbf656d7218f93cb3c36d953a35bfd0ed0b9952518580a9cbedba63d2ebc68cf0f766e59f7a36cd734

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMAVEng.dll

Filesize
38KB

MD5
c4a5e79ce557720b06c2138edc33be7b

SHA1
bec0b99fe15d4898347decbced19690037caf06e

SHA256
d483be824742ed103ce381a5ea907914f7b5f7e1694114e76c85fc9fde2a82f5

SHA512
bf644c6f4a2ebdf0a2bc5b6735d4b0c4a83dad070c0b3c66bcd1d2e20c8bb6ec393f50f646a859e42521762839b17e001090034eb81c0540ffe95da1dbcf9433

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMBase.dll

Filesize
61KB

MD5
c839324ed6371db76d1167e471d15af4

SHA1
ba3f838774a3e3f8a0641fb01889e7f601aa2225

SHA256
3bb48be541719c59e44a226701f32e83f2141fb8f50c2f0a47c8ef63e19adaab

SHA512
68b6f1860766998d61eeac88f35c0321fd794f42d3b05d4d5fc2b02875edb26f05b7e58aca7b1d87e30bce6824dc3a1fe90e2b6fa154d9789c49e075e2583d71

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMDownload.dll

Filesize
41KB

MD5
c82d8ea2eed6dbf7c36bafb5ee1ea2a9

SHA1
737c29b490da0bce9a3a88f39be00fddb3d5be1c

SHA256
0b10ecca1494041439bbe7f86d594cd5ed3d74b0b829202a52eacb46b8ebf208

SHA512
f7e2e29ec048f3c8642724cd9a5bd5076c85bae33ec903c288391dfc295d5406c58d2d9cee449c2a487dc8b1673fb0e5cc96d16ece4b1f367c8bc1e6c268a47c

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMFrameWork.dll

Filesize
55KB

MD5
aba26deecb08e09b34abfa4674735028

SHA1
255df2ed891e471c54c5909427fbe1382fdc23aa

SHA256
2a3295922186979ca13234a5ee343dce1b9485c15ac5c317410ac1af90e36834

SHA512
94ae2728ae5f2bea729a07f300ed01b11869a825ea9515813bdaf71a6b4b642962e5334a6eb39be5dc14d1fac684fe1bfb2f3394177ef4fc06059045dfdbbbd5

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMLog.dll

Filesize
42KB

MD5
dc2189e924a621e330888fe8b100b7c9

SHA1
578ec3710da4ef2b9836927ac9dd8a5a5257f085

SHA256
423965b682301ad630a196aee044938864ac731393506535030fb7e08d3a97df

SHA512
08629bd4553374ef72b770d1973565ab123aa5738b9b06b60105f7c9dfd2509f90c8b87ee20f10a1510b8a733a57952740e1ea8348b00bbe6623a5d6d72c5a95

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMMsg.dll

Filesize
32KB

MD5
ea3469621cdbb021058472d73f0cce30

SHA1
30c5ef7340c84944574cd5528244ee5c534005d6

SHA256
31f07e5c73ebeb40bd93c477fb94a2a34d5955539e5ddc2b8b4e86fc4c0a72e1

SHA512
457c4f813ec78c1b92b93ebd3767427f8c72b1bb2b9bc2541d15e9b8ff326c94eba096711998be7d344323290df5bda4463b8fb8fcd60cc2085af9917de6b473

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMNet.dll

Filesize
21KB

MD5
7caeed2079783b041894fc594381f6c5

SHA1
764f7aa5adb9570a6002c2ba5320eed227e4c491

SHA256
188964881bd48a0f203a7d706ee7a940de4fe69080d8c82a5f6f700692b71d0b

SHA512
2bbb4a5aa91d8d1614a12447b084bdc0d2e2a6904f958d2737806662fd9113a98a521cd96e22bac7fca65653a6e03f6176597c2d13b872ffa1df6100e78eac8b

