d50a2c2bfcdf4cf8a908cd9b6d091afdea152be6e2b0770173d9fb4380acabb4

Analysis

max time kernel
163s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Size

21.2MB
MD5

32cce6545af187d0efe96c7e40c71c8d
SHA1

76f8360e00280e434af26c1aa890f2003f4bd0dd
SHA256

d50a2c2bfcdf4cf8a908cd9b6d091afdea152be6e2b0770173d9fb4380acabb4
SHA512

cb1ce69252e274432b90e360c90519eb59591625bc7174ee1c9410ef12258498328d5dda926b689b8daa679c09a8d9230670c97ce05d2ffbd5b83cbcdaecfb96
SSDEEP

393216:eoXHqXZ6bGw6u6xJHcjOY9lWjQum1UEKFOl7NfpqVrVSvxvbJ4jRh4jx69W:hHqDwIboTXwvEUEKi7NBSx6hF4NL9W

Score

9^/10

bootkit discovery execution persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\BdSandbox.sys	BHipsSvc.exe
File created	C:\Windows\System32\drivers\bndef64.sys	BHipsSvc.exe
File created	C:\Windows\System32\drivers\BdSandbox.sys	BHipsSvc.exe
File opened for modification	C:\Windows\System32\drivers\bnbasex64.sys	BHipsSvc.exe
File created	C:\Windows\System32\drivers\Bprotect.sys	BHipsSvc.exe
File created	C:\Windows\System32\drivers\bnbasex64.sys	BHipsSvc.exe
File opened for modification	C:\Windows\System32\drivers\Bfmon.sys	BHipsSvc.exe
File opened for modification	C:\Windows\System32\drivers\Bprotect.sys	BHipsSvc.exe
File opened for modification	C:\Windows\System32\drivers\bndef64.sys	BHipsSvc.exe
File created	C:\Windows\System32\drivers\Bfilter.sys	BHipsSvc.exe
File opened for modification	C:\Windows\System32\drivers\Bfilter.sys	BHipsSvc.exe
File created	C:\Windows\System32\drivers\Bfmon.sys	BHipsSvc.exe

Sets service image path in registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Bnbase\ImagePath = "System32\\drivers\\bnbasex64.sys"	BHipsSvc.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil\ImagePath = "\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"	BHipsSvc.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect\ImagePath = "\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"	BHipsSvc.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavR3base\ImagePath = "\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavR3base64.sys"	bavhm.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe

Executes dropped EXE 10 IoCs

pid	Process
4088	BavSvc.exe
4692	BHipsSvc.exe
5476	CheckNetwork.exe
5808	bavupdater.exe
5988	bavhm.exe
5820	BavTray.exe
5512	BavCheckOpponent.exe
3876	CheckNetwork.exe
116	ReportCommRetry.exe
2068	BavUpdater.exe

Loads dropped DLL 64 IoCs

pid	Process
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
4088	BavSvc.exe
4088	BavSvc.exe
2040	regsvr32.exe
4088	BavSvc.exe
4088	BavSvc.exe
2588	regsvr32.exe
4088	BavSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4088	BavSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4692	BHipsSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4692	BHipsSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
5476	CheckNetwork.exe
5476	CheckNetwork.exe
5476	CheckNetwork.exe
4088	BavSvc.exe
4088	BavSvc.exe
5820	BavTray.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
4692	BHipsSvc.exe
5820	BavTray.exe
5820	BavTray.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan\ = "{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"	regsvr32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32\ = "C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavShx64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\ = "C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavShx64.dll"	regsvr32.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DarkDumpReport = "C:\\ProgramData"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Baidu Antivirus = "\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Baidu Antivirus = "\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"	BavSvc.exe

Checks for any installed AV software in registry 1 TTPs 38 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	CScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	BavUpdater.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	BavSvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	CheckNetwork.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	BavSvc.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Eset\Nod\CurrentVersion\Info	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	CheckNetwork.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Doctor Web\InstalledComponents	BavSvc.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Workstation	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	CScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BavSvc	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BavSvc	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	BavSvc.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Classic	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	BHipsSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	BavTray.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	bavupdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	ReportCommRetry.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Premium	BavSvc.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira	BavSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	ReportCommRetry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\Alias	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	BHipsSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	BavUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	BavTray.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	CheckNetwork.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Premium Security Suite	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	cscript.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\Description = "Baidu Antivirus Service"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BavSvc\ImagePath	CheckNetwork.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAVSvc	bavupdater.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop	BavSvc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 25 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	BavSvc.exe
File opened (read-only)	\??\P:	BavSvc.exe
File opened (read-only)	\??\Z:	BavSvc.exe
File opened (read-only)	\??\A:	BavSvc.exe
File opened (read-only)	\??\H:	BavSvc.exe
File opened (read-only)	\??\X:	BavSvc.exe
File opened (read-only)	\??\F:	BavSvc.exe
File opened (read-only)	\??\N:	BavSvc.exe
File opened (read-only)	\??\V:	BavSvc.exe
File opened (read-only)	\??\B:	BavSvc.exe
File opened (read-only)	\??\K:	BavSvc.exe
File opened (read-only)	\??\L:	BavSvc.exe
File opened (read-only)	\??\W:	BavSvc.exe
File opened (read-only)	\??\Y:	BavSvc.exe
File opened (read-only)	\??\E:	BavSvc.exe
File opened (read-only)	\??\J:	BavSvc.exe
File opened (read-only)	\??\S:	BavSvc.exe
File opened (read-only)	\??\M:	BavSvc.exe
File opened (read-only)	\??\U:	BavSvc.exe
File opened (read-only)	\??\R:	BavSvc.exe
File opened (read-only)	\??\T:	BavSvc.exe
File opened (read-only)	\??\F:	BHipsSvc.exe
File opened (read-only)	\??\G:	BavSvc.exe
File opened (read-only)	\??\I:	BavSvc.exe
File opened (read-only)	\??\Q:	BavSvc.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
File opened for modification	\??\PhysicalDrive0	BavSvc.exe
File opened for modification	\??\PhysicalDrive0	bavupdater.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\EngineRpt.cfg	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update_ultimate.ini	bavupdater.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\numlog\1715420623_BavTray_4076_numr.dat	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\dump\bugreportconfig.ini	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\E839B20B-DE0B-461d-A3CD-769DFA88F488\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\8A73A249-C3BE-401A-8335-A832080931D3\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\AutoInst.ini	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\5DB281C3-B655-656A-01B6-E302199E376A\AutoInst.ini	BavTray.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update_statistic.xml	bavupdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\sb.dat	bavupdater.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update_ultimate.ini	bavupdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BsrScan\log\BsrScript.log	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\up.dat-journal	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\hr.dat	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\ac.dat	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavUpdater.log	BavUpdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\6BA17A92-4345-49c0-A228-A57C2E779055\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\DEF8DB04-2D26-469A-8D59-5D813E89773D\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	ReportCommRetry.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	BavCheckOpponent.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	bavhm.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini	BavTray.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\5DB281C3-B655-656A-01B6-E302199E376A\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\strlog\av171540300320168strr.dat	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavSvc.log	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\BavToolsInfo.xml	BavTray.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\rr.dat	BavSvc.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\dynamicskin\list.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BETMData\History.dat	BHipsSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\ReportCommRetry.log	ReportCommRetry.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\BavToolsInfo.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\vr.dat-journal	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavUpdater.log	bavupdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\aplg.dat	BHipsSvc.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\3811A2B3-20AF-486d-81FA-8774762CC135\detail.xml	BavTray.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\09F68E66-0B2F-47f7-83AF-77569A4A63C1\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\sw.dat	bavupdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	BHipsSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\hr.dat-journal	BavSvc.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\6BA17A92-4345-49c0-A228-A57C2E779055\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\3811A2B3-20AF-486d-81FA-8774762CC135\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\7B49036D-8FC2-4AA8-89A5-0B8B0519E8EE\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\8A73A249-C3BE-401A-8335-A832080931D3\AutoInst.ini	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update_statistic.xml	bavupdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update_ultimate.ini	BavUpdater.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\7B49036D-8FC2-4AA8-89A5-0B8B0519E8EE\detail.xml	BavTray.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log	BHipsSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\sw.dat	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini	bavupdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\5DB281C3-B655-656A-01B6-E302199E376A\detail.xml	BavTray.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\numlog\1715424731_BavTray_5544_numr.dat	BavTray.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\hsc.dat	BHipsSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	regsvr32.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini	bavupdater.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\up.dat	BavSvc.exe
File opened for modification	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Data\tr.dat	BavSvc.exe
File created	C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\numlog\1715414293_BavTray_5936_numr.dat	BavTray.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BavSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BavSvc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bavupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bavupdater.exe

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4120	schtasks.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	BHipsSvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	BavSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	BHipsSvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Baidu Security\Antivirus\web\AdBlockCountLastDay = "0"	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script Host	CScript.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\cscript.exe	CScript.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	BavSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	BHipsSvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	CheckNetwork.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	CheckNetwork.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	BHipsSvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	CheckNetwork.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	CScript.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	BavSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	BHipsSvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script\Settings\Telemetry\cscript.exe\JScriptSetScriptStateStarted = "240758656"	CScript.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	CScript.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	BavSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Baidu Security\Antivirus\web	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	CheckNetwork.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Baidu Security\Antivirus	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	BavSvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	CheckNetwork.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	CScript.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	CheckNetwork.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script Host\Settings	CScript.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Baidu Security	BHipsSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	BHipsSvc.exe

Modifies registry class 36 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan\ = "{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\DefaultIcon	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\shell\open	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BLPFILE\shell	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\ = "baidu right click handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32\ = "C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavShx64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\shell\open\command\ = "\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon\ = "C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavadvtools\\3811A2B3-20AF-486d-81FA-8774762CC135\\tool\\Translator.exe,-201"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BLPFILE\shell\open	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command\ = "\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavadvtools\\3811A2B3-20AF-486d-81FA-8774762CC135\\tool\\Translator.exe\" \"%1\""	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\shell	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan\ = "{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\ = "C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavShx64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.blp	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\URL Protocol = "sss"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\ = "icon overlay lock"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BLPFILE	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\ = "URL:bav"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\shell\open\command	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan\ = "{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.blp\ = "BLPFILE"	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bav	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bav\DefaultIcon\ = "\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan\ = "{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32	regsvr32.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	BHipsSvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	BHipsSvc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	BHipsSvc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4088	BavSvc.exe
4088	BavSvc.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5820	BavTray.exe
5820	BavTray.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4088	BavSvc.exe
4088	BavSvc.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
4088	BavSvc.exe
4088	BavSvc.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
4692	BHipsSvc.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe
5808	bavupdater.exe

Suspicious behavior: LoadsDriver 31 IoCs

pid	Process
4692	BHipsSvc.exe
4692	BHipsSvc.exe
5988	bavhm.exe
5988	bavhm.exe
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
4692	BHipsSvc.exe
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
4692	BHipsSvc.exe
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
4692	BHipsSvc.exe
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
4692	BHipsSvc.exe
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	4088	BavSvc.exe
Token: SeRestorePrivilege	4088	BavSvc.exe
Token: SeTakeOwnershipPrivilege	4088	BavSvc.exe
Token: SeAssignPrimaryTokenPrivilege	4088	BavSvc.exe
Token: SeIncreaseQuotaPrivilege	4088	BavSvc.exe
Token: SeSecurityPrivilege	4088	BavSvc.exe
Token: SeTakeOwnershipPrivilege	4088	BavSvc.exe
Token: SeLoadDriverPrivilege	4088	BavSvc.exe
Token: SeSystemtimePrivilege	4088	BavSvc.exe
Token: SeRestorePrivilege	4088	BavSvc.exe
Token: SeShutdownPrivilege	4088	BavSvc.exe
Token: SeSystemEnvironmentPrivilege	4088	BavSvc.exe
Token: SeUndockPrivilege	4088	BavSvc.exe
Token: SeManageVolumePrivilege	4088	BavSvc.exe
Token: SeLoadDriverPrivilege	4692	BHipsSvc.exe
Token: SeLoadDriverPrivilege	4692	BHipsSvc.exe
Token: SeAssignPrimaryTokenPrivilege	5988	bavhm.exe
Token: SeIncreaseQuotaPrivilege	5988	bavhm.exe
Token: SeSecurityPrivilege	5988	bavhm.exe
Token: SeTakeOwnershipPrivilege	5988	bavhm.exe
Token: SeLoadDriverPrivilege	5988	bavhm.exe
Token: SeSystemtimePrivilege	5988	bavhm.exe
Token: SeRestorePrivilege	5988	bavhm.exe
Token: SeShutdownPrivilege	5988	bavhm.exe
Token: SeSystemEnvironmentPrivilege	5988	bavhm.exe
Token: SeUndockPrivilege	5988	bavhm.exe
Token: SeManageVolumePrivilege	5988	bavhm.exe
Token: SeTakeOwnershipPrivilege	5476	CheckNetwork.exe
Token: SeRestorePrivilege	5476	CheckNetwork.exe
Token: SeTakeOwnershipPrivilege	5808	bavupdater.exe
Token: SeRestorePrivilege	5808	bavupdater.exe
Token: SeTakeOwnershipPrivilege	5820	BavTray.exe
Token: SeRestorePrivilege	5820	BavTray.exe
Token: SeTcbPrivilege	4088	BavSvc.exe
Token: SeTcbPrivilege	5808	bavupdater.exe
Token: SeDebugPrivilege	4088	BavSvc.exe
Token: SeShutdownPrivilege	4088	BavSvc.exe
Token: SeTcbPrivilege	4088	BavSvc.exe
Token: SeTakeOwnershipPrivilege	4088	BavSvc.exe
Token: SeLoadDriverPrivilege	4088	BavSvc.exe
Token: SeBackupPrivilege	4088	BavSvc.exe
Token: SeRestorePrivilege	4088	BavSvc.exe
Token: SeSecurityPrivilege	4088	BavSvc.exe
Token: SeTcbPrivilege	4088	BavSvc.exe
Token: SeTcbPrivilege	4088	BavSvc.exe
Token: SeTcbPrivilege	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
Token: 34	5808	bavupdater.exe
Token: 34	5808	bavupdater.exe
Token: 33	4692	BHipsSvc.exe
Token: SeIncBasePriorityPrivilege	4692	BHipsSvc.exe
Token: SeTakeOwnershipPrivilege	3876	CheckNetwork.exe
Token: SeRestorePrivilege	3876	CheckNetwork.exe
Token: 34	4088	BavSvc.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
5820	BavTray.exe
5820	BavTray.exe
5820	BavTray.exe
5820	BavTray.exe
5820	BavTray.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
5820	BavTray.exe
5820	BavTray.exe
5820	BavTray.exe
5820	BavTray.exe
5820	BavTray.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 2204	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	101
PID 904 wrote to memory of 2204	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	101
PID 904 wrote to memory of 2204	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	101
PID 904 wrote to memory of 5192	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	103
PID 904 wrote to memory of 5192	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	103
PID 904 wrote to memory of 5192	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	103
PID 904 wrote to memory of 4120	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	104
PID 904 wrote to memory of 4120	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	104
PID 904 wrote to memory of 4120	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	104
PID 904 wrote to memory of 2040	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	107
PID 904 wrote to memory of 2040	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	107
PID 904 wrote to memory of 2040	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	107
PID 2040 wrote to memory of 2588	2040	regsvr32.exe	109
PID 2040 wrote to memory of 2588	2040	regsvr32.exe	109
PID 4088 wrote to memory of 5476	4088	BavSvc.exe	111
PID 4088 wrote to memory of 5476	4088	BavSvc.exe	111
PID 4088 wrote to memory of 5476	4088	BavSvc.exe	111
PID 904 wrote to memory of 5808	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	112
PID 904 wrote to memory of 5808	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	112
PID 904 wrote to memory of 5808	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	112
PID 4088 wrote to memory of 5988	4088	BavSvc.exe	113
PID 4088 wrote to memory of 5988	4088	BavSvc.exe	113
PID 904 wrote to memory of 5512	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	118
PID 904 wrote to memory of 5512	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	118
PID 904 wrote to memory of 5512	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	118
PID 5820 wrote to memory of 3876	5820	BavTray.exe	120
PID 5820 wrote to memory of 3876	5820	BavTray.exe	120
PID 5820 wrote to memory of 3876	5820	BavTray.exe	120
PID 5820 wrote to memory of 116	5820	BavTray.exe	122
PID 5820 wrote to memory of 116	5820	BavTray.exe	122
PID 5820 wrote to memory of 116	5820	BavTray.exe	122
PID 904 wrote to memory of 5500	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	123
PID 904 wrote to memory of 5500	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	123
PID 904 wrote to memory of 5500	904	32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe	123
PID 4088 wrote to memory of 2068	4088	BavSvc.exe	129
PID 4088 wrote to memory of 2068	4088	BavSvc.exe	129
PID 4088 wrote to memory of 2068	4088	BavSvc.exe	129

