Analysis Overview
SHA256
f89b2764302a8dd56912f1fdfaccc6b14ae9be243f62f6cd01f906748fea773d
Threat Level: Shows suspicious behavior
The file 411db49702608fdeff55f2c7b2f657d1_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
VMProtect packed file
Unexpected DNS network traffic destination
Adds Run key to start application
Enumerates connected drives
Checks installed software on the system
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-14 10:11
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-14 10:11
Reported
2024-05-14 10:14
Platform
win7-20240419-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\BaiduClient = "\"C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient\\2.5.19.2540\\Baidu.exe\" --auto-run" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppName = "Baidu.exe" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9} | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9} | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 11
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --inst-task 9#\0.0.0.0\ -p 1
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --main-frame 0 --search-bar 2 --tray 1 --dock-screen 0 --dock-direction 0 --dock-ptx 0 --dock-pty 0
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe"
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe" --dock-direction="" --dock-ptx="" --dock-pty="" --dock-screen="" --humming-dir="C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin" --main-frame="" --search-bar="" --service-exe="BaiduRenderClient.exe" --tray="" --xchannel="\\.\pipe\ipc.2596.0.21341" --xtype="service" /prefetch:1
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 3 -r 2596 -c 3 -m 11149735102708 --magic-number 11149735102708
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 2 -r 2596 -c 4 -m 11149735102708 --magic-number 11149735102708
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | up.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | passport.baidu.com | udp |
| US | 8.8.8.8:53 | sys.webapi.br.baidu.com | udp |
| US | 8.8.8.8:53 | passport.baidu.com | udp |
| HK | 180.76.76.76:53 | sys.webapi.br.baidu.com | udp |
| HK | 103.235.46.9:443 | passport.baidu.com | tcp |
| HK | 103.235.46.9:443 | passport.baidu.com | tcp |
| US | 8.8.8.8:53 | location.br.baidu.com | udp |
| CN | 61.135.186.93:80 | location.br.baidu.com | tcp |
| US | 8.8.8.8:53 | cfg.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | rc.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | res2.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | res3.download.iyuntian.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | tk.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | utk.download.iyuntian.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| N/A | 127.0.0.1:49737 | tcp | |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
Files
memory/2392-0-0x0000000000E60000-0x00000000022F1000-memory.dmp
memory/2392-1-0x0000000077580000-0x0000000077581000-memory.dmp
memory/2392-7-0x0000000076F60000-0x0000000076F61000-memory.dmp
memory/2392-3-0x0000000077580000-0x0000000077581000-memory.dmp
memory/2392-10-0x0000000000E60000-0x00000000022F1000-memory.dmp
\Users\Admin\AppData\Local\Temp\so\so.dll