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMPatchAgent.dll

Filesize
38KB

MD5
4a9f4299ec761e2ec18b21fe5eece7a1

SHA1
a1734a0e28b1af43e337a0ab845aa85ed64b00fc

SHA256
0464a3ce8ab71b43d23d9b0e104229c3b741755302b1b63a6c20602fedee2fa8

SHA512
5f309c57d655f528119f10ec630ec45b5e7c366323b1cc7bc8766f0a11e7073dcfaa2fe204b134b2f3ed3d300e04d43dfcd2b74ce0ffcc6a4b75ae213fe672cb

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMReport.dll

Filesize
34KB

MD5
85be39e7270494ee6751804fabfd2130

SHA1
a9439b5b69b93197ddf017f55889443537e6f1e8

SHA256
f8acbcbfdfabb75a83208ed5ae140e5f6660d617ca4489b159cdbca367cc1d15

SHA512
bc013c1abe231caec9e02ea79d09f130d2cd6db24a8715e0abaf6f4d6899a66d8eaf16935557078d74acf3572df5a852a29c9ddd6fc658aeace8ba987a5ee621

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMStringUtils.dll

Filesize
62KB

MD5
8d1d9eeb273a3df2d6b2ca526b6adfa2

SHA1
d10b44e3a6c16a8cdd32378a8da55b18ac05dc2e

SHA256
539bfa7f63ac75108721b71b287e40629dcc50b296e438294e94370b92488f1e

SHA512
7f30f0224085c600ced04dec09da0ed60132ecb291b10a80c35eefa774a7dd7088345787007f88cc453cbbe28f715228e80a18d5c9cbf7388877971a43fb5c75

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMTinyXml.dll

Filesize
55KB

MD5
885b6882950ac0512af8232f299b3cf0

SHA1
1928b82d5ba1eb5374de040f5e36e718c5d3d18e

SHA256
e7de4450fcf7f5743f9d60aa94e6ef6c0031a92cc347e525efae4da9df908685

SHA512
7c13bf7fa69011715acc875a0b71a09fea6a3fd03e584a493ff9029bed68adc65d4fc8143c0f00f7622aa4eba1c0b200d2d2eb6d0979494de4cbe4c64899d4bd

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMUpdate.dll

Filesize
59KB

MD5
0362ee3fda8ee017b7b9266aaa437732

SHA1
79ab93abb7b73d74df046d83d3d4ec7a5b9ea8a7

SHA256
d4c661a466826eb250dd937bfd0464f6165128981fc7acd0de1535f0c225c2d5

SHA512
7ea138fe9d15fd2f4dbb5e9ae4302a8df3abf93160e86eceed3597ab5009b0ffcc07754c81340b4cd94dc1a81e180ccc102a6cc8bc4661816316fb3d10ed97a3

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDPerflog.dll

Filesize
53KB

MD5
cb684f7345f4b6043f8752027e08708d

SHA1
b1746db015a838f1a03c536d2b3de4262a60d085

SHA256
3483c5b1f855cdf778de81e31dd29fcf9e0bb0e63c9c70abc98be97d1cd1c6d3

SHA512
227717418edf6f4c3fafde74e15ac485a398ec8b630bc5cfc50de22fb627d37f01f2b04159e43525cfd0b3e57589e782561f20115fa378fb05d1c93e7e63865c

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe

Filesize
62KB

MD5
6455fdca5559b84691ac958796cf233a

SHA1
3f641bed899ea0e7508987131ca45ae3b7f25167

SHA256
888aa88e46388ad00adeee5393ce7d1045633b2b9fb5d36cc939b82b97962486

SHA512
aadcf71750685a264cf9abe96f39cc248d12387a3f526c3ba79b5d53e1e58349477e82beb627366b7641ed39fa218f48605b65d5aef626e69ab7bd51b4276009