C:\Users\Admin\AppData\Local\Temp\32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /Delete /TN "Baidu Antivirus Delay Reinstall" /F
  2⤵
  PID:2204
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /Delete /TN "Baidu Antivirus Update" /F
  2⤵
  PID:5192
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /CREATE /RU SYSTEM /TN "Baidu Antivirus Update" /SC DAILY /ST 18:00:00 /TR "\"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe\" -tasksch"
  2⤵
  - Creates scheduled task(s)
  PID:4120
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Windows\system32\regsvr32.exe
    /s "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll"
    3⤵
    - Loads dropped DLL
    - Modifies system executable filetype association
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Modifies registry class
    PID:2588
- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavupdater.exe
  "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavupdater.exe" -no_ui
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5808
- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
  "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" Tray_Start_From_Install_MiniAutoNew
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5820
- - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CheckNetwork.exe
    "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CheckNetwork.exe" updatalist
    3⤵
    - Executes dropped EXE
    - Checks for any installed AV software in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:3876
- - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\ReportCommRetry.exe
    "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\ReportCommRetry.exe"
    3⤵
    - Executes dropped EXE
    - Checks for any installed AV software in registry
    - Drops file in Program Files directory
    PID:116
- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCheckOpponent.exe
  "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCheckOpponent.exe "1
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5512
- C:\Windows\SysWOW64\cscript.exe
  cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
  2⤵
  - Checks for any installed AV software in registry
  PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1324 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5344

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks for any installed AV software in registry
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CheckNetwork.exe
  "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CheckNetwork.exe" updatalist
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Modifies data under HKEY_USERS
  - Suspicious use of AdjustPrivilegeToken
  PID:5476
- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
  "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe"
  2⤵
  - Sets service image path in registry
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: LoadsDriver
  - Suspicious use of AdjustPrivilegeToken
  PID:5988
- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe
  "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe" -tools_update_query
  2⤵
  - Executes dropped EXE
  - Checks for any installed AV software in registry
  - Drops file in Program Files directory
  PID:2068

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe"
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4692

C:\Windows\system32\CScript.exe
C:\Windows\system32\CScript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
1⤵
- Checks for any installed AV software in registry
- Modifies data under HKEY_USERS
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll

Filesize
296KB

MD5
f4f8271c7bfe2f3593d6fdfaa7a22714

SHA1
37b093e62b92d9c2e6fc8a4a023246edf78abae8

SHA256
76a3528a1791d923fc1043d39c98dbeb201e7d094a0b5ad97c4aa816bc7d4441

SHA512
e4b0b2d3faca433675002e9ff360aebe5c50ed69271aa482bc03cac54c4efbea5783f6fe4f20e11c7ec0dfef0ff5c6510e9744b93a9f4e793c9b31df926ac46b

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHFramework.dll

Filesize
536KB

MD5
eddc461980fa8b62f85e1a8210fb1b28

SHA1
2d2ac4d1c10d40a40f685c9e8bbf2ae4952240e3

SHA256
fb5ca9691179583930902cb03120d3645e6174856dc0961fa2975fc4c4124419

SHA512
c184385fcde2da555b014b5219ad585cf2063551a497d9f3311eb6e15fdf0dabaa7fac246e7b2dc8a175f30103c4d27a5dc2bb7bb89b6f964dfe8561014147c4

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsConfig.ini

Filesize
538B

MD5
0859b1f3f34afc50b7f301303bc3ebba

SHA1
77700209e13d79dc888f01dd7f0bae85d3ff9adc

SHA256
deffe4c6348d05116903cc0575ed35997a6cde4b9303bdf00f0b81eb9778b9a7

SHA512
ee49f0f9dbca67998212b218a78bb570dbe92f14aabf2d09ae36dbddf55144cc731aa46b5a022f48e4d5b4938f3d3d849a36017c6abd3edb4e1167504522246b

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe

Filesize
418KB

MD5
e6dc2c5a965e9dc4e6694e9ae5681f06

SHA1
d1b98f14384c7a0f1500eb790962bd38057ea897

SHA256
b8d80ce9af4c8ad22fb3714ad80506c617c244fcbc1126a008998cdf7bea7069

SHA512
543090cf0b558482b965af25b79c2b2610bf9b90cc7516ef9d2d3f31be7ebf0d505fd740712e3c7c4d60919e1444948f66773e4b8807ed167ad972a81f91251a

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe

Filesize
1.5MB

MD5
b9f020d7bc6a2cda4c539a8871eaa8d3

SHA1
b96e9b569693682554779830b67cb643b612a8d8

SHA256
95c4620c7d2685f5b0b9116e4de8c5d4121318a029937ad9546a5a4e20c09ec3

SHA512
7f69cd53423ee8e6cf7aba75197ebfaf1e9e02a616e26f1d1b72ee6af6ad113228bd33d2b0c04f99d102fdd6ded59c455f3f2f4d640eb1995b5508595a296b38

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBh.dll

Filesize
300KB

MD5
e353bf6dc53f74b8d0625a6378e1dbd5

SHA1
0fc8276623d1f4f12125675679d88b7eccd46c46

SHA256
74612ba57781bee237be103aa1ca1ed79b6b76d9625440498cc84a77a283b8e6

SHA512
5855fc398c72721c35dc3502e265b944850f38239c1609dbf1cc061b132a033614127bfa6e48756bcb878e049b94da1d8569527a460ed8fe743ea22b573407c2

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll

Filesize
142KB

MD5
b3ce61a547d4a5cff44df7985da3b935

SHA1
61f9e41b7aeaed8784afec5a3007e63237def469

SHA256
cbdd255f2d74a79688627c9c074e50dc470ec37e7a6de6eb7e0f74b200807e71

SHA512
e83e3664c37c12f66f17c1f85e295e6d99cf23684a8e4f3e79ff3dea4a910d013d52b690d26bf49af10f0c6be1cd62eec6c6976c4fe298ad9d9bcda5784f691b

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCns.dll

Filesize
480KB

MD5
66e4d9d84dada62dadc23efe379c6e15

SHA1
0ce259c48207fe0dfebc972381703c6d788b11a7

SHA256
e60d4569e096195b686178b517c4df31af9b8b1a026f9cbab58a7cec55b3e35b

SHA512
e75efa2ae1e7beee02a7636080568075cb5b043b3ac740a28aa0fb86f3fefe0e4ad9c6a1f99cd62f6db00b6d9ba4b2fc8bcac891473b8448086d9285a184aca6

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCommon.dll

Filesize
382KB

MD5
dc32a6b131a654ac845e9c7ea4b0e78d

SHA1
0ae357d1ad0eb6bb52ac5e5777e47f23ac1b20f8

SHA256
e9748a315d45abdc83d8577252168c69ae9ae3319f7157b2f8653b35baeb50aa

SHA512
38db809c0b22c18fe7e36c7378e193bbf2ee828e8bddebce21263fa0853525d35d6a418d1916405009e5f9f67002b7e2e4be6be1ff2e7cc46a5681d6471fb141

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDllFilter.dll

Filesize
323KB

MD5
466ed89b51b5d9387c22e1b55833b257

SHA1
fe8b3d1a666f0051eea3ee6d8525d639af0bdc50

SHA256
7dac6f4987a69af3a151921bdf812bbef089ebd29cd0406fae4e18357125a303

SHA512
ad5ba1a452cde0b078e9da9aa01953c7758c00a452f43c862624df8b6e67c8f87d413b77d1f1e044c81ab322587416b14361d0aa588d2744220d01e9342ce1c9

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll

Filesize
76KB

MD5
af4935631a24b18ee49891478f719082

SHA1
eaa3dd4fbb1715ece3d39c79db80b556892f2914

SHA256
43a9c578e91a6e7c0b7a4cc66544fdf21b21e1569cba497ac0ef68d0bd127240

SHA512
f527a7a4e1afb2750f3f571084abf8edeeff0fec4c28f4471648427fa987f8267b22ac8de0efaffb2919e2d41cd09610c06b69c38a06e0231bf98a3861b3c882

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavPe.dll

Filesize
82KB

MD5
eda07bc67c24414e936952d783c48afb

SHA1
39b8d101e20e1e8d79b90701f00c6467a7aeefb1

SHA256
e4bd63f8b1956e632c496360544198045868172741377a2f4d4e1f993ac32f15

SHA512
561ae41441810128a96afc78d2690d2a92f289cf39ea919af0decc7f3e660aca1a0dafce2868fc022c1ea1ee42d0e00896adacf0a14fb7a066c7cfdbaf639564

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll

Filesize
150KB

MD5
cdbd9a2e03a68204eec9e4ae462c9571

SHA1
21dc6e2533f41c8d2660649bf1d7b39d7d930315

SHA256
138c7a455dbd673daafe25b74fdc85ed8fa907261fb90916d5af67ce740b2da7

SHA512
73d111b9938f1f17a545262a838dccc8cd6506f00e6afdcd6effae0d5941043a2682ec5fa0ee25889511ca09bf4e512469d3053d0ee78123ad77f268e65904d7

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll

Filesize
300KB

MD5
e7ccc467dc703a1656fe622501d1e38b

SHA1
69f4597d3c70d02e32b63b013db16ed9a8a1eb5b

SHA256
9c283099ca379054bacbaacc47a774c6a216e5e8266588ee8c6733129a61994e

SHA512
321e4afc8136ccfdbc450bd6225e1f1abbb490cc113ddbf54001ff5a3bef357b25c4a40717462e2fee0b67181507c9c7231eee6cc8e2df8f4dfd67729052c887

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe

Filesize
2.2MB

MD5
75bcc2644d08ca4eed4572d895b86bba

SHA1
47292108e758d719cc5f7427809b698195ef2889

SHA256
1608d15e76436d13eecbfee1d1ee8b2565a0d0a76c7b49b4b3eb9d01af389ae1

SHA512
74d57609be9188c3fd15efa61c86d06977a06edd966c225033a71d74090266b4b001e89f67159b34267ab72d78aa5c556956a26beea548e2817731eafce9f3f8

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll

Filesize
1.5MB

MD5
a67b8903b5e7dc953467d57109612db1

SHA1
cf97ccdd0e334d1fc547a4f45dc9711eceb59220

SHA256
d92b6a7acb5ac43b481874ff28459768e7ffef46d28f013f071e3278515e64ea

SHA512
ef3486792ae70d1710a33b655baea84ac3187fb899cb46fe3659a3de40a5367ef45230ddda86a6fe6ff6d17ed413163bd9955cd73325029ec2b33475a6b91d28

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe

Filesize
3.0MB

MD5
52ca63fd7b511d5db10967bf57b8c248

SHA1
b5bb6ab66953599f8b8a29f502ca3536e5cacaf3

SHA256
39cf26427c4574660baf8782c233f97380f1fef1fdc283789d80220c4053a5d1

SHA512
97372ed51c68c95504f6922ed0a3300ccb8ba5d578e551a8e922109f612d556da941d7af9636422c90623ae4789dd4e373d467388c26e9073b0b138b47bd23d2

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bdark.sys

Filesize
79KB

MD5
ccf804a13da00309a22360d4847eadc9

SHA1
b4171b54a2ff000737d31b85f1af635715f9dcd7

SHA256
32c0830f0e2394e2072d31d9192537cb9f49b4017def5b6f2eabdf59adad69d9

SHA512
b5129531ed7ea878fd77c65368351dd9df3ac2cf2c5473a066073938e956fb530cf7e29b0fc93ee477ede5ca900c0ea5994abb386972c6ab8e870a55514705bc

