Malware Analysis Report

2025-03-15 05:56

Sample ID 240514-l8b3babg93
Target 411db49702608fdeff55f2c7b2f657d1_JaffaCakes118
SHA256 f89b2764302a8dd56912f1fdfaccc6b14ae9be243f62f6cd01f906748fea773d
Tags
vmprotect bootkit discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f89b2764302a8dd56912f1fdfaccc6b14ae9be243f62f6cd01f906748fea773d

Threat Level: Shows suspicious behavior

The file 411db49702608fdeff55f2c7b2f657d1_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect bootkit discovery persistence

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

VMProtect packed file

Unexpected DNS network traffic destination

Adds Run key to start application

Enumerates connected drives

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of UnmapMainImage

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-14 10:11

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-14 10:11

Reported

2024-05-14 10:14

Platform

win7-20240419-en

Max time kernel

149s

Max time network

150s

Command Line

C:\Windows\Explorer.EXE

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\BaiduClient = "\"C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient\\2.5.19.2540\\Baidu.exe\" --auto-run" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppName = "Baidu.exe" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9} C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9} C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2392 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2392 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
PID 2596 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
PID 2596 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
PID 2596 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
PID 2596 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
PID 2596 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
PID 2596 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
PID 2596 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
PID 804 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe C:\Windows\Explorer.EXE
PID 2596 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 2596 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 11

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --inst-task 9#\0.0.0.0\ -p 1

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --main-frame 0 --search-bar 2 --tray 1 --dock-screen 0 --dock-direction 0 --dock-ptx 0 --dock-pty 0

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe"

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe" --dock-direction="" --dock-ptx="" --dock-pty="" --dock-screen="" --humming-dir="C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin" --main-frame="" --search-bar="" --service-exe="BaiduRenderClient.exe" --tray="" --xchannel="\\.\pipe\ipc.2596.0.21341" --xtype="service" /prefetch:1

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 3 -r 2596 -c 3 -m 11149735102708 --magic-number 11149735102708

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 2 -r 2596 -c 4 -m 11149735102708 --magic-number 11149735102708

Network

Country Destination Domain Proto
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 up.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
US 8.8.8.8:53 passport.baidu.com udp
US 8.8.8.8:53 sys.webapi.br.baidu.com udp
US 8.8.8.8:53 passport.baidu.com udp
HK 180.76.76.76:53 sys.webapi.br.baidu.com udp
HK 103.235.46.9:443 passport.baidu.com tcp
HK 103.235.46.9:443 passport.baidu.com tcp
US 8.8.8.8:53 location.br.baidu.com udp
CN 61.135.186.93:80 location.br.baidu.com tcp
US 8.8.8.8:53 cfg.download.iyuntian.com udp
US 8.8.8.8:53 rc.download.iyuntian.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 res2.download.iyuntian.com udp
US 8.8.8.8:53 res3.download.iyuntian.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 tk.download.iyuntian.com udp
US 8.8.8.8:53 utk.download.iyuntian.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
N/A 127.0.0.1:49737 tcp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 msc.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp

Files

memory/2392-0-0x0000000000E60000-0x00000000022F1000-memory.dmp

memory/2392-1-0x0000000077580000-0x0000000077581000-memory.dmp

memory/2392-7-0x0000000076F60000-0x0000000076F61000-memory.dmp

memory/2392-3-0x0000000077580000-0x0000000077581000-memory.dmp

memory/2392-10-0x0000000000E60000-0x00000000022F1000-memory.dmp

\Users\Admin\AppData\Local\Temp\so\so.dll

MD5 c88736af43349b810275604d9a310663
SHA1 92fd72667922080623fde346340f325130804474
SHA256 1dd5ab5ed7713cf61c8bda085546fd06366ce3677d87c13c42bb6c507d55a33f
SHA512 9db791b9e8df451aaf5a6b147d1e53221dc7c2fe489465d62bc61ecb57e6a370fc859c207f66fca51309418a44f0adefe6c8cb772762fab0b9c19ae72384caae

memory/2392-18-0x0000000077580000-0x0000000077581000-memory.dmp

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Plugins\extends\xinwen\1.0.0.9\completelist.txt

MD5 769f4df16039bc76cee3f45ccb2a4c8d
SHA1 4d2e9f92ad40b5648193506eafaf7ecdd23a3264
SHA256 13084a91a61cbd941dc3acfddf98cef4db00be925deda7f17b7840872ef47c99
SHA512 113aa3ed73813c451f07b75b09232dc76b42fe49b9e32345eef528211b8bb2b6ba8671028b65dd5f43978dd595afe75c3341ac0a9e6899d8c34714fba382d920