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe

Filesize
50KB

MD5
49a28673bc8f76a6702dbe2998f328de

SHA1
ea4e2013b17abc2220ac9dccaed42e7d58c21d1d

SHA256
27dc84e732c0178763cda84c773111fed0ebbe8953bc6e9fb56185929cd48885

SHA512
37eadefabeedccebea71d8a6212f9500555f737f0bf393d2032e3416b0bcae55053eee270f1d1cb70d9d493f756b2da895ead8779cf1299ccbd61f12100e68aa

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHipsBugRpt.exe

Filesize
38KB

MD5
2af889f75107b0bf64b3612f856353bd

SHA1
04cf70a1218516ef0de8bc877e1040f550c76162

SHA256
fe4606f37dab48612df3860168422d95243d88ec102fa05d786361f2d1a93f2e

SHA512
d87061e87f22fe9c69cbacd359eaddb5cc51cff4b1f8bf92fecc49fb14649a951456994a2be1ed3aba63181baaa248a7c43ce2c52cfe2465224b59fb63c523bb

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHipsBusiness.dll

Filesize
49KB

MD5
14852e2579f98cc161bf8f6e4efa61e7

SHA1
8358e2e3687cc015a9d9ce33c0a6cd3a364ccdce

SHA256
88775ee6f1c923d6783b2f1b9e2d3d1b8e44b53289065bd74f81fe175a135334

SHA512
deab7cfa2e5cc20fd26f1985aad39051e0d821a77c5b44cf9a228b9a3af92e28ecd63d58253f0cae471cb4eff1884b56a7ac743b7fd09ff2e30d5fc94cbf2f7c

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHipsCore.dll

Filesize
34KB

MD5
363a98788a3306f2bfb57184d3665137

SHA1
b441f8dd8e969f56279b99a36a788df2a738fed3

SHA256
5ae016442de95abc52732c282767c99c0d028c277ad48713084f5866b0097e84

SHA512
ce03669ffff08815e869f4e45f153cccf3705cd753bcbd3464374ae983af156ecb5ab357b46bc411c14de57986742c8700674205fd0e9378b9e66c38bde802b3

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHipsIU.dll

Filesize
26KB

MD5
95c2606614640dfeb8fc89b368f05742

SHA1
9f22148e3133bea90d26f392483fa83e663ab50d

SHA256
b16de806ce61599fedcc9182088021bddb420cccd6c989b8fefa3d8532851d67

SHA512
eff9629394456d8305554b6139ce4997968dbf813491e00b97fd896b7848a05e0fa9f5fe1c1745b6f5c425ee9f589f7613cef4b40ef6c22c69a750ae5b4eb310

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHipsUpdate.exe

Filesize
36KB

MD5
83a540ff34154c02615fe6bff8d9636d

SHA1
63924b1106d57cfbdf6bec7e5b850f4f98ce7872

SHA256
5fda191637bd00fcdeb9931a0afb854466bf8a18cb7772d648e607c79e3d54c5

SHA512
22835ead6fb2afef1d279f406a2d8ab4a475e76c5b89c979f78b1502218d350b0b734026c0b7b05b7eae5607b0623c6e1dda3646e5b8f0421910673d64248273

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduPrevUIn.dll

Filesize
42KB

MD5
bcbea50240799510c528c2d82b789a72

SHA1
e9650fab9e3535c3572f661e10acf284898ed885

SHA256
e8238a8aefbc79beb2f25cdbe01a3ddc3e34f88e38cb685633985e39c9b10ffa

SHA512
eeecefd72bed1c791cbc86e64247ff2119d71210d0b8c01228559905179a5fc797535bf6445b078bc43366cdd43a722047e7e8880f1275c4e70de807ee17d87c