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bdark64.sys

Filesize
75KB

MD5
d49a098f0f46542ff68769b485d8af8e

SHA1
ccef5329d5eecfd536bca955c2210f751e04cdb4

SHA256
c7c148d26d72a311745d82f653a2a3f339e7dc0fd22733c9408edc315566f418

SHA512
04d2b7f5aa3b6b0e16e5092d74f93d9b10f63b2b3cd1c36dbd529a5243619bb99b2dfc389bbaeb058dde83bb7e7581cc20ba64d8c8a0288dc0d03a8b6b72f934

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll

Filesize
247KB

MD5
5bb529b7712ed318c699032658c6ede0

SHA1
4bd4a54169881fed363bb93b5b8bacfc99679109

SHA256
b976c1987651b80ef2267f0ae5fe68c8fdd000f1f5a925acf4ef947bd01c4a15

SHA512
d2814ea32b1468aa3665f721caee9c9826321e23c415b12218dcbbaa5da79aa5c9192c79e200913cc71edd49b4d1e6a0b0fd32e05ef4aee8e85ffb96779a9cca

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CrashReport.exe

Filesize
716KB

MD5
224e6539e81ec01973dba15c7c5cb2eb

SHA1
60e7c5971891a5e21deea63b0c842f70e7748db2

SHA256
e1659d0d6e4bc79529163dd0ae3c56cc21e64e0c99ef6cdee802d276f0fd4282

SHA512
0e2699e6f950c2d01fc438324f3002d466b7146f51936b721c555d22fc4cc4776ba71925e08bcd2898d862cb1c91232fa8d1522287c9e153b8985a69f483221d

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CrashUL.exe

Filesize
304KB

MD5
353982cc4cb32849f7f8625c21c40e68

SHA1
84e56b109e4eb126ff846403e61008000719178b

SHA256
f364966c7c90797e886bd80de13437fa0c8213cdcacf9a9cc3c7b48f8ec0cde3

SHA512
156a5f71a0e52fa1ecaafec0fabf4a519835cf7a0d87f678ff3e862c99f957eaa08d366149736b59ed33daafc745dfb192e97f90cf300f08fe68794a1770e3db

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll

Filesize
2.1MB

MD5
6e44a62bc8511591664e7c4e04b973a9

SHA1
33b6c29a22b7dbfddf90598f39b50d6831f908a0

SHA256
b7db1e3fecbf6a0b8e93628ee9407a933cc3f4000c3d1a1345b7001ded1beeb5

SHA512
197eaabfaba016b30ee94f2399da70d50cead44ba0cbb140bc272a19a02b859433d8c37b147fea8460744b5f106e5083a5aa6b2b8d69dc53f9515cde7b92e12f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll

Filesize
129KB

MD5
a6785e45ade3ed0ab718676a52ed6093

SHA1
c3e9d8dcd1490973a9d9a9a0dc597d1bc11c7a20

SHA256
380cc27e7df35694e4e384f996d27250c2521f510de8a6d6d64f04d42dcae42f

SHA512
69f45c0e5523c3bfe1745d97e9aaed26c5f12b3f6010699e7441096b18a2dca6408cb6224ec1e1f674025ee48de55420212579fd51b21d9d6a8d4303f3bfcc37

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Dump\BugReportConfig.ini

Filesize
171B

MD5
2a8880c42c0419d8de508d1c3165ba63

SHA1
e896860b559dde8f3d4554d2c8af66364b2cd4a7

SHA256
d6e1480218618e88cf0ed630c76cc27ce6267e945e5769a4e375205c7c46dd5c

SHA512
13f4e09d6a636718771230a49eb79b4ee1254ae6a27829f35b6f176a7844e4996aef4c79a6dfa42f32f95752fcf292d0253b95ab2771a686302321ceb459f924

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsDR.dll

Filesize
409KB

MD5
a9cd3815625d85cc0899dff8f524f505

SHA1
f3135a55632ef697f0339ab68ca93ff2f3cf5a90

SHA256
c475bb1cf52589924ca8a0e1b028acfe9f01caf951430755fef2442b86930575

SHA512
d80b2ab1c5f77dc455d4abc8482ab1eaf159ba7721f7f0332325ac77e5f8eaf87fb803e95cfd56305ae439657467ceac555c3cd2aca955acd474a9d14d056afb

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsLogger.dll

Filesize
46KB

MD5
096acbb1974981d0a8038bdb4c666460

SHA1
e55aa742c899a1eaa6e210bcc1957ef15e9153de

SHA256
221fe86baec22695f0a8b8d82a9e82d2c07fd3f7f1bc882596df17c13c891a30

SHA512
7ee77e29c8a2d56258c34dbb2480348c06eaf4aaa485bceac9b7be41fb1aba01efa6d58eb1761707fd8a1c9e4b961ac9e3a624cf8d06a0e0c2cc79ba4c085ee7

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\ReportComm.dll

Filesize
402KB

MD5
6328da85f3f33991b21e201c99c4c099

SHA1
62f0b10416b2f4575d83cb545b1668f587522c0a

SHA256
8e00be876ac9a1a62de86528489f7c1de95f3e6aaeab2372931cf31067c73c9b

SHA512
5297090776df1999094b137d0f528e7deadfb6fb9ee924d4f396f528e89b0c80a9fcc59eba28470e39cc10d31f0dea0a425b92b1b8a7822bab78739c728fbc42

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\09F68E66-0B2F-47f7-83AF-77569A4A63C1\detail.xml

Filesize
1KB

MD5
7ba1acce824310d20e8232b662281ccc

SHA1
466cb4f42d222db8c9adbf0c84d7edf575432de7

SHA256
d32e92c4df97e00a94d93a80eaa9e3a69e08f35e522fee28c227da0610294c00

SHA512
19ad642fbb7faa3dfe328e0220e11126b6b05a0335db946d4705c3d3dbd53f732b38095d932667d05c62fb931d80519462a083bb431ab55073962d2dadc39e53

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\detail.xml

Filesize
2KB

MD5
f504a8afe9342420da28ca08607b7aa4

SHA1
9ff71ef9b2b72a3a6d183e58d84e9e1a65945b70

SHA256
1cce07e9b3f0abe8917b428389985771cca50a63558457aaae84b60302236f1c

SHA512
c200efee0685bacac6f6ad62e7b1eb3b636d5923614cfe8b8fbaa5b84f1174b9786ecade335640d369ae4a69702c79be1bda49c8517bff4724c9ccdc6e90da31

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\gray_icon.png

Filesize
1KB

MD5
b0eac47e32ae6fec0cb96fa51ac6ecba

SHA1
d4768682fff48a6a2c49dad7c4a693beeae4e445

SHA256
65afcc40bf3d1e4ce4017957b690657c0c7c5b4718b2f101cfc9a973b9512f85

SHA512
2895f7bc56479ffe2e65f8961f81d042f3252a8f63a5304f1e75b17a06e5b3d5e1d60a4b35ece9da53dccbf25b5121d51730c5f19ce7dba075ee3e4f4a8bb811

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\icon.png

Filesize
1KB

MD5
335e560d17c2b13113837b8908310060

SHA1
da0a97b1565c4823ee8eb0a156b32a21d8e4528c

SHA256
f3e0e0c9d87b4e6bc84f6272e75e76970f8036cac7bbc035adb513100ff27d5d

SHA512
b340ee8c703775b393cfb8327e533590110c093ce6a6f5680af70f85f7978d84f0375b51465a2cc9fad4ee10938250e69f21aa87959726729b8b5a48a3469354

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\3811A2B3-20AF-486d-81FA-8774762CC135\detail.xml

Filesize
1KB

MD5
dab6649b62c220c76fd65463e3cf4936

SHA1
fb5fac2a8f46911e17020a2f309cb1452939ad64

SHA256
9273ec23e29805fbda3ea9fc673229d83ca01d16eb614cffc99a464fbc0db672

SHA512
10221f678c86c8c8fc4d7c4f6403a1c3049facf6a1e9e14ad78e37f0b73551ea0ec258000d45d8263dd63b595411972c6130393e47760b67ec7758c2592dae15

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\5DB281C3-B655-656A-01B6-E302199E376A\detail.xml

Filesize
2KB

MD5
1ee4df07bab07819a97bb85058f573fe

SHA1
2f8f941d19bf656b6ff386321dc5016afdcf3464

SHA256
46222786c13f5b136bd16f477c137d20c18f26456c50fa6b9ff28a092cbd8776

SHA512
8e64d6023d5f2ce76b6c907e09303c1bcc853ccfbb744c720e159c45c2c338b824aa94915bac95034d0e3b9d3e872239d2726d3dece750caa40838cf231fa394

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\6BA17A92-4345-49c0-A228-A57C2E779055\detail.xml

Filesize
2KB

MD5
38d389878c8230e2342388d46b17ed42

SHA1
0a052216ed7c466a5bd574fda06c37112c903802

SHA256
72e5aab3da7d69b31ca67ccb107e7be97cf1247d7f624c8fc2c393a008e653c1

SHA512
3891d23711fff5b069dcdc9157ae4ee91f4bc8738a7399a51d1efccbcf207db503c517e1cd42d892a0e92110e13a6d6012b18ef5c569ffde4d1fb24e05cc9032

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\7B49036D-8FC2-4AA8-89A5-0B8B0519E8EE\detail.xml

Filesize
1KB

MD5
7b072b8fe9eb79370ee6c7bad78f0cda

SHA1
5b988839c50a87d7ab965bd302e6c91d76d9544e

SHA256
f5a0b50c32562924e31b517833f1cbb9c159401c7dd77c600802d87e0b333ff1

SHA512
f5cb166d9ab146e8259af7caae58fd10b5107ec9c86e669363c0d0a510d7af5f150db4b709c1bea2dc573b48edbca36b6afca186a510c022ae482fc2fd540435

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\8A73A249-C3BE-401A-8335-A832080931D3\detail.xml

Filesize
2KB

MD5
4cf80346b6cd43d657c9cade8f04050e

SHA1
e25ee237edf9ef7d709e476293eab3eb48499aa0

SHA256
9e740ccb8721678acd9c33f22e28b0bccbffd1afe064b917cb908c54ad50c16c

SHA512
ebf7ebfb047dd8436cd4cbc74dfb8324181faae4e807ba29b0a5ec53b14a9d50b451bebe9498d1b7f154475337e591414418165551fccb4ebbde26759f34fb17

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\BavToolsInfo.xml

Filesize
15KB

MD5
e17f18c2976d76d83f8f88cf86f33c34

SHA1
11e7eb531268b7b7c8604d8567989d53e4439d8f

SHA256
32f27ada6271d6cdb957b05f3cc03cfc272a1cb9ff845850ba76325d57e0ea31

SHA512
cd31f3cdd108777c8e8d18ab0c98923f8f7d42c54ff6cd7af7fbaaa76a41bd047cda53c91b2b98934edaf40de7b64a99953478bfe1c8a1a6cc31a8bf1d31e0e5

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\DEF8DB04-2D26-469A-8D59-5D813E89773D\detail.xml

Filesize
2KB

MD5
ea449744b23178af0730785d959dbdab

SHA1
7b47eafaf0b14ee576f1c419e3fe82e359a07f2d

SHA256
71d999b8091cc8460e456ba3b77da9d59d872b8a36093b5b2e0b264d62cf3c86

SHA512
924bdcde9db09ce52d2e2055fbaa52451477cdadb7900b87e077c168dd9e8026ac628d4faffbc7d5a15f3759398b69ce0882b51159f08896df59fde3eb8a730f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools\E839B20B-DE0B-461d-A3CD-769DFA88F488\detail.xml

Filesize
1KB

MD5
cd9511be6eea2769d3d38e26466cbcf6

SHA1
7f1a6329df679ee3f98400be48bdf86bf074937f

SHA256
c714847c39381011b51806c253fcd2d13e50523a9b4327443b436e1e39ee50f8

SHA512
b98bf05d256fd63af5c5165780570a05a2b9b2424cc3f9a2eb9a54f7e65fe81f93a9dfc022eb4d3fb29b35c77ed8c1c90e5e2f6daae8adbdab3107ba0c9dbc3f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavconfig\SandboxEnv.xml

Filesize
7KB

MD5
ddc53e100c8d18d67c0c08e6b04152af

SHA1
b2eab0ef7c66da30311492be175735ef9824d855

SHA256
68ba313fe7333e0fbcb8e48b6e4d7b9316ef678e9487fd7da8f83176701f687e

SHA512
a37e1e25b4b39ac4dea2d5ff149c54bfe8e6363b31be2846dd1d07b5104559b86f13bb6e39db2c06aed1f021435ac5073aede301dca3b506332cd13853646d34

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
15KB

MD5
087c86a9975d4c2ede4c0ace77342ac9

SHA1
36f54e764d847f6e7840e0e3061945d881b9016b

SHA256
30dcd8bcd53f5b78551ef63a63d6356aa14096a519770d70eb5e4814fee45d2d

SHA512
da669988c7669b210f6dc83badbd4465eff4d1f4ee8a87c4ed057b33c00a06f4ead05bcc35c8d4892dbd8f83e40db9306b84c3b3c5b22542dea534eeeae90840

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
15KB

MD5
874010f00ea11d12fad09eac8c5cb43c

SHA1
40751895f28361fba9c3523109fc4e3e829c6a59

SHA256
0abfa77cb88ffbdb17dbbfb3f2555f316facb96d964cf8a8ac99a5cbcefee999

SHA512
dc1137b0f72ea7c4f82a4424c4043fccfc506f81e735e87a9ad7f19e2e8b10886c111cae7e10e805d7c441f32b0753fd24c3d95d3ea52e36b86faa8760cc8a36

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
15KB

MD5
10205863a35b0d46a0bae8b1c56f2750

SHA1
85c775995e43c1b198b3a418e2170a4751e78569

SHA256
dfa0e6a2b54daa90b840739c2a11c95135d5a01413e143fb8d48dfee0e6f66f9

SHA512
e828e769c0d1930aabdec1ec96a2a8dc6db635b30f3f5f48821cca9d08fcc2972452fbbc22fe4f2ae48fe88c8136f7ee30a5eb7a08d64f1b2a275dd804b0a036

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
15KB

MD5
d97b986ad4c9f64e1294cb6e198df204

SHA1
b0026e76a77d728bdc07f815ce64d69654821c55

SHA256
471c0f9f9248d45449d5e96805647d35483023217385e9d655db3be060eba523

SHA512
a32804b83206d210d2035103c8adec15d92542ad7e70c2aed6b93f590307a14367914a0787bbabb761b40aad96c9b4d46ea57f26c238949efe8e752375964801