\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

MD5 a9d9e64ce71346e895041d2d3f85470b
SHA1 a364c60250e20689919c5af166b8da4965542a47
SHA256 68d63e347823e85d7221b2245dec8d4b1a59782a86c2e17793336e5a7816b9f9
SHA512 7f15b40c9e3d355cfe57e980966af26b0b8892b55699ec722b1a17384f6a8270f10026be56fbcbb86d8228f47febaa7b58470a57c64fa2a818063c671e101701

\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduReport.dll

MD5 13d6338b22cd158a12d4e546d55363fb
SHA1 a97429238dd2c1390c1e352aec9a78913df0ac91
SHA256 5612d598cc63c2f07fa1f7e3ef681ee54b9b029af5a1641daf3c079890de6c32
SHA512 dbd54a694e0ffc7425abd7c8e9410418338d58f990dd99a289f3bfcac237c1a205e137760d65de59681bd5dc3425f3311a471a9e7dd719dbc41384d235dd8b79

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Report.dll

MD5 2749718cf4ad28bf33f9596b298ddbec
SHA1 f24443b211be83e192c6eb39ef47b422d1f715de
SHA256 8c1a33aad4d8c070a48f1fb620f8404ccd08aeb304551af3090142645b6e7f16
SHA512 e59b643c03fecc2bad8e94baa35787aef3688b12b0b9f8b01cec6c6238125eebd0d77c243c53fdd74a4561322bdbcdbb763bc8cc766d0fc9b79b97833df57671

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Utils.dll

MD5 2276b44148aaa11660ae6fce407c1231
SHA1 f96a8183720748ffb1eb230b1d3e6e7370919a8e
SHA256 74d494caddb9d2b6be03d0d071df1b473783c3c335c998e03da7e3c5739d1412
SHA512 d328d0186c11fb67fd692e72416dfb735616ce5c473c300c5a66cf88c3ad3e03aa8ad409ae9398492361995eb1190fc4c2b04888de1d9f46cf840b20ee79a030

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\MSVCR100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\MSVCP100.dll

MD5 bc83108b18756547013ed443b8cdb31b
SHA1 79bcaad3714433e01c7f153b05b781f8d7cb318d
SHA256 b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
SHA512 6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Base.dll

MD5 c4dbf079a91dc0e918e9935d508937df
SHA1 ca6320080249bee1a628c337088313e4baff4bc6
SHA256 bca180f830fef33de23a96ce0d50c2a2c64c0940c27da16c6fc52f611f4ed2d5
SHA512 f7013bb98b72b067f75ff74f7d596162a15449f0596fea9870348cd92ed4c89eaa8f282cbc7584e993874b5fd2b28e5315e1a09c22b8b7d830899514e60370e2

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\bdlog.dll

MD5 56d1d9be11aec8560139c779f353155c
SHA1 b28a2b5b348fb49cd3222e6a804ab934d293bcf2
SHA256 cba98b57e8c9b5d9f34b68b2b9433187705c3ef65b11b0f20373ce5e05859c96
SHA512 33f65c8af6937cc680e95d3f638d6fd861ce4aedb3595c9cc16afdd072e63a36b9b6ee28aed033e5779679d2c73c943b81759abb96a6a31e5d823c9dbd27f247

\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\CommonWorker.dll

MD5 72aaeba54b8e78c78862a9b321912d6e
SHA1 f788d9412a6697e1ed2df400ba1a9caeec02cf0f
SHA256 3e94838a9bb3b5bd1500ff6dc558c7af5dc534db0b544f1232cd6b08b9af4432
SHA512 bcc968e89f17a8776d06c125d2dfc68f5fb7237857d745ba3df4afebac67aa255d8b32afb0c5e66b2ac1fce616aa09cbdd77c7cc9703aa0fec03d406cca305b3

memory/2456-428-0x0000000076E73000-0x0000000076E74000-memory.dmp

memory/2624-466-0x0000000076E60000-0x0000000076EA7000-memory.dmp

memory/2440-471-0x0000000076040000-0x0000000076075000-memory.dmp

\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\uninst.exe

MD5 5bba771049a908635b1d2bfe4a7fce75
SHA1 9798a1b4bcea639ed40f3f518305f9a5277e1590
SHA256 e62e8290f963a95e6464817a4f82c9f323d54f25eda2aba175421d4707a10609
SHA512 66f77dc6cbc7ecf993f16aa5ab0b339d707ca4234d580ef9de4b0df3de5c2e6ef7f3fa1e48e81fbdba23938f1f7adfd7cc8dd9765beb9eafb9f6dd97f4209f6d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\百度.lnk