| MD5 | c88736af43349b810275604d9a310663 |
| SHA1 | 92fd72667922080623fde346340f325130804474 |
| SHA256 | 1dd5ab5ed7713cf61c8bda085546fd06366ce3677d87c13c42bb6c507d55a33f |
| SHA512 | 9db791b9e8df451aaf5a6b147d1e53221dc7c2fe489465d62bc61ecb57e6a370fc859c207f66fca51309418a44f0adefe6c8cb772762fab0b9c19ae72384caae |
memory/2392-18-0x0000000077580000-0x0000000077581000-memory.dmp
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Plugins\extends\xinwen\1.0.0.9\completelist.txt
| MD5 | 769f4df16039bc76cee3f45ccb2a4c8d |
| SHA1 | 4d2e9f92ad40b5648193506eafaf7ecdd23a3264 |
| SHA256 | 13084a91a61cbd941dc3acfddf98cef4db00be925deda7f17b7840872ef47c99 |
| SHA512 | 113aa3ed73813c451f07b75b09232dc76b42fe49b9e32345eef528211b8bb2b6ba8671028b65dd5f43978dd595afe75c3341ac0a9e6899d8c34714fba382d920 |
\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
| MD5 | a9d9e64ce71346e895041d2d3f85470b |
| SHA1 | a364c60250e20689919c5af166b8da4965542a47 |
| SHA256 | 68d63e347823e85d7221b2245dec8d4b1a59782a86c2e17793336e5a7816b9f9 |
| SHA512 | 7f15b40c9e3d355cfe57e980966af26b0b8892b55699ec722b1a17384f6a8270f10026be56fbcbb86d8228f47febaa7b58470a57c64fa2a818063c671e101701 |
\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduReport.dll
| MD5 | 13d6338b22cd158a12d4e546d55363fb |
| SHA1 | a97429238dd2c1390c1e352aec9a78913df0ac91 |
| SHA256 | 5612d598cc63c2f07fa1f7e3ef681ee54b9b029af5a1641daf3c079890de6c32 |
| SHA512 | dbd54a694e0ffc7425abd7c8e9410418338d58f990dd99a289f3bfcac237c1a205e137760d65de59681bd5dc3425f3311a471a9e7dd719dbc41384d235dd8b79 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Report.dll
| MD5 | 2749718cf4ad28bf33f9596b298ddbec |
| SHA1 | f24443b211be83e192c6eb39ef47b422d1f715de |
| SHA256 | 8c1a33aad4d8c070a48f1fb620f8404ccd08aeb304551af3090142645b6e7f16 |
| SHA512 | e59b643c03fecc2bad8e94baa35787aef3688b12b0b9f8b01cec6c6238125eebd0d77c243c53fdd74a4561322bdbcdbb763bc8cc766d0fc9b79b97833df57671 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Utils.dll
| MD5 | 2276b44148aaa11660ae6fce407c1231 |
| SHA1 | f96a8183720748ffb1eb230b1d3e6e7370919a8e |
| SHA256 | 74d494caddb9d2b6be03d0d071df1b473783c3c335c998e03da7e3c5739d1412 |
| SHA512 | d328d0186c11fb67fd692e72416dfb735616ce5c473c300c5a66cf88c3ad3e03aa8ad409ae9398492361995eb1190fc4c2b04888de1d9f46cf840b20ee79a030 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\MSVCR100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\MSVCP100.dll
| MD5 | bc83108b18756547013ed443b8cdb31b |
| SHA1 | 79bcaad3714433e01c7f153b05b781f8d7cb318d |
| SHA256 | b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671 |
| SHA512 | 6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Base.dll
| MD5 | c4dbf079a91dc0e918e9935d508937df |
| SHA1 | ca6320080249bee1a628c337088313e4baff4bc6 |
| SHA256 | bca180f830fef33de23a96ce0d50c2a2c64c0940c27da16c6fc52f611f4ed2d5 |
| SHA512 | f7013bb98b72b067f75ff74f7d596162a15449f0596fea9870348cd92ed4c89eaa8f282cbc7584e993874b5fd2b28e5315e1a09c22b8b7d830899514e60370e2 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\bdlog.dll
| MD5 | 56d1d9be11aec8560139c779f353155c |
| SHA1 | b28a2b5b348fb49cd3222e6a804ab934d293bcf2 |
| SHA256 | cba98b57e8c9b5d9f34b68b2b9433187705c3ef65b11b0f20373ce5e05859c96 |