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
15KB

MD5
dd1497dcc9e7a8929bb57d1fe3fdfff2

SHA1
368ac2e1addae63330a1a54c4faa012230b622d2

SHA256
6d9dc772db7fa3528669a6c68aedc1a50290705055a2c93b6496902f10958465

SHA512
5f120e3421d50f72dbaecec34a7ec2833e57829fa33526e499c4336e99688c386cdf1a5346a9508ac0c735cf6454fdef4c70c54cbc70ba4ca21cc08bf7af7d22

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
15KB

MD5
6b182d8354118b9230731d8ec07d23bc

SHA1
5e47d6066dc12457eeb6e895f57b2bd5087c0837

SHA256
0adf6a7a84b264a1217327444dc20a80a6e68d75382bbfbd3ed972f179952429

SHA512
60a44818a1f9ccc63c1dfaa6216459503e84031eab517f5d5001e9a47c63450074a6c52b0f24fbc3ff46af2c41c48973ecee5e09f00a9a8ec443aa1a076ee420

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
15KB

MD5
3b00edb1fc6eb89f2facd762c0de7c85

SHA1
e827f5e05f90ff6d24d99085ce030771a56c1163

SHA256
16394748b920e26e30b8bc8bf21ca237384d8751d8a1a0fb2243307e679eecec

SHA512
592d08e488f344fc07806d78c92662e96dd96cd8397bb1e075a97dd433a5fa588cb6818a6affc99ef8fe2109adc78147c73a835da0c085160238360acafa64d9

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
16KB

MD5
1f72d3603c316ea7b6eb1c20b5cddaa2

SHA1
3d433c8771a03387670a2a3c7af3f03e83b1150d

SHA256
286f39f73c563fef4bca7b209bc4b79b214a1e724e10bdad7160f318c644f544

SHA512
105d64834226320c0fc77be683bbb1f343ef3b5ebf0617b21a4c1244332717fe1501d94079721e17c0e3c169e2f5760e2933a8c5382b565807204305c745b706

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
16KB

MD5
c948a58aa451c71b82eec8746a35a607

SHA1
dc439164f6f80681ee9b5794b339929f8671c74e

SHA256
f887a3887db25a875044fa4f8fafc9d97c12bba7c8d6d72f1ad62ef6a32f819d

SHA512
d41a4afa324ad5ebd49a5df49d326ca082d465e3fd1edc2b268179a1fd83f4f99bfeb9fef95356adb4aca30db188b485ebf6e52347bb842da3809d5c5a463da2

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\config.ini

Filesize
16KB

MD5
9462d32fe409a2e5f894cb206f4670bb

SHA1
80c1b6c84d0f75508855fbe5b4d09e3953bc9d7a

SHA256
b359ffbc9bc5dcc77fcb6a92fb62285a4467b254b9aa8d6b19934c9496536e35

SHA512
5f0b95a2ff6b277ebc017ad7ebe10279096028b8faace62d856d9b88ac8e532eb5708d5981c80355e15e9aef173038cc35bc1332504a75accb625ac235786933

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\dark.dll

Filesize
193KB

MD5
4f0b0d1ce25e6c896b9e680fe5afd531

SHA1
5c02a5051f210c28ee3c1f6258a7262224ebc6c1

SHA256
4b704fac4e484d8aa1d44c52945fa7de8a6e716ade7dc7a9aa6f56a5cf8b52a4

SHA512
ce0f25f29094840ae3db9ac20e7d22781e168c2934dab5acf5827389dbeb9f5055ee4ab2d968a618f4eadbfee048f2048aee00574cfcccd7e4aa0edc133e37cf

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\EngineRpt.cfg

Filesize
340B

MD5
43d3b0fc70954ace706655b4af52aef7

SHA1
0235ab685495d12d99a60512b02c891602a619e2

SHA256
1e8da094b23080c341b192e2e9c16510e6b1caae3f553eb832c4891d4e687558

SHA512
86914d26ad64b2468d242fcfffa508afd2aa104a833e6008908208dcfbd5711490c8ad7d18a3aca882cd73ac10402dc6d2f36e48f2d5bac9916e20206a5ebc5d

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\vr.dat

Filesize
3KB

MD5
fcac9f0a3a57675187e1cd603a0afb3e

SHA1
8ce04c76acf468802caf1ae405d5a40c250b6711

SHA256
7774857a684c8532ffcef5e3d6b110600d8a9347e2faa4abbfef834194d1f176

SHA512
32f540186f6affadf5c3be1b8dd91b67fa6e1a2595680fd390e2dc69cdf74150b63692a5fc0b7d84abf15cbb098201f38703800abc0d6abc67a448e69ff2a66c

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\dump\CrashReportConfig.ini

Filesize
892B

MD5
392c58efeef299d6c59a751ce19abc57

SHA1
ee570242150488442e0f137cd6121d08cd7e3ee4

SHA256
f287fdc352072bb1f22a5435983ab20ccf14d99ee3880c373c241acc24bda905

SHA512
dd6442f2cdc9973a503368bdd6d60f3b71f5d8454bbbe85b96b6d1f7455db23b2d1695993958ced8dcb56452f84b20bbe15c525548848dc6a083b6369f4796e2

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\dump\CrashReportModuleConf.ini

Filesize
20KB

MD5
356ac0d8fc12a821e334c08e597e40ea

SHA1
dfbd33628480c23146bfdd9cdecc759fd2d616a0

SHA256
e2fe6d1b4fd403e27b04df2ed12de64130bcdea4377b5158d52089ac52da4552

SHA512
48b4a30b14062a38bc565a230bbf00db70a70db85573eff19dea73df6a395834afaa6a191d7d33cb64e9b93d5d5bd2bf6a247d00d457e4662dfd0f92ed808aa5

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\dynamicskin\Temp\SkinRules.xml

Filesize
6KB

MD5
0733ba722522243210f2555e02325234

SHA1
3cfdfe65a109abc98a0bad0f2693d875f3a3efdd

SHA256
e41c797641092156906d873d211fcb9795d45811ce08402ff3d1891a584bb9ac

SHA512
42919c1df90e2050b808e6154be1a2642c945c20f8ed680d520f217d897091794d65132b181257f1f1b462bbf124fef83037d3f17cf23a44285961ae6f038a3b

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\dynamicskin\list.xml

Filesize
4KB

MD5
30d30ec5b78279ac49eb34c767ea1b06

SHA1
69ac1cc7f69d3a16b66554b5901dce67f95bf6ff

SHA256
4bf66093eb428384d3e4959727340b14ed27ba16baf41e6f46bf9db0a8a60e5e

SHA512
43886129b5757f12af24625b441f16760eaf3004ed7ffc5c52cbbc616acaf9b1c4d91d5c19ac6e940a2904e2cfef19699dfb8d990c59180d8db66fd6a79d2902

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\i18n\1033\investigate\skin\unloadInvestigateTitle.png

Filesize
31KB

MD5
8504d430566fb8e69b21a1a9f84e217f

SHA1
ddfff19951558c219f792cc30e7b393f0585946a

SHA256
3f736181d5955115c681a47dc02ac065ec96770ae1dea802fed90da3306e7dc7

SHA512
bc11f4c59cdf459db86ee3eda121afdd9640c14ed0de874688f8fdfc81e34a55f1b86ce76df5f3394177d1ce3b9fae6ef15cdb89ca1d455c25d8b92545cf0586

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\i18n\1033\investigate\skin\unloadInvestigateTitle_cry.png

Filesize
30KB

MD5
12adf666de5ba589d01471619f58ac9b

SHA1
5f60f03df164771b14f50392a70c00a53a58c605

SHA256
68bd9df30bc128a6d5595cede0ef22a0e654a07e1ef12c35dafb9ee1ce587b87

SHA512
db2831e36acb78e5fd7c6be8884c167c969cee186562d920ac33b3e85b57eead2df99c75a2c4934c91a9435d2e93bd781ae5447197912c0facde5d51bc8f3f7a

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavSvc.log

Filesize
7B

MD5
df4ff23b225143a034a2cb7b9efd9637

SHA1
f19bd3c5b76443e60a99e953932d65ec67f4b317

SHA256
60116575bb1b6772ed22ba93bfa53bef0a772667da1812c1c3fc0a46cd93bc3e

SHA512
75cf82e66a1d41616e69ab2fe6a17e76ecbd7c38b81506e2e56ac0a207a5a819efa1231dd38b77697f3d46d033a711931febd77fa35e3a1c0809e666e0e2a5fb

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\button_close_down.png

Filesize
315B

MD5
248df01535231c4c85d1e3bff81ac5f1

SHA1
e978e8313a822e4a70697ba8a085a0dda1c514c2

SHA256
b0e71c43a72db25d27e3961674311d787e4254fa4c9216bf8eccb19422f49321

SHA512
acd1f8c32c1315811e4b34b16194a213bbc5dbd5409ba7803c6f290bd42158c1af9cba328b7d46b760b5899775488ec89e2c4cd0e32c15ce2b3ec4fdc6843312

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\button_close_normal.png

Filesize
1KB

MD5
6118fd5f25d5cb0a2d2b0fa897861f47

SHA1
4ec72ab73760bfe971fdbed7e3552d1bbd7b5af0

SHA256
8635367eca6e99f04cfa7994c2784d3bc953209e288c9dcf159fdc5f32b3dbb1

SHA512
8a89596c8b80835c2234eab8aefd5dc0348f22b249b2c5c77b859438c3e06e8a0540bb3e4e50c0fe4a7add4228bf53a0d85e704adabc5b5e1a48d12158cc8167

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\button_close_over.png

Filesize
316B

MD5
87cb74f37e061db6e43de55570f5bf20

SHA1
4709b581ac58effb27a138159bd02cb12362bac2

SHA256
d4eefeedd55c1dae9a0a8cdbf984a8202b1b81396408cca70defdee13d0a1ba4

SHA512
3fc490cef34d9daaa0837219a5456b4346aa63e938b254fb80d7b49b834de28eb9ad43baf27d17f6918c66df7db8c8932df2bdd728ed03abdb2cc78241c2a3c6

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\button_min_down.png

Filesize
191B

MD5
251e77a6c4d979ca7cc99497bbfadf5e

SHA1
634355a9ca6c5f6c9a1251fecfcbfb858cde1095

SHA256
d0b79da3fccd8e14dcd2f0cc05a3c077ac710b916a234175258e7df28924b950

SHA512
6c6b2062d9b6e9ca4be77a5aa02324e801aa457986d791757f4d523ecedc9d5673181a16cececfbf924393ea1236c5b1b19dee0c7b14da29e038d6d8bdca741e

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\button_min_normal.png

Filesize
1KB

MD5
1fbdc86be9b7ce3f4ed1c2708cbb3e93

SHA1
09b11b0af78bb9c5bf1ca33bf14647e75d1caa74

SHA256
63f00384344af94e44c2ea9864ea5a7cc6d935e74af67b1094a573f80c3f95b5

SHA512
0f00172151a8ea6e2e51ab663d6e99e9d1b57102ed91d0449018f13b55cdfe28a42e9fcf1fab3c4b67488971541b838555554460e42bb464aa00d4aa37c90dd2

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\button_min_over.png

Filesize
191B

MD5
66100c8b68a173b67ab29a418040ec0c

SHA1
46b14b5cf1930ba5dc593be0af172292abb4fc1f

SHA256
194d877d73c06375bf1d8760120d8899ba1d9f24275d73965c650f81cce8b20e

SHA512
1d423c9e31a99d250c7fe8581124dd2975d4799a358227c6d260edd0a84b6aac33de5b972049ce68f53a0fb0fc6cf82ce969ee46d381f4a5def5b5cdbd25a171

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\orange_btn_down.png

Filesize
1KB

MD5
c86a7e1e7c866b5069d92b21523f0712

SHA1
ae51e443dc52054cddd2062dc0f79520673bb16c

SHA256
b6d376a0932c96e03fe90dc95913dca5f55dba4cbf6e8c7c623adf618b14f6ec

SHA512
d47d9f1d0b7ded2d1c297f319f5618f7e276f9ca1daf7ba1b034bc86bf54c3d18076add8999dfed5458484f66c470ac1fff4d7e897b524bd07af55c3a54c446f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\orange_btn_hover.png

Filesize
1KB

MD5
d04a43c1e6ba7da60ef4e797ba3f3d29

SHA1
7f8375622e034ce958481615c6fa23fdb00af799

SHA256
550bf40f37f883a58906a9ad8e66cfa50dddc70dea81b9fcb972a4321b4a5683

SHA512
d29a00c08206b11be4bd1273f1d2fe9cb4d96084b0481fe89c711cfbecf14b5cffa0ce211a67c1cd5867e3c36f02de2709ccab4adccd6082e5ea1fb902a09888

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\bav_updater\skin\orange_btn_normal.png

Filesize
1KB

MD5
5b7ec731ac1ece7528e576693dbdf017

SHA1
17438c048a106656942670e4fc7ca8168a535115

SHA256
c740ede863ff43392aa6b90e003302f3e42270cff4f4df72e8181a412cd43226

SHA512
5f91f33cf730d21751e5413c9e4f265ac2a26a0c11c4f71ae0485a821081518036d3c48f5574a51988b8726c39978cc17affaae777d9f20431f81e9c7f40f8cf

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\bg\msg_bg_blue_line.png

Filesize
15KB

MD5
5deedae3ed6b323a2c0b8ee4ae67a9d1

SHA1
1d9540086bdca3603b3974c5a31d4e87d97c2b6d

SHA256
a288cef5710c156f86de533b619cc3b0c0cff44f367edb8c48e83ca8a0c8f2c8

SHA512
412e14b66f531d0cd2d00eced10028212d65a47dc104627a7a403553497055db4fcc1d07b475fe1d3933c808d5b7a7dae5276cb11b223ec2cb04899b32028679

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\button\blue_down.png

Filesize
1KB

MD5
1876a7c9dfd1ec8568c467992f79e641

SHA1
9c5c54d4afcf3c3796b16b17c22e66f5cee51c13

SHA256
a73f54c1df3033b19f0b5fc9fdd36af583718f3f997630ab56fa5a0861ef553a

SHA512
85280ecb307997b19d255929897bbce05b149e0b08112aa1f9ea9beffe67575ac1d142ed403ef41d4cecbe54d2cbffa578e280166412537daaa72276442193e2