MD5 2c9675dda7338f96f522f64a9a7ee4bf
SHA1 bef9884dde52b96b7070bc53c18d4e3eb5f14e37
SHA256 f7585905e423893bb687c02db1cd8f9b9109f1bf2a38f569dfa3a8699835fcca
SHA512 b5b17760ada1a30692671b34f23640df25b0740abd3e9ad6314ddb83f19119e69b83af54be7640fb27dbbef76201fef2ea739ed703fdead43e062c414fbbde75

memory/2624-467-0x0000000076040000-0x0000000076075000-memory.dmp

memory/2440-468-0x0000000076E60000-0x0000000076EA7000-memory.dmp

memory/2456-500-0x0000000076040000-0x0000000076075000-memory.dmp

memory/2456-499-0x0000000076E60000-0x0000000076EA7000-memory.dmp

memory/2456-427-0x000000007740F000-0x0000000077410000-memory.dmp

memory/2456-408-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2456-407-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2612-507-0x0000000076040000-0x0000000076075000-memory.dmp

memory/2612-506-0x0000000076E60000-0x0000000076EA7000-memory.dmp

memory/2392-508-0x00000000005E0000-0x00000000005E2000-memory.dmp

memory/2596-511-0x0000000003480000-0x00000000034C9000-memory.dmp

memory/2596-513-0x0000000004AB0000-0x0000000004B55000-memory.dmp

memory/2596-515-0x0000000004B60000-0x0000000004BD2000-memory.dmp

memory/2596-517-0x0000000003800000-0x0000000003814000-memory.dmp

memory/2940-518-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2940-521-0x00000000002D0000-0x000000000034D000-memory.dmp

memory/1192-520-0x0000000002F20000-0x0000000002F21000-memory.dmp

memory/2940-525-0x00000000009F0000-0x0000000000A62000-memory.dmp

memory/2940-523-0x0000000000460000-0x0000000000505000-memory.dmp

memory/2940-528-0x0000000000580000-0x0000000000594000-memory.dmp

memory/2940-529-0x0000000000AC0000-0x0000000000AF5000-memory.dmp

memory/2940-537-0x0000000001090000-0x000000000112F000-memory.dmp

memory/2596-542-0x0000000003C50000-0x0000000003C63000-memory.dmp

memory/2392-555-0x0000000000E60000-0x00000000022F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml

MD5 000b392933bd388a6682b30b487eb1f9
SHA1 e6870581169353b696b17ca41a4447a6af120c89
SHA256 9a68bd00a2dcf2b05d9ab3700c3bcaa89efb28747ed77bc8a61b6ad6cce7a08a
SHA512 cfe2a08d5c35bff99cfd471e84cbe14eaabaa0cb61863f5f46ba11cb6dd1c92483d45c5627d34c1b61a3ff6ba24cfaaab982cc2588a77fe11a8b3e1f79f82034

memory/1616-570-0x0000000076E60000-0x0000000076EA7000-memory.dmp

memory/2392-571-0x0000000000E60000-0x00000000022F1000-memory.dmp

memory/2596-573-0x0000000076E60000-0x0000000076EA7000-memory.dmp

memory/2596-574-0x0000000076040000-0x0000000076075000-memory.dmp

memory/688-576-0x0000000076E60000-0x0000000076EA7000-memory.dmp

memory/688-577-0x0000000076040000-0x0000000076075000-memory.dmp

C:\Users\Admin\AppData\Roaming\Baidu\Baidu\pb\100.pb

MD5 0a046fc4ac62ca3278450db3c4d14330
SHA1 8d4cec6518773caab72c4ff79d138b62ea6c1337
SHA256 02fe395561c74e117eedd1ac5f9c5d9d2be407affde144421199623ac83da6b7
SHA512 0dd7829970f5406b5466017359eff58e70dd33f36092e9073ae68f2d4543cf2494dad39012705841286cbab6dcd9f84c603582e97dfaaea416e756741d419ba0

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-14 10:11

Reported

2024-05-14 10:14

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A
Destination IP 180.76.76.76 N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BaiduClient = "\"C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient\\2.5.19.2540\\Baidu.exe\" --auto-run" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9} C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppName = "Baidu.exe" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5112 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 5112 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 4624 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
PID 4624 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
PID 4624 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
PID 4624 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
PID 4624 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
PID 4608 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe C:\Windows\Explorer.EXE
PID 4624 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 4624 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 4624 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 4624 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 4624 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
PID 4624 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 11