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\NetService.ini

Filesize
615B

MD5
8c8c8226aa35e68a7a6b1606dc7bf83e

SHA1
25c98df709ace8e2cb05b85badc948238e60232e

SHA256
38a45da1fcb7bd796d99cd6569e48ce7bbe4a655cd7a0a82e7b1a55e8bd1cc9d

SHA512
03b43cdbfabfd4b794e25db5b20fcfe2dbafab8996b5cb5c6c4f3486221bc0617165a1316dab29a49a2d0c649850a6394e61692adf14bafd6398312a2acd35e4

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\ad.dll

Filesize
44KB

MD5
6144fd657fac33d61ffc9bdce43991d8

SHA1
c178382634f3ba4ba5b316090ace00abe8d72eab

SHA256
bb44e59a3d4797e992167009b36bddf59b9f3f46adb89a793b2ce50d3a839d8d

SHA512
5c15320114e6e97814094b8d8e66ee89173601dc3aaf2619c7173e4e29b63897c16f99a286d610ad229b6f1d6277245d89ae1570fe3812bed3f96789770805d4

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\bd0001.dll

Filesize
48KB

MD5
4dd3d398e8836a26b8376b6b493be702

SHA1
bc074aa6100304dd88173e623ec6d0ba8632537c

SHA256
a01faba6b56412054be408ec64cc520666862b9d12e67fa074addc5f09a4a7f9

SHA512
a2d51546781d7c13219baad91704d0c4504e614e08b68eff20d5036e4efd51cf5e7e1b6ed3c96499f300d1badf1c4aeeae73109f20ea90681f3c45d9ffe0bbb2

Download Submit
C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\bd0002.dll

Filesize
44KB

MD5
fb8d31ae5dae3f59b722f52579ae3a21

SHA1
fb286462f578abea176762313761bc6c54e8f24a

SHA256
69406f5268f6316443d23f7e327e6950ee7cc996e18cd8fb947980dc9f4f8078

SHA512
937ad55f45f20a7798ee0806844fd74f0b4fd202dcd45addbb1c249c20a1d8738f35e448f50e1bdd75a3d99e46fd42a0d472cad25a1e46c58c4765de135268fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\7z.dll

Filesize
38KB

MD5
c9e4249a9e5e5d0335f26a5b66bd8b92

SHA1
22f97a924d0677a9b842f1d3565685f5da77ce95

SHA256
1ba4acc03a6842acdcbe80ae0bbc47ba02c936f6b473b02ef9ba83f7d047daae

SHA512
d48339f11830419d43749152820c47bf91fa802911954b5673c58a613250c2a8f5ec5fb9fe83fc988874da7a12b13c1510fe58abcbd37ba439626e1f94d6166e

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\BDDownloader.exe

Filesize
59KB

MD5
d74173874630841dbf66406485f85359

SHA1
e91634ec22eba8302cf667d166e6a9b3f15aa75b

SHA256
9d2b2d3e11f73fe900533e0a4532bd6c1489b76b5275374c29fed54f3a760908

SHA512
9e6ec903a8f7ffb9eedeff4d76f76e57bc18ca61b0024bfb455991f295b0f938f272e2d27be7f4d4991020519033fbcf661541dc29cf0102932a4aad59462613

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\bdcomproxy.dll

Filesize
43KB

MD5
a4460da86c41535d13af0ed1137d275c

SHA1
01083db5a1179b830d04bf48170cad20643185d7

SHA256
5f39f0c0bd438d3947116aa0d54e3d646fe7c1fdeb9d323c31e14ec56407a56b

SHA512
5e174c106898f3dc6108dcae4a63b2e2ddcdb2a0435e33511764c92e38cbcd00a232693a2c497b685b3c3a3b1b37d3133115eaea8f41975f8d70cbcbfbd55606