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\button\blue_hover.png

Filesize
1KB

MD5
2764f80004cbc89b24fabe097d20b54d

SHA1
09150f213bcf803d62145e508ef797a734dcc60c

SHA256
bcb7a5537476aa375df9707ea2822082d18971638f2bf3b7c352e5d7a64a8567

SHA512
40f371120274099b7cfb67b9f3cb19e6fa1cbcf7e2d9a9c09640d18cb6d2b7c373d7969f15fb5920cf3724571bbeecde269b0f64a8bf3ce8b32e0aebdb459ec2

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\button\blue_normal.png

Filesize
1KB

MD5
9d3cffc30b49f37f2bff1a15d6a02dc7

SHA1
c18cdd64b865a517ce468b2973d0dcd445e2ebba

SHA256
f5a274e930528ad43b0e0904936ed0e7d6eee2f53cb7576d6cbb7092250bc086

SHA512
21295a586e5d1c71dd2f7b33371ce1c7d9eca8d66553b4e20b69d5ba04c5023398543c28c0d811feede23a754889f0892560f782b0a371c77f6edeb41078da3f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\button\green_hover.png

Filesize
1KB

MD5
34caf7a04108a72c8742939513de2852

SHA1
7027d0db8713dc50f984e71ab7fda9ebae4180c9

SHA256
a2702634274fde30a9ff225b707c09db2166dedc5e7ed8bb24f89e7b7038c204

SHA512
ec85e2787b3ea89cd4e0a2da5d2811d2b82896cc52c334e1f7d80071a28a12299edba4afc3b62b95ca382a0f9c4788784721b40c05395cab2b902d903b61adeb

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\button\green_normal.png

Filesize
1KB

MD5
0fd926fa809f31b08dd879164d8a40e3

SHA1
3b92abac5b713c15494a86e9276749cd83fdd9de

SHA256
b170597649e09beedb3d7a3c0ee92bf098dc6fb564ed5c471ce043516991e64c

SHA512
ef46923184891402ff45728fc3712f01058bb5237bbbdda655d1f0643cda3963275e7ff797544994a9bc5380d682ab4268f109cf3f4ee151ab948bba01f44ac0

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\icon\icon_failed.png

Filesize
3KB

MD5
2753dcaf0c1ae123c921b70a36bcac44

SHA1
5d95ddcb9524ef82d53651f91f6c15a0ef22acf2

SHA256
614247d9e7fa3ec05a046af5ce5c28dcc19495ec59f61f4ed748fca314295cb7

SHA512
b998ed50c4c04fd23783d618f9a0f84aa0bca190e58e38e25df60b4227906276fad565d30507ada2497c6697bb8fcaab1ee9165ba59c2d281d4e6e0da78e9213

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\icon\icon_rejected.png

Filesize
1KB

MD5
75a1eb0c26911593afb6cdb3dffc6626

SHA1
409e44a6a0dc70922f27a2fc359d6a55d3321841

SHA256
9ddb8c72f88c6b0ff2d7f75db007563ce894711cc7694c869c64a37023cd0098

SHA512
8fa4964e09fd10c4a42d042e7c023088b1403770d1bfdcbe1b73c4f0853db28c53ace066ca801bab7576597a34bfea5e14514c6156ddf7374ef66daf3c5e32e7

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\common\skin\scrollbar\scroll.bmp

Filesize
36KB

MD5
ee34c13fb6a13239af825eb5f1345fda

SHA1
256f5c3bcb26a9192e51abb58106801b8356384f

SHA256
53050f584b0eb03ecdee9f32b98a5517697382ae9893a279ed90305a77b68c2e

SHA512
301f0fb8fcdd0c883865e7dd1acec6f5abb679a70a2f4557b3c02499bb5194e08582fbaf427017ab0dbec3d894ec10ded4e8250793a00128599c5475b9cdac04

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_Hips\res\skin\bg\bg_safe.bmp

Filesize
15KB

MD5
d96047ea978189d74c9f6d31a12e0b34

SHA1
326b80efb6f102cc8d09f6bac299cbc008ac43d5

SHA256
8414211d9e91bee0a468ba6ef16fce894069b85e1400eed43ad2f91bdfe922a9

SHA512
2c693631a2f4b22879e57c5a74a236098b3d74edb430a368320c16e67dfcefae1c63a4193ab69d51259e78772b749b50bb77cd67b7c42988f1310abdd44d1123

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_Hips\res\skin\bg\bg_scan_menu.bmp

Filesize
41KB

MD5
5ca4abadc62a4864a5e5a55f26f9ead5

SHA1
70a6497f5126810233d8c879aa2fa10858d6db14

SHA256
795eacedf31bd2875804f9e60865b714fb2d8d045b0d4dc3554dcb9b1d3f7c3c

SHA512
8b1dc3941f2cf22957bf79bdeb4ebc367315db3a9fd0c4c0ea40b1c64ecbe7d3c2837735dd9e6fa586bd541d61c186f27537d0d91c39194f22ab8006248633e9

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_Hips\res\skin\bg\bg_warning.bmp

Filesize
15KB

MD5
11c2b8b97d78b03038e215ce29de325c

SHA1
a837747282a4f485ae7d0e3354f2d694ecb283e2

SHA256
db40767a1f913b9a15a4ae278f35114d38c85583765e98edc144460cd4145fe8

SHA512
995306e78e2ceabc51c90167db45561f99e61da4bc5f8377bc9af959fc067a261ecbdb0253316f5fcd3a19be65b7db5b60c1c2015c82163a684b99ff609fc555

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_Hips\res\skin\icon\icon_tip_orange.png

Filesize
3KB

MD5
842c5b4bf880d575455effb0ead23651

SHA1
90f59a56f2553c125a673f49ac4f5fd463231f68

SHA256
f30734e3b306709bcd0e04a7f12c29f28d3b980c24dcd582fcae8d0376511c2f

SHA512
a7823ca0389325c0a17d4aebf0673397844e97478cf2a228203be5610136a9637e42d2cd8582cf82cf3b2b09e72784bd83e0b10fa9b42ac91038a51398d9cc7f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_OA\res\skin\onaccess\lineH.png

Filesize
995B

MD5
c857f77932148ebc78191c4bc082e9d9

SHA1
eac240e8a6fb14dd758e90c58c11157eb8f3a808

SHA256
3f7cc5ddd7bbe220bb2af3ebfdccac76f30d0d2447116a838155fa5514b30505

SHA512
a4f59fedeb9ff0c18f1ce61ca50a5c0882a8afd216f89fcc09667d2688c58cd9094c22df0fc6cdb9777e991bf0a13f4eb8494f3a425599005e8083b480299315

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_OA\res\skin\onaccess\listBg.png

Filesize
1014B

MD5
091cddb1a35ef9993deda5adeb2ffc24

SHA1
b02fb15fd3035ac305931c03fa074172741ac39c

SHA256
062b6e9b88bd704a0c0050e699b4ee92109470b4b31829d8db0364a8bb73544b

SHA512
ffd7e76ee36fc00deb8417838927a29892f8f4310a3186ba7bb81743d676b4c4b6299492767e63cde345963ee4d52e5b5d2f41d210c4196012cee3272e46fec7

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_OA\res\skin\onaccess\listHeadLine.png

Filesize
1KB

MD5
cf44787a4447a277f6a15f380c3bd995

SHA1
f111a1c44741407a849fee82071115319daaa480

SHA256
d257495695f67f26c83ceafb9f31c3fc1f9f8b7113862f7d496087bdf327601a

SHA512
52049c1ee00513d1cff24a3c99861778766fc9889fda69fd25fa3adfc180590778daf0c108caf2a1eb70e937bc5a0a1d3e09e082d3f010fdbb0535f2258a8316

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_OA\res\skin\progress\loading.png

Filesize
1KB

MD5
b3ad4c935d8680c281b45444fc5274b8

SHA1
45897418cd969b0f1b84accfcb4b392c841554c8

SHA256
3a20eb28c558092508b7a29b3f8e59718de867ea4c5b05687948c3abc4f0666a

SHA512
64232456fef78fb098ac060b73e57d18228d96c4539a704d5d98ac084d557d251a3b0c8e7d0fe5a2294f69e634550ba29983122aa203dd1e23d549eb20b6895f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Pop_OA\res\skin\progress\loading_bg.png

Filesize
1KB

MD5
b58a078a7b48b6822a680d0417579e4f

SHA1
3c0e11b4222841458112dab7e3b6276cc19fa41d

SHA256
96cf022b657350cb0afc036d4507546631606459e5d5342acbe6b9dd0b9ee0b5

SHA512
0e7c25459e089114f5a6b74e12a9881b1e031d201fc0c15c72fd8b28102b6cf22fb0f3a1b00c39fe162a82076065f91329ce45e3623f3f3c65b65ca1d014b532

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Quarantine\res\skin\tree_title_bk.png

Filesize
2KB

MD5
55f71639a4afd27fda141b7736fa46d2

SHA1
7fd6ebf1920895ad1e8ee55ae8d68b2a89b98956

SHA256
70397952461fe519ebf790f66a8c68b3d1e29e56fa5d42ed1343365e23052928

SHA512
64c15326a37cad531651064b4ab46f47f6f92c147904fd4210102ec0c1bd7a4c987ea7c1f3a8eeebd7bde6530c2ef5d5d268f4b60a90bada94de7cfd9ab6e421

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_Settings\res\skin\set_tab_bg.png

Filesize
1006B

MD5
b7d1a7ee394a52bd46a359a4e64181a9

SHA1
eca369cb5819bca30e6d61fe42e07e87e5538662

SHA256
863a1f371c5bdb144dc2f8382d046f3b6aa3b1bda76a6b37bb1b707eaaef89e2

SHA512
4048b899860020991c66649218e96cc2efa09391baba4b1767b1941945906ad678247f3a276f71e33f500c02ae8d4b785cdc24888a3475e2c270167f9865a471

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\plugins\Plugin_USBProtect\res\LockList\skin\usblockBlueBg.bmp

Filesize
369KB

MD5
79da2a81f1183ded0de5b24fbec8e0d9

SHA1
d69081c6310c0ba848bef03e07d110b1b8c52a76

SHA256
044c9366ce6e38bf01dcb3ca5ffc6163fb4f2953ea0d50ae7558697ce72781df

SHA512
71984714cd8c32047467a51ed8c8a957ad3436e9be465d4c7410a596e50736531db63e73fd8b5e1bfef088745e877fe1d6a4d369fe0f415dbd253a485f45658f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavtray\skin\menu\menu_icon_feedback.png

Filesize
1KB

MD5
f8a180a030794886a302608f882fac00

SHA1
f77b4b6ceb6e8a61237786469cbe2e74ad79bdff

SHA256
dc6f9d3bef12e17fb22c75cda3dce843ecda41218c5ed60bb4f78164800adade

SHA512
01008f49007ed352d880e7c435900c9bd47ffa64c6a85812ade0742e8c39cf89267d3d38d834d2602e0ef159d9934be378e2f594fabdd9e9857fc18342c9e555

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavtray\skin\menu\menu_icon_feedbackhover.png

Filesize
1KB

MD5
ead3cadda408265e011b7f562959b34a

SHA1
8688b5e774723396d847258cf8ab116b332c20ba

SHA256
da423b26782a3f88c8444501049cd56d25571a9c8e9474f88e99433d50f33465

SHA512
906411f300153fc0908217559ad5ad572e05f642da9edab530d5c836aad5bccb1f4852e39605903759734bfc97d0ef18d9ff16a747bf8643eabd491096bdff24

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavtray\skin\menu\tray_menu_open.png

Filesize
1KB

MD5
e40664e732032f2364e5dfefbc15abc0

SHA1
ca9133d100c9fb287a552cf9033630d02f75b8b5

SHA256
2afe0358b282c2921c1e1960333c8962e13e44b26f40652f74bae4bbc9ff124f

SHA512
b42745086f39d23041e61854d45c4071ad528695a87cd8565e6aa2ff7910085977d1148bb852335e4f5093e5fdea0259a6480c289a6c61c63aaa71262ec3d7e1

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavtray\skin\menu\tray_menu_protect.png

Filesize
1KB

MD5
1ab37acd5a6f15bfb8c59f7dbe5677f0

SHA1
3bb1e8ba3dd25ebcff3f04ca99758f600bd4658c

SHA256
22fc450a637525a4d830f4b40e3e7f7412af703cb030c78c6714e247e1b3409b

SHA512
60fb4b223f70478add44ea0b5d93de962a9775f3f82e4e83801f9890b8f7e1c2cef12c45473c8175f36fa0e93f2300140cb27308d70dfa62082cacd10efdfb1f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavtray\skin\msgbox\icon_blue_tip.png

Filesize
1KB

MD5
3aa502ff1fc7a6bf00ed4874679aff80

SHA1
74916c6057566110e17f5bb0951b3d71067ac15a

SHA256
9e4c500b90bf4e5f8aa9c6dcc714b513b3de7813226021006f995e54920b55e7

SHA512
a942fc55064f38ef811276069f97bd7d8c8180051feeff729347ecbb49d0fbf2455733121dbccd8b49123322818f31cf26d6d66010aaeb2b31c63539f19256ab

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavui_frame\skin\scan\engine\closedown.png

Filesize
1KB

MD5
427b8a3ca1ffc76e06b7e8516107e85e

SHA1
fe0504c32822f4a18a25e00aac7f0eef8b508029

SHA256
59d730df42801cb8c6e8d9cfde535c5b99d55ea0dacb7209d83ec9440f013032

SHA512
ee5c20d39e83dac4cf8aa1b353b2e3381a9576806d56b77473e383f2947fd9e86640b2f9276fc60769eab5da99c71fe9f169c6442e34e30845d7f8aa3e614328

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavui_frame\skin\scan\engine\closenormal.png

Filesize
1KB

MD5
5a49be26724d4c584c2a18356a3dc21a

SHA1
36c1447efff66913439ab3f9fb088c0dc2fb55c9

SHA256
3f77d811c17f3c11055ccf0ec330c76cc18c4debdb4f4368775b2eaaa359a1ed

SHA512
28e42e8fc11c6bcbd3f43199869d43d0ebf1cd99c1c52a3aadbdca56590f0d669b722218aa9d4a7d303c4909eb8e957c6599c9f342d814a73d8e5a053f96cce1

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavui_frame\skin\scan\engine\closeover.png