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --inst-task 9#\0.0.0.0\ -p 1

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --main-frame 0 --search-bar 2 --tray 1 --dock-screen 0 --dock-direction 0 --dock-ptx 0 --dock-pty 0

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe" --dock-direction="" --dock-ptx="" --dock-pty="" --dock-screen="" --humming-dir="C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin" --main-frame="" --search-bar="" --service-exe="BaiduRenderClient.exe" --tray="" --xchannel="\\.\pipe\ipc.4624.0.21344" --xtype="service" /prefetch:1

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe"

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 3 -r 4624 -c 3 -m 19859928780852 --magic-number 19859928780852

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 2 -r 4624 -c 4 -m 19859928780852 --magic-number 19859928780852

Network

Country Destination Domain Proto
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 up.mb.baidu.com udp
US 8.8.8.8:53 83.177.190.20.in-addr.arpa udp
NL 23.62.61.177:443 www.bing.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 177.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
US 8.8.8.8:53 passport.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 sys.webapi.br.baidu.com udp
HK 103.235.46.9:443 passport.baidu.com tcp
HK 103.235.46.9:443 passport.baidu.com tcp
US 8.8.8.8:53 location.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
CN 61.135.186.93:80 location.br.baidu.com tcp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 76.76.76.180.in-addr.arpa udp
US 8.8.8.8:53 9.46.235.103.in-addr.arpa udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 rc.download.iyuntian.com udp
US 8.8.8.8:53 cfg.download.iyuntian.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 res2.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 res3.download.iyuntian.com udp
US 8.8.8.8:53 tk.download.iyuntian.com udp
US 8.8.8.8:53 utk.download.iyuntian.com udp
N/A 127.0.0.1:62922 tcp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 msc.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 msc.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 msc.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
HK 180.76.76.76:53 msc.br.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
CN 114.114.114.114:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 114.114.114.114.in-addr.arpa udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
US 8.8.8.8:53 dtrp.download.iyuntian.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 scloud-dlsw.br.baidu.com udp
US 8.8.8.8:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
US 8.8.8.8:53 p2s.download.baidu.com udp
US 8.8.8.8:53 dr.mb.baidu.com udp
US 8.8.8.8:53 scloud-dlsw.br.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp
HK 180.76.76.76:53 hb.mb.baidu.com udp
HK 180.76.76.76:53 dr.mb.baidu.com udp

Files

memory/5112-0-0x0000000000270000-0x0000000001701000-memory.dmp

memory/5112-1-0x0000000000270000-0x0000000001701000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\so\so.dll

MD5 c88736af43349b810275604d9a310663
SHA1 92fd72667922080623fde346340f325130804474
SHA256 1dd5ab5ed7713cf61c8bda085546fd06366ce3677d87c13c42bb6c507d55a33f
SHA512 9db791b9e8df451aaf5a6b147d1e53221dc7c2fe489465d62bc61ecb57e6a370fc859c207f66fca51309418a44f0adefe6c8cb772762fab0b9c19ae72384caae

memory/5112-11-0x0000000077E30000-0x0000000077E31000-memory.dmp

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\defaultDB\Software.pb

MD5 2177313f4585bd19d8a8036b0df05f00
SHA1 7b763d97faabc283a9edd64b151cc22707b93f8a
SHA256 fea0e27b1aaead498ae1651517f14982783bcdcd764416588ff21ffea2f9ec5f
SHA512 fb2386b45ee23a5c44075a7187de349da6a95b461ba9366ba2d7a755bbd6932b7bcf524c6f8609826707b3018b62ab8764663cc5a49afb9902b9c3aac0f55ae8

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Plugins\extends\weixin\1.0.0.8\completelist.txt

MD5 769f4df16039bc76cee3f45ccb2a4c8d
SHA1 4d2e9f92ad40b5648193506eafaf7ecdd23a3264
SHA256 13084a91a61cbd941dc3acfddf98cef4db00be925deda7f17b7840872ef47c99
SHA512 113aa3ed73813c451f07b75b09232dc76b42fe49b9e32345eef528211b8bb2b6ba8671028b65dd5f43978dd595afe75c3341ac0a9e6899d8c34714fba382d920

memory/5112-393-0x0000000077100000-0x0000000077101000-memory.dmp

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe

MD5 a9d9e64ce71346e895041d2d3f85470b
SHA1 a364c60250e20689919c5af166b8da4965542a47
SHA256 68d63e347823e85d7221b2245dec8d4b1a59782a86c2e17793336e5a7816b9f9
SHA512 7f15b40c9e3d355cfe57e980966af26b0b8892b55699ec722b1a17384f6a8270f10026be56fbcbb86d8228f47febaa7b58470a57c64fa2a818063c671e101701