| SHA512 | 33f65c8af6937cc680e95d3f638d6fd861ce4aedb3595c9cc16afdd072e63a36b9b6ee28aed033e5779679d2c73c943b81759abb96a6a31e5d823c9dbd27f247 |
\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\CommonWorker.dll
| MD5 | 72aaeba54b8e78c78862a9b321912d6e |
| SHA1 | f788d9412a6697e1ed2df400ba1a9caeec02cf0f |
| SHA256 | 3e94838a9bb3b5bd1500ff6dc558c7af5dc534db0b544f1232cd6b08b9af4432 |
| SHA512 | bcc968e89f17a8776d06c125d2dfc68f5fb7237857d745ba3df4afebac67aa255d8b32afb0c5e66b2ac1fce616aa09cbdd77c7cc9703aa0fec03d406cca305b3 |
memory/2456-428-0x0000000076E73000-0x0000000076E74000-memory.dmp
memory/2624-466-0x0000000076E60000-0x0000000076EA7000-memory.dmp
memory/2440-471-0x0000000076040000-0x0000000076075000-memory.dmp
\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\uninst.exe
| MD5 | 5bba771049a908635b1d2bfe4a7fce75 |
| SHA1 | 9798a1b4bcea639ed40f3f518305f9a5277e1590 |
| SHA256 | e62e8290f963a95e6464817a4f82c9f323d54f25eda2aba175421d4707a10609 |
| SHA512 | 66f77dc6cbc7ecf993f16aa5ab0b339d707ca4234d580ef9de4b0df3de5c2e6ef7f3fa1e48e81fbdba23938f1f7adfd7cc8dd9765beb9eafb9f6dd97f4209f6d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\百度.lnk
| MD5 | 2c9675dda7338f96f522f64a9a7ee4bf |
| SHA1 | bef9884dde52b96b7070bc53c18d4e3eb5f14e37 |
| SHA256 | f7585905e423893bb687c02db1cd8f9b9109f1bf2a38f569dfa3a8699835fcca |
| SHA512 | b5b17760ada1a30692671b34f23640df25b0740abd3e9ad6314ddb83f19119e69b83af54be7640fb27dbbef76201fef2ea739ed703fdead43e062c414fbbde75 |
memory/2624-467-0x0000000076040000-0x0000000076075000-memory.dmp
memory/2440-468-0x0000000076E60000-0x0000000076EA7000-memory.dmp
memory/2456-500-0x0000000076040000-0x0000000076075000-memory.dmp
memory/2456-499-0x0000000076E60000-0x0000000076EA7000-memory.dmp
memory/2456-427-0x000000007740F000-0x0000000077410000-memory.dmp
memory/2456-408-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/2456-407-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/2612-507-0x0000000076040000-0x0000000076075000-memory.dmp
memory/2612-506-0x0000000076E60000-0x0000000076EA7000-memory.dmp
memory/2392-508-0x00000000005E0000-0x00000000005E2000-memory.dmp
memory/2596-511-0x0000000003480000-0x00000000034C9000-memory.dmp
memory/2596-513-0x0000000004AB0000-0x0000000004B55000-memory.dmp
memory/2596-515-0x0000000004B60000-0x0000000004BD2000-memory.dmp
memory/2596-517-0x0000000003800000-0x0000000003814000-memory.dmp
memory/2940-518-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/2940-521-0x00000000002D0000-0x000000000034D000-memory.dmp
memory/1192-520-0x0000000002F20000-0x0000000002F21000-memory.dmp
memory/2940-525-0x00000000009F0000-0x0000000000A62000-memory.dmp
memory/2940-523-0x0000000000460000-0x0000000000505000-memory.dmp
memory/2940-528-0x0000000000580000-0x0000000000594000-memory.dmp
memory/2940-529-0x0000000000AC0000-0x0000000000AF5000-memory.dmp
memory/2940-537-0x0000000001090000-0x000000000112F000-memory.dmp
memory/2596-542-0x0000000003C50000-0x0000000003C63000-memory.dmp
memory/2392-555-0x0000000000E60000-0x00000000022F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml
| MD5 | 000b392933bd388a6682b30b487eb1f9 |
| SHA1 | e6870581169353b696b17ca41a4447a6af120c89 |
| SHA256 | 9a68bd00a2dcf2b05d9ab3700c3bcaa89efb28747ed77bc8a61b6ad6cce7a08a |