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\bddownloader.exe

Filesize
34KB

MD5
b3c0be53ff821ea1b45090277375f68c

SHA1
ab7b89938223505362b8369eebd68f94804809f7

SHA256
6b08c45237658f450d261bd4231247f000baf6a1d8029f90f096fb13b7ea5542

SHA512
e27ba7b53e10b9820efb6d8ac6e2130993225481f590a9613e82e38fda0d27fbeee6ece7fbc080573eaaa3941817f322192278c25096ac5e47da0f5fdac0252d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\dl.dll

Filesize
53KB

MD5
587ba2952449decf7a3f00155670335f

SHA1
3337725aeedebc97c154173a08332d55588fb2e4

SHA256
8e9f73df181c3eb27ae67d810015bbe222af93b2bb4c0e5deecba426ec87ea2c

SHA512
f0476ad8e6e59fead718321bacaf7a47a24390e786b9dc392e7ab6e293d370da0a758cf50297f181bfc5a5ad2d0bdb4dfa49b1b5f6615b000046188532e10df8

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\BDDriverFixer.dll

Filesize
39KB

MD5
167a36ee1a20e699d597856b9fb29f13

SHA1
ab94bf9becbc54cc8356ca0fc12a4810f2fa9633

SHA256
b07c701e4d3b48daa5eb8122f724a9e4a1927e7c3992ada586c8e2cae9b3fba1

SHA512
58bcb724ba577f04ad57476371ffbb1f3371baa3b04b9c78e9f75e29cd9a852718a2d00c743f75e0e53444394b8622e8cb596f597faad0c1ea75def77bf4c30c

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\BDDriverFixer.dll

Filesize
71KB

MD5
328083981ea8fd7110c12cf49a9c2bbe

SHA1
fcc861b218c19bef940b0bb1c220151f56c37351

SHA256
a3f838bfeb0501d40b068da96d099d80ce5ea7075b9ad37f21a179087eb7e03f

SHA512
5f19faea5bf2444c4ecc8d53964a544d42e5b3e0b57988353dbfd30b7a9259b8323826c45a916855058faebf8f7ccc778e147facfa9091f458aa3e4e45238af9

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\BDDriverFixer.dll

Filesize
40KB

MD5
5438d7e0fe525cfd13bf69b2bb07c42b

SHA1
76095da577a7c345340b5577ad1e582661bae808

SHA256
37f152db9a504902db2ed9224d1fcda55e289ed11e34a78e49fc6c32b7e20842

SHA512
17845b5c16dc3fe5d9d44a5e60ad85f8da00f99a4af24f1a103a5f48c9981d62a8fbf836a76551fec6e33eb6372be6ba842bc75f07ed46ff25d514a9fb862630

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\BDMNet.dll

Filesize
21KB

MD5
fcc2ee3b0bc27f6902194a407bed1127

SHA1
440b2ba81ad6da06165a2ab1afd4589f4ce99683

SHA256
b038b038a49b4e1a7ecd31cb64d9603e01154a52b3b713c87fd0ad676f434d1a

SHA512
d93b0b5b897fe0641f05a10a063fd8ae112ee1c1af62a6d6abaf439d178a8d82c93c816db92ab4513f7a68fbcea26cf6139cb25df542b57334c4440e7b62c05e

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\drivers\BDArKit.sys

Filesize
35KB

MD5
57595a60516165c84105f4b54961f17a

SHA1
d0890521acc85d6cec54b240e568e58fdd8ba21f

SHA256
638466758f32bdfea1527fe13ad1931fb3803e88513714127f0ea89dfff97125

SHA512
f676a8f3dc30adb21b3ebccdfa0001391239fadf0d97ad06c926e697772f61884b3eb450958765ae8ebd6b67142d39bbdb079d31c614140da7c2f5797d0cbd19

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\drivers\BDArKit.sys

Filesize
20KB

MD5
643af0fb5386541616ef1678fd64d394

SHA1
1ecf31ac54c7feb0be375c1935004fa962fd3736

SHA256
eed5c56c68eb294dabb109f24b58300cf6ff23569097622a65a7e1bbb655c99e

SHA512
40a56e30d12211204dd050620b28a310328ccdae123aaa355ce73306ab423449e4c58b64fd95566a31f2ce75388a51d7e69762bfb1bac2df1c216acffd2fd929