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduReport.dll

MD5 13d6338b22cd158a12d4e546d55363fb
SHA1 a97429238dd2c1390c1e352aec9a78913df0ac91
SHA256 5612d598cc63c2f07fa1f7e3ef681ee54b9b029af5a1641daf3c079890de6c32
SHA512 dbd54a694e0ffc7425abd7c8e9410418338d58f990dd99a289f3bfcac237c1a205e137760d65de59681bd5dc3425f3311a471a9e7dd719dbc41384d235dd8b79

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\msvcr100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Report.dll

MD5 2749718cf4ad28bf33f9596b298ddbec
SHA1 f24443b211be83e192c6eb39ef47b422d1f715de
SHA256 8c1a33aad4d8c070a48f1fb620f8404ccd08aeb304551af3090142645b6e7f16
SHA512 e59b643c03fecc2bad8e94baa35787aef3688b12b0b9f8b01cec6c6238125eebd0d77c243c53fdd74a4561322bdbcdbb763bc8cc766d0fc9b79b97833df57671

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Base.dll

MD5 c4dbf079a91dc0e918e9935d508937df
SHA1 ca6320080249bee1a628c337088313e4baff4bc6
SHA256 bca180f830fef33de23a96ce0d50c2a2c64c0940c27da16c6fc52f611f4ed2d5
SHA512 f7013bb98b72b067f75ff74f7d596162a15449f0596fea9870348cd92ed4c89eaa8f282cbc7584e993874b5fd2b28e5315e1a09c22b8b7d830899514e60370e2

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\bdlog.dll

MD5 56d1d9be11aec8560139c779f353155c
SHA1 b28a2b5b348fb49cd3222e6a804ab934d293bcf2
SHA256 cba98b57e8c9b5d9f34b68b2b9433187705c3ef65b11b0f20373ce5e05859c96
SHA512 33f65c8af6937cc680e95d3f638d6fd861ce4aedb3595c9cc16afdd072e63a36b9b6ee28aed033e5779679d2c73c943b81759abb96a6a31e5d823c9dbd27f247

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Utils.dll

MD5 2276b44148aaa11660ae6fce407c1231
SHA1 f96a8183720748ffb1eb230b1d3e6e7370919a8e
SHA256 74d494caddb9d2b6be03d0d071df1b473783c3c335c998e03da7e3c5739d1412
SHA512 d328d0186c11fb67fd692e72416dfb735616ce5c473c300c5a66cf88c3ad3e03aa8ad409ae9398492361995eb1190fc4c2b04888de1d9f46cf840b20ee79a030

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\msvcp100.dll

MD5 bc83108b18756547013ed443b8cdb31b
SHA1 79bcaad3714433e01c7f153b05b781f8d7cb318d
SHA256 b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
SHA512 6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\CommonWorker.dll

MD5 72aaeba54b8e78c78862a9b321912d6e
SHA1 f788d9412a6697e1ed2df400ba1a9caeec02cf0f
SHA256 3e94838a9bb3b5bd1500ff6dc558c7af5dc534db0b544f1232cd6b08b9af4432
SHA512 bcc968e89f17a8776d06c125d2dfc68f5fb7237857d745ba3df4afebac67aa255d8b32afb0c5e66b2ac1fce616aa09cbdd77c7cc9703aa0fec03d406cca305b3

memory/3276-454-0x0000000075E10000-0x0000000075E73000-memory.dmp

memory/3276-453-0x0000000076810000-0x0000000076A25000-memory.dmp

memory/3152-478-0x0000000075E10000-0x0000000075E73000-memory.dmp

memory/3152-477-0x0000000076810000-0x0000000076A25000-memory.dmp

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe

MD5 69085c9633b6be368ca67371833297e3
SHA1 c94fe3c9e23d71287bf286b152d67fe6c4e96afb
SHA256 ae8fc01610809b9430957e1c027613545dd42e68d8de42f2651119620b1b8c23
SHA512 df637062d46a1ab45d13a856330b19e6d3d3f66ada9fd95f239683c0aef9f3ef8ca89dc48f3f630fd1258e637f268c98d6794136c2d87ffc0ff7deca8e36c852