| SHA512 | cfe2a08d5c35bff99cfd471e84cbe14eaabaa0cb61863f5f46ba11cb6dd1c92483d45c5627d34c1b61a3ff6ba24cfaaab982cc2588a77fe11a8b3e1f79f82034 |
memory/1616-570-0x0000000076E60000-0x0000000076EA7000-memory.dmp
memory/2392-571-0x0000000000E60000-0x00000000022F1000-memory.dmp
memory/2596-573-0x0000000076E60000-0x0000000076EA7000-memory.dmp
memory/2596-574-0x0000000076040000-0x0000000076075000-memory.dmp
memory/688-576-0x0000000076E60000-0x0000000076EA7000-memory.dmp
memory/688-577-0x0000000076040000-0x0000000076075000-memory.dmp
C:\Users\Admin\AppData\Roaming\Baidu\Baidu\pb\100.pb
| MD5 | 0a046fc4ac62ca3278450db3c4d14330 |
| SHA1 | 8d4cec6518773caab72c4ff79d138b62ea6c1337 |
| SHA256 | 02fe395561c74e117eedd1ac5f9c5d9d2be407affde144421199623ac83da6b7 |
| SHA512 | 0dd7829970f5406b5466017359eff58e70dd33f36092e9073ae68f2d4543cf2494dad39012705841286cbab6dcd9f84c603582e97dfaaea416e756741d419ba0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-14 10:11
Reported
2024-05-14 10:14
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
| Destination IP | 180.76.76.76 | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BaiduClient = "\"C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient\\2.5.19.2540\\Baidu.exe\" --auto-run" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9} | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppName = "Baidu.exe" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Baidu\\BaiduClient" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\411db49702608fdeff55f2c7b2f657d1_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 12#0
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 1 --inst-task 11
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --inst-task 9#\0.0.0.0\ -p 1
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" --main-frame 0 --search-bar 2 --tray 1 --dock-screen 0 --dock-direction 0 --dock-ptx 0 --dock-pty 0
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\wrs\BaiduRenderClient.exe" --dock-direction="" --dock-ptx="" --dock-pty="" --dock-screen="" --humming-dir="C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin" --main-frame="" --search-bar="" --service-exe="BaiduRenderClient.exe" --tray="" --xchannel="\\.\pipe\ipc.4624.0.21344" --xtype="service" /prefetch:1
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BDDockerX64.exe"
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 3 -r 4624 -c 3 -m 19859928780852 --magic-number 19859928780852
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
"C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe" -p 2 -r 4624 -c 4 -m 19859928780852 --magic-number 19859928780852
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | up.mb.baidu.com | udp |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| NL | 23.62.61.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | passport.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | sys.webapi.br.baidu.com | udp |
| HK | 103.235.46.9:443 | passport.baidu.com | tcp |
| HK | 103.235.46.9:443 | passport.baidu.com | tcp |