Filesize
1KB

MD5
41da989667b82d625d65bfda3f404100

SHA1
5693eca41c0803150829876c3a79ddc76d2622e4

SHA256
93ec44e1fd752206f52014ffcb962915f84f2d398e448fe630adf95b0f1ea467

SHA512
a1e2361aab65f9544ac24355ba1fdfad2ffaf9994df2160d23ede6579715421194d4e8c777c724aef3e6bc6e777640252e71f4bda14a4843fdcc78bd9be3f672

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_bavui_frame\skin\scan\icon\icon_normal.png

Filesize
1KB

MD5
2bc1db55ae52872dd85062785ed5236a

SHA1
f66dfe6ec33da836d56cae93788d8f4cd544bb88

SHA256
b7bc814f933937529761ebf21611e7590c7c9a4b6c4bf9118747f55172046db3

SHA512
3fff85410a335e7311b4200fb03c6520653ea43431b306515f0a5b1a4834fe72a94db7c45949dbc229a1b4060fcf190420f436d2eccec5fba2fc0aef9b52d512

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\skin_investigate\skin\checkbox_sel_hot.png

Filesize
3KB

MD5
ac6050ceb791eff24b5a1bc4136eac42

SHA1
eac97abb39d6eaae8c29b17fb7eebf09db893d1e

SHA256
6a082726377d96c8a57ca16dd0682f7f3743ffb3e1af060071864c5f9ab20c98

SHA512
cb09f63dc57a802bc4419e59bf05af742c7972715e3285badee947f0881b7b89afd83c778cf628e95f9282acdb3441c4d8b85dfd8e9712b3008c86d3d01d3224

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\skin\tools\ieprotect\skin\button\green_down.png

Filesize
1KB

MD5
ef57f08fee13d03b9ce0550efe3f083e

SHA1
d97c21f9f752989a5a5a8b668b91c17fa1737ca9

SHA256
1af0887870d5933881cdc462bac1bba4176111a7d72b9c63d1de9cba915406c9

SHA512
030d09e1e96d1d2e890a7614d2ebe0ce97b421213aa8e4ed114e0211926e65501924e9d551f47ac2578536af3f0593d7b5e9217715f0f6e207b175275deacc98

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\unloadOpponent\skin\skin\button\gray_btn_down.png

Filesize
1KB

MD5
e7f649428fc4bbb8a11d7e8c6bc122e5

SHA1
0f2fa93b70f9ffc0f8e6f50e4f538b465570301c

SHA256
a0be9b615951fe4234a640a32e56309aaa36873144e0040f223d2b425a6f8edd

SHA512
e4cc4cd0bcd0372efab052ddb08deee188581b6302c924cf1afebd387a137d9e0e578cd961bb128f7c8b518e3e36aded3526790992f7a276852776f24d025841

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\unloadOpponent\skin\skin\button\red_btn_down.png

Filesize
1KB

MD5
0c219bc1aec566195b060b5e51dddfe3

SHA1
14aff472c6b92a7b650a133145c2e542229e5deb

SHA256
561c5af12f51545d8490543c206cd8f431eb04376c365ca17c76a413d84e479f

SHA512
efdcb5c9246f88bd6f73d49783f707087a224c63637958d8464f6ec283ba40c295ff0e53873af97ba9108591d66289c59e7148acd4da42dc0956054f7a2c0822

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\unloadOpponent\skin\skin\button\red_btn_hover.png

Filesize
1KB

MD5
e3f402ce09a5a7388533acfcb7e01f26

SHA1
38a66e9835595b8f2ae87230cd79e8a89b59dddc

SHA256
0f75dbf7274567251124fef23570caaeb5948da8949b990c329324848dd84c43

SHA512
25c6626ecc54f0a98b74639b52cf32469581bf4e41cc437cd943670a080deeee6cd5dd6a3b5420764dff6566a7ad8e1a82112c67c1ad867949ba20768b91f6fb

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\unloadOpponent\skin\skin\button\red_btn_normal.png

Filesize
1KB

MD5
e8336dbf49298dfe009a8ad023042175

SHA1
2198cccecee59bbe0908b2b5291a59f8c89e52ac

SHA256
144bc25199a134417ed1dc354d053c36c303956532f3c67647671d498a57a1ad

SHA512
f44b764d0d3a155213c3fbdc38e7ab243cc90de3dd3f4454235e752ea61a3f3df572c3647b434995161d20651065cf8fc9aa24b22651f52988e1433f3ad1027f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update_ultimate.ini

Filesize
60B

MD5
9674bfb289a90936c76fc5665e731303

SHA1
25c80780cf941ed30efc8cfd474f5be428332052

SHA256
eeda1f8be63122d4f6069ee833b6861428c64511958fd173547b126e398fbbbe

SHA512
492ea94facdbc91ad5cadc2211cee8cbe5c010ef0a593e05035a127738eb5143577d860aa12f0c147397a7a5bc57543406722731a5538654f85c1b8c7ff54c3f

Download Submit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\version.xml

Filesize
292B

MD5
e6d50c99eb002a4adaad3eb0772af0d4

SHA1
4fd1576356ad13db483227910e201d4818598094

SHA256
b8751a68129d9c1dbadd81e9f3f108930ebfef7668892ce238caa6e2d8f44c87

SHA512
3cc826f00a26ec7b781c7edc7552852c8905ba94ccd7219e94df418bcbcc0dbbc25376b992d5234d62f7a5402f8009dd462f393e34339c331b551d85f4752347

Download Submit
C:\ProgramData\Baidu\Antivirus\66

Filesize
350B

MD5
32e7c4014dac4a2af5a1381d179470fc

SHA1
5937ddf1e335794944bd60b6fb0879ac97985e08

SHA256
232fa6457903578c4ee14d5dfb9e848c3f04c8a5aee92e8d87c52657c564db22

SHA512
fb1fb5ba63b4a1a9d73d561da043e97a614569bd01f76e825fee2b87a26e9af379f0265c9285652c32b6b5255dbbfa05222267ab71b3810ba6607e386e2d7f82

Download Submit
C:\ProgramData\Baidu\Antivirus\71

Filesize
2KB

MD5
6c2baa4686fe7b2759fa8e77aa81fb1e

SHA1
36f1820052e7bc0d578e033ae7ae0ead40a184f8

SHA256
aa375f58f292e142a771b951de3fd1ab1f60b2d7847b2156304b474a438e8d7c

SHA512
c491bf3e9554b1ad804af0a48b04903d5d7988ec1e4a41bf5323caf3a6cf760a92bc9e96299a5307172a0c76466ef37f4d78dfe3096d2b8b0cdb71fa7aac8145

Download Submit
C:\ProgramData\Baidu\Antivirus\71

Filesize
5KB

MD5
b376d5f058a0ca8667013b7c66eeecb0

SHA1
02b1b6f671eb5a836ca448c71dd2f6173f5a4e31

SHA256
f06ba28d797ad09ee333c61f172c5154e19a416ab8886aff66cb43ea703564c4

SHA512
695f5ba1aff4ed177b5a26beaba092ad114d936b2d2e982bdc30d48350c6ef95b0dc0b8f433ac27b52d830f987d5ec6b8e2ef50392b6f44ca872913864193d24

Download Submit
C:\ProgramData\Baidu\Antivirus\InstallerR.ini

Filesize
302B

MD5
5b519a6371d57eb0b40c2f971769a260

SHA1
fb3855dc2c174ec3467c2b8a2fdf8d58bdf73451

SHA256
3fdabad96462bd2fcac2c99ba14a5c5d249f06c3119cad80536375afe1ef0d24

SHA512
0b80b318769860572a2fdc2297456bde77a3fd52a53cdf2f0ba36b123204f89126f8912de0da31856f7982cd7619ce71d44fa8ff7e0e99a762ed0a6034d46e1b

Download Submit
C:\ProgramData\Baidu\Antivirus\InstallerRF

Filesize
4.6MB

MD5
e88ff6cc917aa2447a21b98c0c9c7984

SHA1
6bec8bf839a1e01a2317b6f15cd6b3a644fd2d56

SHA256
5fc659aebd54696cc3ace5895ac6ebeff986b98524abd56074cf653e796caef2

SHA512
1f1365fccce373f53bb914ba5445aaaf2c02b27650a17c75aad5de91c71998c07a7a4a462831e1967e6956831bcc33a98665f7e8eedb4980295afa8fade2f2c1

Download Submit
C:\ProgramData\Baidu\Antivirus\config.ini

Filesize
96B

MD5
d8c16e8e83fc27b59fd953cfaedfb157

SHA1
4db96739ccb64af26736aee281f542768f2478d3

SHA256
bbd8fb504b2d78cbd923df7c6a17d6782d18d30944c79825d6bdb2ae78e73b7b

SHA512
12c4f245b44b59aa79d2f7899dba1fd2a545252706f72d5b91b6889dc4238d4787c6ae156c1972fc9d2f3cb341a876e048cfdb39900bac50b5443608420ab622

Download Submit
C:\ProgramData\Baidu\Antivirus\progress.dat

Filesize
19B

MD5
254dac4e780644ecc1509319a928bccf

SHA1
e711bc3610e8db215ac44b391bb9a95ecfd2c5a0

SHA256
4d7086997420780e620df5df5bef8750fe440d5d0b52d9a2b24620adb00ad094

SHA512
292451dddafea65a286abc182bcffc5b4a8145aac638355d24f951d5264790d16bbd2965d28550c339edb84603c8b732688eda281851dbff907d1355df5da654

Download Submit
C:\ProgramData\Baidu\Antivirus\uurm.dat

Filesize
124B

MD5
442a0ada65ed9dab323b9c48bd5180ed

SHA1
46485dd4f511a3f998e6f91726d01404afa3ad05

SHA256
224e162ef5d5815af3bc20df8e39b9b7729b6ad3c34c03a5a25be9cc73572da0

SHA512
afec10d8fa619fbfc5a54292aa63385d156a2bc4d5a828c20ce534f2464586cbae084f41f17e2efd5b90ee30b90f9760a0a07f1e66c396dd86c4429957b6a942

Download Submit
C:\ProgramData\Baidu\Antivirus\uurm.dat

Filesize
212B

MD5
5ba35cebc5c9ac88811716cc31b0cc98

SHA1
162e369d6333e5e0689e0200b72407d74a65ddde

SHA256
49d1d0f630806c4f14ccc791d1e139caaf4ec017125599f148972e19a6585f0e

SHA512
b55b26c4961f14460c668cfac944081752900b9adb9c6daee0a0e6cbddcae6fdd40eeaa82df65cc8801b5aa99e548d024857e12d33df1d501c09fe8ce81fa5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\Common.7z

Filesize
1.1MB

MD5
25fb51ad2a91e550758c4237e15ea51c

SHA1
79e8672cffa2c10835374c6d56b1d5ea615defbb

SHA256
2290eabbfbb180027bd62615b76290ee6e603bdf121cf53edb23e69d0d5f7465

SHA512
23ac9a88d9a8a0848da9a3ccb1e382570aec546f38813943bc64f294a246d90cb79732aa6cc58c980af8269687979b2084ea08fd04779ce77e71132cb478c6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\InstTool.7z

Filesize
588KB

MD5
62df4d41309565c06eacc72b0f2e5e45

SHA1
70f0ec526129f5d5ec81ebb1de5d8bad58bc9b51

SHA256
d2407ed6756b31963c67e491fa5074873ddcc59f4581b34339c31fae1736638b

SHA512
610f184b8432d7f2a48e560be6aed41e175e36985d575857defd58988bd9e308ddf0a6e7ecf6e8cd6c38ead13c49b33c57debe3c3516b5beac1af9316be3f8ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\InstallUtility.dll

Filesize
1.0MB

MD5
6112257babfd780d815e8448d9d30395

SHA1
32ac068f0a885410baddaad5782be6bdd242182a

SHA256
83059ba16b860d154ee27361e9b9b6ea090aeaf1f48f3c5b1303c750d7ae05ae

SHA512
3f570338d3a18334711b9bfb47994e24042d2c732e8c71221ff06c3482c656e805d2ebb96047b7120cd14885b409fa24ddce68d9dcbfcc57775561e64d596b8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav.7z

Filesize
18.8MB

MD5
150ed78426ddaee9679999613b611218

SHA1
2f6900eb010271dc1604b92602c425076f8756df

SHA256
e6433b965721137c7ca7b669b08b2911d0c8c3b9141e14962ab6b73aa77e95f2

SHA512
9785d6144ebb13111b9bbacbcec2d281c2156ddeb7c5c5cd0734e29efbbd3f23c845baf5b6229f18fb0336403a9ff42e1048476b371094012c4f7bfabeee25a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\bavadvtools\5DB281C3-B655-656A-01B6-E302199E376A\gray_icon.png

Filesize
1KB

MD5
61c83c62c27d04d446d5d3ef52a34348

SHA1
4fb8329d8fca32b4e8fbe6734b8ca4ab5d47c779

SHA256
9c2e091f778fe720b51b9a2f88bc79619a2a44fd1e4c09fca1c34d873e863692

SHA512
2b679b5d43465f458caf9110ed043fdbbb229e01db2c515cd50b96d45ce3aa17dc58ff9394d36995427337bc1a872cabc382931c4e21bc8df9c70e6271df75e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\bavadvtools\5DB281C3-B655-656A-01B6-E302199E376A\gray_icon2.png

Filesize
1KB

MD5
dbffae94c9ceb0b484ceeccb639a4177

SHA1
66f3df4aed055c125520468ad225ace06069a3f9

SHA256
115cd98e4267dce2e677f4ed3da4abe4581d5d4b301261ea278acc16145fd187

SHA512
10b11db421cd16c768cb52febc21e48734cfde67056026d3db33f615f19fb60e37923bac9ab0748ae3990bb681979f690781a485fa68596bd406b278be565795

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\bavadvtools\5DB281C3-B655-656A-01B6-E302199E376A\icon.png

Filesize
2KB

MD5
02cb5e2538fa533b0579bc07cf38071f

SHA1
ed0a55bc07c73753d51adf1260fb8053bd347f0d

SHA256
a1f9dc231fc2f78d6722fab9e6507e80d22c4902403a35aa038c62bfe78f891a

SHA512
5298bd5231c222a4496cab93c7c763ade3048a992cb12b5a53cf4599633a5ad63cb8f54b0469e6d732dccd163df0e785fad936851a688769c2311fe96f5f1bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\BavUi\skin\antivirus\offBtnHover.png