memory/3276-423-0x0000000077CF2000-0x0000000077CF3000-memory.dmp

memory/3276-420-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3276-419-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2892-482-0x0000000076810000-0x0000000076A25000-memory.dmp

memory/2892-483-0x0000000075E10000-0x0000000075E73000-memory.dmp

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\uninst.exe

MD5 5bba771049a908635b1d2bfe4a7fce75
SHA1 9798a1b4bcea639ed40f3f518305f9a5277e1590
SHA256 e62e8290f963a95e6464817a4f82c9f323d54f25eda2aba175421d4707a10609
SHA512 66f77dc6cbc7ecf993f16aa5ab0b339d707ca4234d580ef9de4b0df3de5c2e6ef7f3fa1e48e81fbdba23938f1f7adfd7cc8dd9765beb9eafb9f6dd97f4209f6d

memory/2392-493-0x0000000075E10000-0x0000000075E73000-memory.dmp

memory/2392-492-0x0000000076810000-0x0000000076A25000-memory.dmp

memory/5112-494-0x00000000053C0000-0x000000000543E000-memory.dmp

C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\MainUI.dll

MD5 fba7235ff58d1b40748ec9cfb2e90eeb
SHA1 b5908d793a1838d9d65ab0aee413c9611334cee7
SHA256 3d230cab8bc754a966497149ba2645cbfe6c3133ffc2156e52a044b07576bcee
SHA512 8748061f3619891378f910e6a27fa156347aa8beeec2f8dfc9fa14c013cee85a497d5ccba4d39199c1e22daeed0c4e239a77b0c68209edb047e92ab26286c3bd

memory/4624-506-0x00000000057D0000-0x0000000005819000-memory.dmp

memory/4624-508-0x0000000005F40000-0x0000000005F54000-memory.dmp

memory/1492-510-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/1492-516-0x00000000031B0000-0x0000000003222000-memory.dmp

memory/1492-514-0x00000000030E0000-0x0000000003185000-memory.dmp

memory/1492-512-0x0000000003060000-0x00000000030DD000-memory.dmp

memory/1492-519-0x0000000003730000-0x0000000003744000-memory.dmp

memory/1492-528-0x0000000003890000-0x00000000038C5000-memory.dmp

memory/1492-531-0x0000000003C20000-0x0000000003CBF000-memory.dmp

memory/4624-536-0x0000000003050000-0x0000000003063000-memory.dmp

C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml

MD5 000b392933bd388a6682b30b487eb1f9
SHA1 e6870581169353b696b17ca41a4447a6af120c89
SHA256 9a68bd00a2dcf2b05d9ab3700c3bcaa89efb28747ed77bc8a61b6ad6cce7a08a
SHA512 cfe2a08d5c35bff99cfd471e84cbe14eaabaa0cb61863f5f46ba11cb6dd1c92483d45c5627d34c1b61a3ff6ba24cfaaab982cc2588a77fe11a8b3e1f79f82034

memory/3420-561-0x0000000076810000-0x0000000076A25000-memory.dmp

memory/5112-562-0x00000000053C0000-0x000000000543E000-memory.dmp

memory/5112-563-0x0000000000270000-0x0000000001701000-memory.dmp

memory/4624-565-0x0000000076810000-0x0000000076A25000-memory.dmp

memory/4624-566-0x0000000075E10000-0x0000000075E73000-memory.dmp

memory/4996-568-0x0000000076810000-0x0000000076A25000-memory.dmp

memory/4996-569-0x0000000075E10000-0x0000000075E73000-memory.dmp

memory/3420-571-0x0000000076810000-0x0000000076A25000-memory.dmp

memory/5004-574-0x0000000075E10000-0x0000000075E73000-memory.dmp

memory/5004-573-0x0000000076810000-0x0000000076A25000-memory.dmp

C:\Users\Admin\AppData\Roaming\Baidu\Baidu\pb\100.pb

MD5 0a046fc4ac62ca3278450db3c4d14330
SHA1 8d4cec6518773caab72c4ff79d138b62ea6c1337
SHA256 02fe395561c74e117eedd1ac5f9c5d9d2be407affde144421199623ac83da6b7
SHA512 0dd7829970f5406b5466017359eff58e70dd33f36092e9073ae68f2d4543cf2494dad39012705841286cbab6dcd9f84c603582e97dfaaea416e756741d419ba0