| US | 8.8.8.8:53 | location.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| CN | 61.135.186.93:80 | location.br.baidu.com | tcp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | 76.76.76.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.46.235.103.in-addr.arpa | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | rc.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | cfg.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | res2.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | res3.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | tk.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | utk.download.iyuntian.com | udp |
| N/A | 127.0.0.1:62922 | tcp | |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| HK | 180.76.76.76:53 | msc.br.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| CN | 114.114.114.114:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | 114.114.114.114.in-addr.arpa | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | dtrp.download.iyuntian.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | scloud-dlsw.br.baidu.com | udp |
| US | 8.8.8.8:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| US | 8.8.8.8:53 | p2s.download.baidu.com | udp |
| US | 8.8.8.8:53 | dr.mb.baidu.com | udp |
| US | 8.8.8.8:53 | scloud-dlsw.br.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | hb.mb.baidu.com | udp |
| HK | 180.76.76.76:53 | dr.mb.baidu.com | udp |
Files
memory/5112-0-0x0000000000270000-0x0000000001701000-memory.dmp
memory/5112-1-0x0000000000270000-0x0000000001701000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\so\so.dll
| MD5 | c88736af43349b810275604d9a310663 |
| SHA1 | 92fd72667922080623fde346340f325130804474 |
| SHA256 | 1dd5ab5ed7713cf61c8bda085546fd06366ce3677d87c13c42bb6c507d55a33f |
| SHA512 | 9db791b9e8df451aaf5a6b147d1e53221dc7c2fe489465d62bc61ecb57e6a370fc859c207f66fca51309418a44f0adefe6c8cb772762fab0b9c19ae72384caae |
memory/5112-11-0x0000000077E30000-0x0000000077E31000-memory.dmp
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\defaultDB\Software.pb
| MD5 | 2177313f4585bd19d8a8036b0df05f00 |
| SHA1 | 7b763d97faabc283a9edd64b151cc22707b93f8a |
| SHA256 | fea0e27b1aaead498ae1651517f14982783bcdcd764416588ff21ffea2f9ec5f |
| SHA512 | fb2386b45ee23a5c44075a7187de349da6a95b461ba9366ba2d7a755bbd6932b7bcf524c6f8609826707b3018b62ab8764663cc5a49afb9902b9c3aac0f55ae8 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Plugins\extends\weixin\1.0.0.8\completelist.txt
| MD5 | 769f4df16039bc76cee3f45ccb2a4c8d |
| SHA1 | 4d2e9f92ad40b5648193506eafaf7ecdd23a3264 |
| SHA256 | 13084a91a61cbd941dc3acfddf98cef4db00be925deda7f17b7840872ef47c99 |
| SHA512 | 113aa3ed73813c451f07b75b09232dc76b42fe49b9e32345eef528211b8bb2b6ba8671028b65dd5f43978dd595afe75c3341ac0a9e6899d8c34714fba382d920 |
memory/5112-393-0x0000000077100000-0x0000000077101000-memory.dmp
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Baidu.exe
| MD5 | a9d9e64ce71346e895041d2d3f85470b |
| SHA1 | a364c60250e20689919c5af166b8da4965542a47 |
| SHA256 | 68d63e347823e85d7221b2245dec8d4b1a59782a86c2e17793336e5a7816b9f9 |
| SHA512 | 7f15b40c9e3d355cfe57e980966af26b0b8892b55699ec722b1a17384f6a8270f10026be56fbcbb86d8228f47febaa7b58470a57c64fa2a818063c671e101701 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduReport.dll
| MD5 | 13d6338b22cd158a12d4e546d55363fb |
| SHA1 | a97429238dd2c1390c1e352aec9a78913df0ac91 |