Filesize
1KB

MD5
83b9f7cb12f82c7facde9ee5f13182ad

SHA1
779bfe6a14d7ab1f167b4bf2fa0d036a4a6934ea

SHA256
6a8d4222789378d02c9629eb1bb627d683c32fdcd779b285d1c1007b4cc3c245

SHA512
77888595c3f66f2a1c49196561e3264e12105ea96b55da2f46a3fb7d0d721df68b02d3904e443bc5ec0d9ca85fc4094b7bf3fa6ad578ac595da6a2bb9c0d7410

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\BavUi\skin\antivirus\offBtnNormal.png

Filesize
1KB

MD5
33b4422f0e8578dca90fdcbf7a208c16

SHA1
118fd14913af869619814817f3a613aceb4a50b7

SHA256
9c772a155050c9ef325f85e5a1fb7e2e08ea5b8863c27be706f130b74f1811ce

SHA512
a8df68e7bbe8b1c0b70c8c05702e3933365bbc5cee917b5ca0434d6fe892d7baaf8f29a5bebf12039a9a269dacd26b9eafa80a6fcfbe4ba470190280b3ebd0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\BavUi\skin\antivirus\onBtnHover.png

Filesize
2KB

MD5
bf42af2ded163f4a7188772f51fdaaec

SHA1
1362c0b2c7cf9c088a04620838ad9ec1c34ea431

SHA256
6939b217ad1044f96eb4512cc49b7debacbaff57d83256d298576fb5c6298afb

SHA512
03b1d84e26228cf089509e22dc52f39343274cb0ea59c6023592fce8f782c18fd56807a216e4d86472dc78c26afced0004ee3cd76d3ad68d3c56db062b2f0f61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\BavUi\skin\antivirus\onBtnNormal.png

Filesize
1KB

MD5
e88895f4526db5e732bf2cede5ea1a00

SHA1
1caacc7b3ba571d3eb0abee90d7b34e264e7b08f

SHA256
02615131bdf922c8a0d057dc30298293b9470b542d08ce487d87d5ff89435d24

SHA512
22c251a9dbc8438fb4478da049b3e1382a9b66c350171d4950d31eb6609d71a007fa258f855c7b3eda0e47e5d7fdeaa044b341c6bf2bb28b291276b3b61c0b29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\Font\skin.xml

Filesize
4KB

MD5
e0adc60eaf4a829d0f9557e637ddcba8

SHA1
a6c76aa6471392248df2bea448a6fba6ebeb1475

SHA256
1aae5237aeca663f04a848b9b59d3a15b168a642091a2dfc0ecdd8d0e0ede9ff

SHA512
80e1a26d3bb545412103b964b711ee76c8e9d7298063467cfb08134cf0885150ffd5c3cbd72c34907fb49bd36ef691ba00b05ea6811b83ea7074e78343e9188b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\ieprotect\skin\setbtn_off_hover.png

Filesize
1KB

MD5
40fa91d5a4f3206807706cb2b792f4ff

SHA1
21e6d1da164f5800ffcc5695965528db70130ba0

SHA256
b54070e604870809b7b4f18c862491ce95bd042d63af6c820f6694329d352a2b

SHA512
b5c75c536ac2e963192aba190abc0ad118fbcd0efeb6e74b6351eb1c0dd00e16f462af578a8b9c9a4ffbfca6073a2dd946aa3516a9a6a187a309bd0b71ef38d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\ieprotect\skin\setbtn_off_normal.png

Filesize
1KB

MD5
26cb148aa8e349e0900b152c1bec834b

SHA1
260875b40b3d4476b209d845c9a5bdb633978706

SHA256
fec66f1854500a4cb5aabb20814ad7e7d4fb3a2701dfa815879ce62a2a54e13d

SHA512
24858832d060562883f6dbe6a43c9c6663e789a31b58f215da661d6381b5748dbdb60228fb912b498739a6394e948c776b660ccad035f137c487fb43f171513f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\ieprotect\skin\setbtn_on_hover.png

Filesize
1KB

MD5
d7d4455332a080d31dfb00f1fc4e3adf

SHA1
26307c25551a5c38a9dd537589c73d0a21a4cd87

SHA256
6113e2e17dc3e3d651172e1157a1663d91e432038fba9d14a389e48d6b3c4e2a

SHA512
dc54932ee1cc4c556fef09bc3b0418ef163684a2d9df7e4f97ee44eeff43913d445392be1e483afc110baf9a0391cbbe3d3b865f6b42fc99e8bafc1e6d33c46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1046\ieprotect\skin\setbtn_on_normal.png

Filesize
1KB

MD5
4d5864a2a0c958988570137985aee3a8

SHA1
39a2137070f542075d340f6ba3d802027aff9356

SHA256
ac665dfdc6baca1ed6fc00274c43bb3cf457b040a153af4ec299492b0b217de3

SHA512
12be37029c3cb91771d379e5b5169bb9026f48d1bd39cc08cafeecd9bb8172dd230a2dff7861b215c968ecb8452376383be1876ab265dd0f18567a4fce9ca533

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\1057\BavUi\skin\antivirus\guide_main_layout9_slice.png

Filesize
4KB

MD5
f5816169669057385759628e30562d97

SHA1
9ebd8bf84bed4335b1a86c8b8be6ddf33d8bdb71

SHA256
450a87fa998f1f92a7d65e2e4a2a6226e5f06263fd68a25a27dd8d1db553684b

SHA512
c594582b7a0616e9b143a4b10db50cf0ca5d1e57dab5a371bbd30e3380610f9632a46ed37cb0609170fb876795bd03aedc0dcb490d528f9f2d14a50ff8a6e106

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\i18n\2052\ieprotect\skin\safeicon.png

Filesize
2KB

MD5
d7624ac49fb8f781561716458444d26a

SHA1
a9393d02b6fb694f0d747f1b840714892e1f5eab

SHA256
aa5d065707b50a496fb0ac320bcafbcef9f933d64453b6487dc09c87e88ad63b

SHA512
d00424edddbfc55662856a41b1658d12767b32e73308da97eace0fb5079f2f533a1b40be47d2219a6e8f1a76386d9324371aee02b40beaf67711961e363991fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\bav_updater\skin\gray_normal.png

Filesize
1KB

MD5
bd91defba25fe383c983c559f71b19b5

SHA1
496e4b2670fc29bbd7499ae968a0253f273a93b7

SHA256
a9f40a159001aea988355ada116d331d120886b257c7a7ac8e31d1978a602e68

SHA512
cbacab89fb6eab1a1d60cbd52b3faa9316318b9f18796481048fa7ab9c780f31e697fc70351682d9aaccf56e83fd4a696ee38ea34ebc0efc96482e19907b5a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\bav_updater\skin\gray_over.png

Filesize
1KB

MD5
bba2350d3e8cf21d39d53257c99e284f

SHA1
b64704f98033e256c068a766c519233cafa23aa2

SHA256
cb0226924a4348d3cca9e56ad6a7b79cf02462f148036f7db80f97ae04989b1b

SHA512
f195b2f717d87c96f9eb04f5404f563a61b1f7733955adaffb3e227a762f62efff14d8d2848cc24759d43a8e09e523b584a6639175ddfb84267542704e62cd5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\bav_updater\skin\stepbar\doing.png

Filesize
768B

MD5
95e73d24ed1f630107ac38219a15f7a9

SHA1
429dbf1e5cf76f7876c180cb64591bda2a5a4a5e

SHA256
e8dc39ec4bc068c01f7d997bf6fd4385ef7e01942e396e1cf91eb8bbc58cdac9

SHA512
d3845455329263c9566ac83cb6ab048d7e66cc2f160f59ec2aa75ba2d7560be734115bcfb4a643df072158d43c43249a145d76a7db9b9ecf6957d59214d63923

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\common\skin\bg\long_blue_bg.png

Filesize
2KB

MD5
8e62cfa33588511d256d9473aa4a3455

SHA1
b6865d9d48c4091e2ce0c9b76093621fa94d14ab

SHA256
ddf61f471111be8e62609d1096841aef9a29d33a897e87a32e1f3a4fccb6c9bf

SHA512
cdefcf6c211be7d2a790607c60e850cca33a0f39d87f0a6da8f543f56f0a82179fa3e32b9a64060f8f9a9730a7aaa5f34ff00ffb3da1907639b968d6e1643efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\common\skin\icon\av_friend.png

Filesize
20KB

MD5
9a172934c7d2fc57ca26105e79f3f518

SHA1
28ae3105735fbb964cc35067e66889988eb9d9dd

SHA256
c4533a401e354179dacc6df9c25ba9f5c90a2da74b13ef2cb7dd94eb3fa6d8c6

SHA512
60b257c6babb68fb6fcc199cec531af58992da40ca3589530a83ce51720d16ea782341f4c2fc5c0359436fc4530fa083a9a265ebde3fb11bb87f37df3f19f1a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\common\skin\icon\logo_big.png

Filesize
22KB

MD5
0723a1823a1e0beef1af40ca133d4539

SHA1
87c0df5fc072a029c3899416ba4ca276a431b26e

SHA256
b3305f541c8a618dcb9c61543ea2d77782a63113b0568c552ab92c30b6458fbc

SHA512
1f958a4d2a5b88c8073115057a05bdc754d519116d7065dffcf25a0f77085203594dd91d83f6d9821d828f9fee7e3ef81161d0314d5e92b6a907b4a1199c8bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\common\skin\sysbutton\TopBtnSet.png

Filesize
1KB

MD5
a0df3de539dca698bb53ed89f5b5a4c2

SHA1
a2ac34924cd40c2d81984f995ff36e45e6a01ee9

SHA256
42f9915a34d26f6fea741ff41d6692d92a6ac6522f0902af5d9fe94a4af1b71a

SHA512
2302869fda7f18c9f8446df19553281c21df4586df6e36f48e14fcd56dc4f281f48b38d3b418d023e098708bfbdd83eb95fee86ddc8425559aff8dcf7972441a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\plugins\Plugin_Guide\res\skin\scanicon.png

Filesize
1KB

MD5
3e116160ccfaf5dc61e8e78481c9a633

SHA1
a75d50f20b1d1c4733a1a33dfb3393a732b5b704

SHA256
120dd350f5f4b845d5dda2381244c190e6e8053c37ef0c74f7075b3903ab255e

SHA512
ce2dd9c452dff6b84fea1fcb4bab6313b8994f6571b3e658d1d07befc24fae24b54a061d9bde6d25e68e8f542da7891fdb2b552d790b94d09b09e2ed3c557d40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\plugins\Plugin_Pop_OA\res\skin\onaccess\oaIcon.png

Filesize
2KB

MD5
e002ff44847ab29034fc72f32d630fa1

SHA1
f9a4496b464a4b09b572c3643e9389a90fbea2df

SHA256
2ec61b33df640f5ead73a5c28e63164473d4151f473424088b7bf6fe63611e9c

SHA512
667191e6f08258b7262dc721fbc0ae0c2152d648dadc59579a0fc0250d29e0de6e6f878220bdc0211fb615f9dfa7ae7f9704ff9c6fb143d2640ca3debcb6ba48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\plugins\Plugin_Pop_OA\res\skin\onaccess\safe_icon.png

Filesize
3KB

MD5
e65262a322b6419ce055b2f850cb7545

SHA1
90068ee2f426e35ee8ec9306e66eaab7352b7838

SHA256
e0f9633bbdb739fcab011bb54355f1af0e7dcb9d6cd0fb2a9224ff9ca1f99e73

SHA512
46ef210e22c2c2e1dfd65a2e4928b63607f49cdccb7c3887d31456acf58a4a28cab090cf811fdcabb24d41449a2114972986570b1d948bb2a6a13de5b02589ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\plugins\Plugin_USBProtect\res\VirusList\skin\onaccess\icon_ok.png

Filesize
3KB

MD5
8133753d8f08262bbfa4f47fc1fc264e

SHA1
e4e0d950912b9002d0389c908e35840fed6459c2

SHA256
a8cb7050666b9e9be00549ec81e3414571a87f3d5a67acc2553450681ca37af5

SHA512
962a17cfc92412bb615527607e0876a3cd86197f05d5a074fa7aeb7f8979d50b1338bcb9674f92a03352302506e2ce5c11031bdafd2db46b89ea49529e0d6ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\skin_bavui_frame\skin\scan\tree\tree_item_scanning.png

Filesize
2KB

MD5
e97dad6f991f7cbe684695e4b41fad5b

SHA1
3adb97374da8ce95b71c2f541ddf730213f57545

SHA256
682c3dfb47f3f0e5572e87028a77a2912ff7d65264480a1d9ca583f0935fbdd8

SHA512
3694784cdfde65b1c28fcb4306e2c4a622f3745a8e8d4bd71faa661f9693555f5a48009247a02149af4ae879903663881e7a96013bb0111fa58e5b963133f0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\skin_feedback\skin\combobox_down.png

Filesize
1014B

MD5
b43fcd5a184aa495d3e9aa0abc8c9ce3

SHA1
c15b75578fc54e02349f01ca72fb695a88df4810

SHA256
ec1153d348fc8c822b9b48f0750868ca6629a21d49e5471e261c65b4ce2432cc

SHA512
9ffd33ee66b38ddcdc9c7fc4eb4245f6d446c19553c99a3b62447e22211202374849ceb75bc63d95423940534f88035b813248df0fc0bc0c4eb83be7a396ecc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\skin_feedback\skin\combobox_hover.png

Filesize
1015B

MD5
1c568e51f27f23feb6607cf67910318b

SHA1
dfa3a6e4d39fe816eb47633d5cb4e7e8f914bb24

SHA256
645f20a63ad78c54a47c2c89946e9984be7967b01b1c9f6e321eb4b8d8067fae

SHA512
88e6d8d87cda4658d52a808d21ca5bf56f32dd3073904bdb032775c7a3c98b652167b2b6d2294ce19a204289489977433cd66103bd73a0a8193e948a2085c9fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\skin_investigate\skin\checkox_sel_disale.png