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDConfig.dll

Filesize
39KB

MD5
d66cdf28e9dbd620e32bc15e26d20048

SHA1
0c34dcb5295bf68691125c9cc81c460a17923f17

SHA256
b296a63a16954eb74d4e88c6ec2c90f2aa1bea1be1be23822847272efdcfc009

SHA512
b4f5a2f0740aa17fcf6188b4c4aa95d860119ae36b89edc6ce75aee508bcef52b3887af58f3ce2931fc9b82846c0f0983b3e34803abc93d120396bdb429d1812

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMFrameWork.dll

Filesize
92KB

MD5
88fb05ab0cecb0fa5a204765f44430b1

SHA1
42f4fb005e10158023af9801a37e328e5078cf18

SHA256
f48eccbfaac187f9f7c905d6cc5ac035abba02c90d2c9d0d0b2968f66ea1ff8c

SHA512
8f7fa3dcab2d19763b4285454b2897b6f3683dcb8cc61e0c29770b7d664b8843487addb6fbba059de3c416e834e392232b941f4bf674d0c1076a2ca5bb896c6d

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMNet.dll

Filesize
26KB

MD5
df10b4af57674a01c093082739b61154

SHA1
f3f27f2668f947198a161cc5058af1495d82e807

SHA256
6e413145677a1ca45ceefb0935b6a9b3dc893bd211ff903cc47c61788551f510

SHA512
8b2f7e155dd241e5c861056498eed0c17c02ae4821c6f418f00fe53b42bd840fe552455b1079a3f8c096a6a7f99527b45972c3f18bbcf6641748e194462f497f

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMReport.dll

Filesize
42KB

MD5
a8a82406a0d485cbe17bb2d8929b9bf7

SHA1
9ca829df8c5bee26d252a6c94e802882785b13e4

SHA256
8eef83c18dd907aca5b4ccd1b703b6bae1cb216f601f37b3a53c9ad9e0751121

SHA512
0871556f8eaa57d7df59d3340760faedbcf768bc29a6bf3f94047557fcb68e95ed0118a0831a31400a545fa3ecc448efab414d7651a7a97957ab22c7b29d9e42

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMStringUtils.dll

Filesize
62KB

MD5
8d1d9eeb273a3df2d6b2ca526b6adfa2

SHA1
d10b44e3a6c16a8cdd32378a8da55b18ac05dc2e

SHA256
539bfa7f63ac75108721b71b287e40629dcc50b296e438294e94370b92488f1e

SHA512
7f30f0224085c600ced04dec09da0ed60132ecb291b10a80c35eefa774a7dd7088345787007f88cc453cbbe28f715228e80a18d5c9cbf7388877971a43fb5c75

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BDMTinyXml.dll

Filesize
95KB

MD5
23f78495829ec56d07b4f3866b66afb1

SHA1
415fb00dda95e0aba1619535615a6594158a08c7

SHA256
e2420c77c5b8f6e8abc1663a4ae535b453757a84081fd09fe66be72d0a0d375c

SHA512
19849cf9e45814662aedd1cff2528546e1474da6845dcea508da846b4e6a2d43e10ebcc8e3c88705370e06375e5e657b8f2e129208f2b481da89e8840894d1c9

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe

Filesize
46KB

MD5
f09b39a67bf96ec4338dd2be845b097f

SHA1
d325db561b499c9bbd2870286c15ada3b29a095a

SHA256
ca9ecf908a744aa0c4f3bd74c9f7004884dae9fd5c9be7e79ef5234ec3cbf330

SHA512
17f2872c24dd7cd16403571aaf1207159a1543d12f56ac07b6cfcc354752e606fab4f29f181701fb2931e6d9136d9cbe557c07d158ff7667af6e54a5daf6fe3f