| SHA256 | 5612d598cc63c2f07fa1f7e3ef681ee54b9b029af5a1641daf3c079890de6c32 |
| SHA512 | dbd54a694e0ffc7425abd7c8e9410418338d58f990dd99a289f3bfcac237c1a205e137760d65de59681bd5dc3425f3311a471a9e7dd719dbc41384d235dd8b79 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\msvcr100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Report.dll
| MD5 | 2749718cf4ad28bf33f9596b298ddbec |
| SHA1 | f24443b211be83e192c6eb39ef47b422d1f715de |
| SHA256 | 8c1a33aad4d8c070a48f1fb620f8404ccd08aeb304551af3090142645b6e7f16 |
| SHA512 | e59b643c03fecc2bad8e94baa35787aef3688b12b0b9f8b01cec6c6238125eebd0d77c243c53fdd74a4561322bdbcdbb763bc8cc766d0fc9b79b97833df57671 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Base.dll
| MD5 | c4dbf079a91dc0e918e9935d508937df |
| SHA1 | ca6320080249bee1a628c337088313e4baff4bc6 |
| SHA256 | bca180f830fef33de23a96ce0d50c2a2c64c0940c27da16c6fc52f611f4ed2d5 |
| SHA512 | f7013bb98b72b067f75ff74f7d596162a15449f0596fea9870348cd92ed4c89eaa8f282cbc7584e993874b5fd2b28e5315e1a09c22b8b7d830899514e60370e2 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\bdlog.dll
| MD5 | 56d1d9be11aec8560139c779f353155c |
| SHA1 | b28a2b5b348fb49cd3222e6a804ab934d293bcf2 |
| SHA256 | cba98b57e8c9b5d9f34b68b2b9433187705c3ef65b11b0f20373ce5e05859c96 |
| SHA512 | 33f65c8af6937cc680e95d3f638d6fd861ce4aedb3595c9cc16afdd072e63a36b9b6ee28aed033e5779679d2c73c943b81759abb96a6a31e5d823c9dbd27f247 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\Utils.dll
| MD5 | 2276b44148aaa11660ae6fce407c1231 |
| SHA1 | f96a8183720748ffb1eb230b1d3e6e7370919a8e |
| SHA256 | 74d494caddb9d2b6be03d0d071df1b473783c3c335c998e03da7e3c5739d1412 |
| SHA512 | d328d0186c11fb67fd692e72416dfb735616ce5c473c300c5a66cf88c3ad3e03aa8ad409ae9398492361995eb1190fc4c2b04888de1d9f46cf840b20ee79a030 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\msvcp100.dll
| MD5 | bc83108b18756547013ed443b8cdb31b |
| SHA1 | 79bcaad3714433e01c7f153b05b781f8d7cb318d |
| SHA256 | b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671 |
| SHA512 | 6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011 |
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\CommonWorker.dll
| MD5 | 72aaeba54b8e78c78862a9b321912d6e |
| SHA1 | f788d9412a6697e1ed2df400ba1a9caeec02cf0f |
| SHA256 | 3e94838a9bb3b5bd1500ff6dc558c7af5dc534db0b544f1232cd6b08b9af4432 |
| SHA512 | bcc968e89f17a8776d06c125d2dfc68f5fb7237857d745ba3df4afebac67aa255d8b32afb0c5e66b2ac1fce616aa09cbdd77c7cc9703aa0fec03d406cca305b3 |
memory/3276-454-0x0000000075E10000-0x0000000075E73000-memory.dmp
memory/3276-453-0x0000000076810000-0x0000000076A25000-memory.dmp
memory/3152-478-0x0000000075E10000-0x0000000075E73000-memory.dmp
memory/3152-477-0x0000000076810000-0x0000000076A25000-memory.dmp
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\BaiduService.exe
| MD5 | 69085c9633b6be368ca67371833297e3 |
| SHA1 | c94fe3c9e23d71287bf286b152d67fe6c4e96afb |
| SHA256 | ae8fc01610809b9430957e1c027613545dd42e68d8de42f2651119620b1b8c23 |
| SHA512 | df637062d46a1ab45d13a856330b19e6d3d3f66ada9fd95f239683c0aef9f3ef8ca89dc48f3f630fd1258e637f268c98d6794136c2d87ffc0ff7deca8e36c852 |
memory/3276-423-0x0000000077CF2000-0x0000000077CF3000-memory.dmp