Filesize
1KB

MD5
7f6539e5caf15e417dd29ce9e56f2350

SHA1
2444a11f5bd40e18638049f6bae148adb9c820be

SHA256
17119ea01ca3e5625455bbe98e3ec617019ebf1388833455dc4e2aa4a8ecce6d

SHA512
9c8a79466311bee8df6536fe0cd457fead244b29efa6e7f6a6758cef366bc932546a49cbce1332edceb17cf24839b42b52c4f0f5fe666db0ec0cb1aa41aa1a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\skin_investigate\skin\checkox_unsel_disale.png

Filesize
1021B

MD5
44d3c8570c9a74722867d412b1e4d7a6

SHA1
3e7292ca397fc48ac3682ca5a9fc17753aa9eb26

SHA256
734b99588b8a489c492b85e61d9e74e1ba93c2985081b00ba897562f34c11537

SHA512
bca552ce512b21541541975e0000f53e2386f881dd376ac85602effcfe5fcb073a6458c81a3d89d3b935896c9c4c7738946da7f936d6d495a7c2885da45f8332

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\skin_investigate\skin\popbaseblueF_op.bmp

Filesize
200KB

MD5
b3fd97a3762979f7802069fc3a24a8d1

SHA1
e4c64331760e0bda54030e4a82474ddc41c56feb

SHA256
f1069c0c7aeb8175de0ccdb005b0246be0cf4696540e95426cbe4e22f95a52f9

SHA512
dd283c1f0d6272efd0951c966bb8a36dc7d83d9a9f0d62f2fe06af82ff07bd6a9a6591bb4d7329b777a1793f91a91770f220353261eab0762af3a5f007508313

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\button\TopBtnDown.png

Filesize
1KB

MD5
aa04e0b0e8acddb18f10a6779ac30ab7

SHA1
c016fdcb225bdeee6870fbb75bde017b7d5aeb6e

SHA256
78e93eff1226f6c0040c009868da6071523bee3d6e799fc6356e9fbee3f8fd54

SHA512
7976f8ae3e79635b4567aafc92ca4ce5a71b47436c315c7d83c055c53e2a190e39aa23173d08641df9f03201d77ed06e58efee6708cb332d59abf031ebb35294

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\button\TopBtnHover.png

Filesize
1KB

MD5
f8c819d7746de02c3e96b8a9dd49b699

SHA1
0130fdf04ab8f049f9e491e4d6c2d7eacfd8f70d

SHA256
fbe5b63368ea6b0b7341aab831726996c874dcab4b686a0dd457ec17079a5b8c

SHA512
ed844a05badba071cd138ef4f7ba7dd58d1222a6d726c3912192c24d6ea4e163fc8586b37d2638176a167b8c5aac4d08eeaa7f05366938791cad75825c6519b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\button\green_disable.png

Filesize
1KB

MD5
2e7995bb4ee3b665d94db1f043dcad07

SHA1
5223c6c905b174f45509eee3d0a5ab115e544782

SHA256
3e9d76e2756e4a14b68e3ec8841fa6ad05e220c65f6938518ab6ec42f3c6d309

SHA512
36b65b2d12800f698a671b54a536e01e7d678445aa8258424a5f23e9d4b8e7574e2e35861f6cf7227326cb0cb0039e83be2b255f6852dcb569fc41843a637b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\checkbox\checkbox_disable_unknown.png

Filesize
1KB

MD5
f3481e16088d2049a060b51d8f2dfeba

SHA1
b0896895f47eb2055979600aafc251b17c4acfd7

SHA256
3fb66b2f7288063f77749a8347a6c72ea556ae5f538076001596ba59ce056d50

SHA512
5c0142bcddef36c079b06542c33e27319fadaf22ecdc48dff77bd04cdf4794d42f362842f1ae9b09490c8ece5a37be5ed66de008d6d05813cd7e85c1adf1e757

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\checkbox\checkbox_hot_unknown.png

Filesize
1KB

MD5
5624c0d362d2579a787e04ddee22a3ea

SHA1
919da147fa43ad163418d7a9761cf519762a0a44

SHA256
13d1f8386fef6e6c52b58cfab5e8565607d6af9745934c7f4395565ae035c3f7

SHA512
966b6c2d7a1a51a41e81b08c008018ea75ac6efcf82947793953d62ee8161f27961c24f05ad6bc1a8d33eac2f7673627888489f356c7b449a18567fa11ac050c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\checkbox\checkbox_nor_unknown.png

Filesize
1KB

MD5
2828b076c2609f07553ede9d7ec462b9

SHA1
48c7d5f8e363ed665276dd34fab42f40f4d096c9

SHA256
97acfd73625c1e124914559b06c2edb998b9203bb691dcad65ee78814005ef51

SHA512
7d7caba6ff52ff82ce795d03131e96f1931083c8e29288bee8be8e1c0336b4c969396b7e11b2d10b3a921fbab9805fc043c23143b5c2b1170ae4f118a67277b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\checkbox\checkbox_sel_hot.png

Filesize
1KB

MD5
a504c6c2ae8764caaea4df0e4b389442

SHA1
d3162eacf5a8760c6ce3a43cf935cacc0517cff2

SHA256
e55d619ee8861f9f00b74dc564b9b641f5fe3b526b8686e3a21acd75f6b41cd8

SHA512
35ad8518657d9ece57a6820e2462d9f36005571ce7c302bf3ddce351877b7f62227a718f8e19a403c6abc416a47e20a0b905abd4ec8821dc7e38aa77b1ed755b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\checkbox\checkbox_sel_nor.png

Filesize
1KB

MD5
8cec29d58873196d582bc52edfe88bdc

SHA1
6efe4159b4d94c30d5a853b2e2220e26f58dc375

SHA256
4c0dae0dd76ba2e458b36886370a3b71b5e9c55f2cc98f8fd7af94357405db19

SHA512
b855e1af8d06a98cf4853ace403eaae800d0e0a19864d4e786e6f2a66cbb97d67cd1eab99ec675bc34cd0dfe6994770a9b2f44288498555c21a8beed8a5d892f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\checkbox\checkbox_unsel_hot.png

Filesize
1019B

MD5
30f22cf7c5519977d314289235313a69

SHA1
31cc2b78c636088add7c2864817789b6f9af291e

SHA256
53631ff96a6af18acc8759e4918e5d1767ef63cc34862b56bfcab9a931bf78ef

SHA512
b4e5d389bb4905ffb9c2e8c3ae0ab187fbbd9622733bdd62b52bf131534a6a70d21041d95bbbcc13a0507125da57a1424ff10adce9ce6a0203d9b20815149436

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\checkbox\checkbox_unsel_nor.png

Filesize
1021B

MD5
b160e88e8e3c650ee82db193be2829d9

SHA1
c0c290f413de7ab1746c24566bdd805968387ca4

SHA256
6a0ab3343fd7a4d9dbff6fa03dca06c4988aa37428a3ae871ae0971ecd6bc6da

SHA512
f46580f72daf0bdebda7ed014ca6c98d92249c0ac2eb8d1a822451db52b520e5e7ba85b875b3408f05554bffe2444b4c23e54783c4271ce538f7645dfe704d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\bav\skin\tools\ieprotect\skin\logo.png

Filesize
1KB

MD5
c60ff58a0686e6b035ba503c844bc8e0

SHA1
ed99821062b34cf816f8747d29257107721a02be

SHA256
ed2b16fe0954b600022145ab6a712f865993067adc29afb4a2ebec4304a2766b

SHA512
b10cf606732d036eef0c334ea563053c4787bfd6b42e38a9f14d20f27c6108abfaa93c7897481315ba9358f958301c5942e18f274473d5d09cfe0ab0856590d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\config.ini

Filesize
15KB

MD5
59f65ad201a479c73fa280b606e6c42d

SHA1
289fc2292d0ba4cf990b58862e9f9e96f528dddf

SHA256
0186d248b4c372a8c22bf016ba5c249156389db038712bd611e0cc08a25d1207

SHA512
50293298cb1679a9d9ed99e6b544bed3d0b1eece175afaab276109196e74e9259c73448d8a604cbaa7d35917e669b2ff502482677ec48195360264daee5c0927

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA7F5.tmp\log.dll

Filesize
100KB

MD5
8d61885bf66cd1a69f4dd5d874fb915f

SHA1
32c886ffb8d30fcc56c6d12b682a98fad4f5a6bc

SHA256
c99fa0bf058de3c526f8cc31b7490c9b2fcd9dd8e93d5b74698e44440e14f464

SHA512
c2ee237e48d697300e95ed26b0259a23309c30aa725de052211ea5b935ea261ba1cb38ae53011d5acc1431b92b29664ceccfe7a1110e7915b17af1acc7d74d08

Download Submit
C:\Users\Public\Documents\Baidu\Common\I18N\conf.db

Filesize
403B

MD5
12e985626dbd76f75a044bc59578c143

SHA1
629711d4499f645b8afda50e0c02735164922de8

SHA256
a72093d792458c96fe077d914b6f6ef70376bc1f696b777632001d72ac6e0c2c

SHA512
000f8f3866c7dd5ba67ca945c086427a7501cefeec023400abdd496553f26299b3a1666f691f08333a0d8f2f0c30b99619c8b94f25ac2954374f03c68b24919e

Download Submit
C:\Windows\System32\drivers\BdSandbox.sys

Filesize
216KB

MD5
5427d02272bb38902ba1d28cf62f3007

SHA1
f8e7c80eb63d0d20e5e5abbc00d3c5ce47df696c

SHA256
8a257dc4dc897722586a5cee2251644c30b22aa327ff9cbaa604c0ac7ddf3b1e

SHA512
e77e6b5aa61222173f121261bc8a9d83f14d61aed8890bf0dac43c760e8cd8726c0249e0636cf6eee48ab8b95dc7a1c1aa58cd0d5e0dbde91f410d07621f426f

Download Submit
C:\Windows\System32\drivers\Bfilter.sys

Filesize
58KB

MD5
7a4e1fc666e36113ef4f4eea4c1bba9b

SHA1
da82af034be8eacc345c204a72502be22a5a3061

SHA256
e0d9032895d74529ac7c43f620f78c6805c28a17b03d8790905748d6116549f0

SHA512
ecefafb65418f640fd4fbf5223d1032026d1987d1391ea963a0bd525f037e1b175da193393a18ba7ab645d9bc0496faf04e03da40170c39022cd6b73a69a5501

Download Submit
C:\Windows\System32\drivers\Bfmon.sys

Filesize
37KB

MD5
01224e7ae4a459d7e7b796fb629cdb5e

SHA1
f1bfd82e0c06bd2d3352d66a3293fee366511f55

SHA256
4107478e0c9b6c81daae04f64120c96dec1c761d4ac605df6c958b159a5140f0

SHA512
d0f518b2fe936cdbdb2a3d264d2242a10ff432249b09bf74c6679d7b483b32c70fbec54b4a32ec715a9245274ba4675a27c799ada44162c8e83afdee854f9c4f

Download Submit
C:\Windows\System32\drivers\Bprotect.sys

Filesize
170KB

MD5
b29d6727262228a28e6d0860a27a9ca6

SHA1
54486b7f89d4a932dab1072a5ecc254c0bb22a48

SHA256
331717450b60f1806bb0414801a8964b09e016c97aa2ab7231abb7e6bc5cc134

SHA512
46568ffd66639f9f9191222b040ac70062fdaba10214f2365170205c6be990c28368bbbad4ec48f8fb790c052daded30c6d5938d5491dc804ce824085e4059d6

Download Submit
C:\Windows\System32\drivers\bnbasex64.sys

Filesize
59KB

MD5
09def9b22ac53052bb627ac94dd5c68c

SHA1
a42440a75ad483428280e052a2102acfaca1028a

SHA256
64a8e2649c9a374217a2eb0322619e1e023f2be602c0488334f1a2c3321a8629

SHA512
9d2a0f00434c7f9eba711b489d5e6151d39054d0c3a9b8be296dcb136c744370ee6212371f561ac9f072d62dee7e8ded7178ff38c1e2ee7545f7b841002bf277

Download Submit
C:\Windows\System32\drivers\bndef64.sys

Filesize
471KB

MD5
73a08aa811b24e7865d42118b49cc322

SHA1
cc7a1a511f946c781478433ef983c1294edca660

SHA256
15e03a73abbf596e8906a61bf64165d90b95a7a43eb2e86396ac833e1f5f1dbb

SHA512
38a528064867d674e295c0fe54ee91353a89f5d0d405ef13739befcc8fc58478d25e077b1cb93a75e864e1c9ee877f162a6f03ac3a63a524df6ba0b5ed8449fd

Download Submit
memory/904-5845-0x0000000073FC0000-0x0000000073FDD000-memory.dmp

Filesize
116KB

Download
memory/4088-5310-0x0000000004D60000-0x0000000004EE6000-memory.dmp

Filesize
1.5MB

Download
memory/4088-5215-0x0000000002310000-0x000000000238D000-memory.dmp

Filesize
500KB

Download
memory/4088-5264-0x0000000003B80000-0x0000000003C90000-memory.dmp

Filesize
1.1MB

Download
memory/4088-5270-0x0000000004C20000-0x0000000004C43000-memory.dmp

Filesize
140KB

Download
memory/4088-5330-0x0000000004FF0000-0x0000000005076000-memory.dmp

Filesize
536KB

Download
memory/4088-5210-0x0000000001610000-0x0000000001638000-memory.dmp

Filesize
160KB

Download
memory/4088-5286-0x0000000004D30000-0x0000000004D53000-memory.dmp

Filesize
140KB

Download
memory/4088-5335-0x0000000005890000-0x00000000058BC000-memory.dmp

Filesize
176KB

Download
memory/4692-5871-0x0000000071AF0000-0x0000000071B9C000-memory.dmp

Filesize
688KB

Download
memory/4692-5369-0x0000000004420000-0x0000000004461000-memory.dmp

Filesize
260KB

Download
memory/4692-5371-0x0000000004880000-0x0000000004906000-memory.dmp

Filesize
536KB

Download
memory/4692-5390-0x0000000005F80000-0x0000000005FA3000-memory.dmp

Filesize
140KB

Download
memory/5820-5913-0x0000000071A80000-0x0000000071AE6000-memory.dmp

Filesize
408KB

Download
memory/5820-6034-0x0000000071A80000-0x0000000071AE6000-memory.dmp

Filesize
408KB

Download
memory/5820-6080-0x0000000071A80000-0x0000000071AE6000-memory.dmp

Filesize
408KB

Download
memory/5820-6100-0x0000000071A80000-0x0000000071AE6000-memory.dmp

Filesize
408KB

Download