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHipsIU.dll

Filesize
54KB

MD5
c139850ecf5656bba2a6aa2c4a50e247

SHA1
63962dc73798adf52e00b4367f9c489f89aca712

SHA256
7d32ce549b0ccf6ccf07c99ab3f7ae15d2c435aaa4979379837b5cb24f3dde5e

SHA512
230431c7938b4af991ad7a420267efcd040176ccf5412b50f0996a6dff7df42a982e3c8dc711d4070438657e6d1e7bd91d5103bd4e7c03e336161f58117c2dd3

Download Submit
\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\vatl.dll

Filesize
6KB

MD5
7747b0f717bf81cd2234b871965dd934

SHA1
4175f36a5bed0e9d3ff5440b90c9d95011f9fd32

SHA256
ea3d6ee609a0e65d99df5a88eee4a13410b6ea79abae9be180d0a0652ce80c12

SHA512
c5464d69d519ea44be19868c4ec8e9dd934f486e4ad4fc9c5e3505d640ae3761da5fedd1d467ef2809b696d76067bebaac2b7778f294ecd7ebd9a885d12f2a8b

Download Submit
\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\bddownloader.exe

Filesize
46KB

MD5
8b1638c1f39c06adfac07559dee88328

SHA1
d374ff50c7a64848126da24856b71bb1b0463aea

SHA256
ac5fe0f46296218946004dac68ca682beca630ea946eb097164e758b6d3b7dfb

SHA512
a7de7c31508819b2accdb4266665c83173dc216cc35a53952afc6be02c0308a915317a39716fef61528d2739085c15ab08971705b4aa485142767406947534dd

Download Submit
\Users\Admin\AppData\Local\Temp\BDDownloader_Installer\1.0.111.0[2022-10-29-11-46-24]\bddownloader.exe

Filesize
45KB

MD5
93e0706a9cae8198d3e028051c7b92fa

SHA1
8738238a9606361d72f0284996cbe7acf56b08b9

SHA256
afa57bcb9cedf26ab35bbe38e4066ac6477b1f47b79170f15cf258b483d33845

SHA512
a161c7b436a869102db4fc923483ad93513f2abfaffef9025359990ab5843779654da8209b5a7608011d03ba40474a34179c4d6b55aa136be7aa9cf9eb45114b

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5C17.tmp\GetSupplyId.dll

Filesize
39KB

MD5
32ec6e03bcf9c6f54c4f7b91ed7f5d94

SHA1
d84947d74c18f2d1e48d06222c8d1385de0a41a6

SHA256
f677bc40be9eeeddd4fe4e5e677f5ef05724239149c6f16cb8c1ea0681fb2878

SHA512
15ee7c4e153f2f906c6d90e7e854b68dd044d10f1c2d63cb5c3b41bb263f8b791d9c43d791bc8069f9732daa3768dad18756f0b5ca2095e9091ed53f1bcd3a96

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5C17.tmp\GetSystemVer.dll

Filesize
24KB

MD5
9f3a7d7beface4a8a4aed5e197dfeed2

SHA1
412e595c0eb1a31dc09490c5c27f8fb253ca7af3

SHA256
59867d92ad15ac9a19c817ec6d8eb81eed1dd603249154d1971e1296192dcc1b

SHA512
97721a2eb56aa27fd859ab7c0c18a2f2cab0ca37a7178167791b13c69b23ca31e27fd99c884ae213a41de67dcbec6c3a22b05870bb0e7bab4194bdeb2cb044a5

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5C17.tmp\InstallHelper.dll

Filesize
13KB

MD5
e72cae4cc9d0190c79546182b29635d3

SHA1
d078863dc1885b31446b5d0329149d7b20cb67ac

SHA256
e12cee54adbb05f3e52424c14eeb8c5263f4dd7edc5932dd73f29c7b5900d848

SHA512
c67989ff5908ec488b2358a26dde6d5e3865a38cf0249480999245d7732fb3e3ef0207f4bd1ada606caa1ab14e75b7d5ff8c132661ebbc61c4184c35e6dd4820