memory/3276-420-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/3276-419-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/2892-482-0x0000000076810000-0x0000000076A25000-memory.dmp
memory/2892-483-0x0000000075E10000-0x0000000075E73000-memory.dmp
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\uninst.exe
| MD5 | 5bba771049a908635b1d2bfe4a7fce75 |
| SHA1 | 9798a1b4bcea639ed40f3f518305f9a5277e1590 |
| SHA256 | e62e8290f963a95e6464817a4f82c9f323d54f25eda2aba175421d4707a10609 |
| SHA512 | 66f77dc6cbc7ecf993f16aa5ab0b339d707ca4234d580ef9de4b0df3de5c2e6ef7f3fa1e48e81fbdba23938f1f7adfd7cc8dd9765beb9eafb9f6dd97f4209f6d |
memory/2392-493-0x0000000075E10000-0x0000000075E73000-memory.dmp
memory/2392-492-0x0000000076810000-0x0000000076A25000-memory.dmp
memory/5112-494-0x00000000053C0000-0x000000000543E000-memory.dmp
C:\Users\Admin\AppData\Local\Baidu\BaiduClient\2.5.19.2540\MainUI.dll
| MD5 | fba7235ff58d1b40748ec9cfb2e90eeb |
| SHA1 | b5908d793a1838d9d65ab0aee413c9611334cee7 |
| SHA256 | 3d230cab8bc754a966497149ba2645cbfe6c3133ffc2156e52a044b07576bcee |
| SHA512 | 8748061f3619891378f910e6a27fa156347aa8beeec2f8dfc9fa14c013cee85a497d5ccba4d39199c1e22daeed0c4e239a77b0c68209edb047e92ab26286c3bd |
memory/4624-506-0x00000000057D0000-0x0000000005819000-memory.dmp
memory/4624-508-0x0000000005F40000-0x0000000005F54000-memory.dmp
memory/1492-510-0x000000006FFF0000-0x0000000070000000-memory.dmp
memory/1492-516-0x00000000031B0000-0x0000000003222000-memory.dmp
memory/1492-514-0x00000000030E0000-0x0000000003185000-memory.dmp
memory/1492-512-0x0000000003060000-0x00000000030DD000-memory.dmp
memory/1492-519-0x0000000003730000-0x0000000003744000-memory.dmp
memory/1492-528-0x0000000003890000-0x00000000038C5000-memory.dmp
memory/1492-531-0x0000000003C20000-0x0000000003CBF000-memory.dmp
memory/4624-536-0x0000000003050000-0x0000000003063000-memory.dmp
C:\Users\Admin\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml
| MD5 | 000b392933bd388a6682b30b487eb1f9 |
| SHA1 | e6870581169353b696b17ca41a4447a6af120c89 |
| SHA256 | 9a68bd00a2dcf2b05d9ab3700c3bcaa89efb28747ed77bc8a61b6ad6cce7a08a |
| SHA512 | cfe2a08d5c35bff99cfd471e84cbe14eaabaa0cb61863f5f46ba11cb6dd1c92483d45c5627d34c1b61a3ff6ba24cfaaab982cc2588a77fe11a8b3e1f79f82034 |
memory/3420-561-0x0000000076810000-0x0000000076A25000-memory.dmp
memory/5112-562-0x00000000053C0000-0x000000000543E000-memory.dmp
memory/5112-563-0x0000000000270000-0x0000000001701000-memory.dmp
memory/4624-565-0x0000000076810000-0x0000000076A25000-memory.dmp
memory/4624-566-0x0000000075E10000-0x0000000075E73000-memory.dmp
memory/4996-568-0x0000000076810000-0x0000000076A25000-memory.dmp
memory/4996-569-0x0000000075E10000-0x0000000075E73000-memory.dmp
memory/3420-571-0x0000000076810000-0x0000000076A25000-memory.dmp
memory/5004-574-0x0000000075E10000-0x0000000075E73000-memory.dmp
memory/5004-573-0x0000000076810000-0x0000000076A25000-memory.dmp
C:\Users\Admin\AppData\Roaming\Baidu\Baidu\pb\100.pb
| MD5 | 0a046fc4ac62ca3278450db3c4d14330 |
| SHA1 | 8d4cec6518773caab72c4ff79d138b62ea6c1337 |
| SHA256 | 02fe395561c74e117eedd1ac5f9c5d9d2be407affde144421199623ac83da6b7 |
| SHA512 | 0dd7829970f5406b5466017359eff58e70dd33f36092e9073ae68f2d4543cf2494dad39012705841286cbab6dcd9f84c603582e97dfaaea416e756741d419ba0 |