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5C17.tmp\System.dll

Filesize
17KB

MD5
0e6b71e8a420759cf192d24f58630d90

SHA1
e777b469abf9af3091bd91ca48f15b4de0bd45d3

SHA256
3df3ddc83c85625aef09383408bea5b18ea573ee77b4f5125461fd1e507a9487

SHA512
57d0a8cb7595108973cbb0940e7cf4613aa1015a884d840a62aba935289a0f8d409f2848c45724de6855d4161b93fcc3b1110cb8690292f9440879b7e5919df6

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5C17.tmp\nsExec.dll

Filesize
14KB

MD5
5c8c57de64daea7d3098261c76888067

SHA1
5b69091e79a6611e97e12aa208283315f64b4231

SHA256
d39434e9e0388d4b8e1b0b57b6fef81544f9a9db64c4de2211077b08d13ce853

SHA512
b6a19d428214b5f88fe985f8f2cb0cb412542267d67141daf958f5c78a930e993dca288a95ea2417c9355dfee9c6e556ac17150c1eb843ae3c2e6f7ea9475693

Download Submit
\Users\Admin\AppData\Local\Temp\nso7A80.tmp\System.dll

Filesize
17KB

MD5
15e005dfbd1b5040b857ae847114465d

SHA1
b4ed7d43ae94ef71fdb8515317c604faf9a9af27

SHA256
d9069d550a357e0426e319283cab8efce891d2c87e106fc0e93b95a990aa5e45

SHA512
49e8fdacf820f166f709cd615cad09d114c021f7890e7fc91380d2f13f7dc3b9c2c30bd5b4ff276b76a9c51da1e5ca4a041afafdc97fa640a9c2765cf22d973a

Download Submit
\Users\Admin\AppData\Local\Temp\nso7A80.tmp\System.dll

Filesize
17KB

MD5
15e005dfbd1b5040b857ae847114465d

SHA1
b4ed7d43ae94ef71fdb8515317c604faf9a9af27

SHA256
d9069d550a357e0426e319283cab8efce891d2c87e106fc0e93b95a990aa5e45

SHA512
49e8fdacf820f166f709cd615cad09d114c021f7890e7fc91380d2f13f7dc3b9c2c30bd5b4ff276b76a9c51da1e5ca4a041afafdc97fa640a9c2765cf22d973a

Download Submit
memory/836-137-0x0000000003BB0000-0x0000000003BD9000-memory.dmp

Filesize
164KB

Download
memory/836-54-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download
memory/836-136-0x0000000003BB0000-0x0000000003BD9000-memory.dmp

Filesize
164KB

Download
memory/836-64-0x0000000003AD0000-0x0000000003B4D000-memory.dmp

Filesize
500KB

Download
memory/836-58-0x00000000003D0000-0x00000000003EA000-memory.dmp

Filesize
104KB

Download
memory/1920-92-0x0000000000450000-0x000000000045E000-memory.dmp

Filesize
56KB

Download
memory/1920-88-0x0000000000410000-0x000000000043A000-memory.dmp

Filesize
168KB

Download
memory/1920-105-0x0000000000770000-0x00000000007E8000-memory.dmp

Filesize
480KB

Download
memory/1920-84-0x00000000003A0000-0x00000000003E4000-memory.dmp

Filesize
272KB

Download
memory/1920-101-0x0000000000490000-0x00000000004D4000-memory.dmp

Filesize
272KB

Download
memory/1920-115-0x0000000002A90000-0x0000000002B5A000-memory.dmp

Filesize
808KB

Download
memory/1920-112-0x0000000000560000-0x000000000056C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads