036b971c031f1a90ddbf4e298d3f6491259bd1594fb9d9cc7f0025a8c68bc112

Analysis

max time kernel
130s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
Size

2.3MB
MD5

6926861abc5e60e35309e6bd1f40ddd2
SHA1

68d78e10ce0d92f943725f4a20cde30336551765
SHA256

036b971c031f1a90ddbf4e298d3f6491259bd1594fb9d9cc7f0025a8c68bc112
SHA512

a3cf7bdcefaa2e2b4da50b3ebd5f35db2c6704d5f6a3d7bcb912cf90b014c42534ec0b97fb766c1b5ceb73d0228e0dbb51cac92e0ad28f60cb8ae0d5dce93db9
SSDEEP

49152:0uuE7AnqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFWd:eE7AqrlyutLxC3sEwwMd

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

minidownload.exeSogouSoftware.exeExternalApp.exe

pid process

2780 minidownload.exe
2748 SogouSoftware.exe
912 ExternalApp.exe

pid	process
2780	minidownload.exe
2748	SogouSoftware.exe
912	ExternalApp.exe

Loads dropped DLL 16 IoCs

Processes:

6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exeminidownload.exeSogouSoftware.exeExternalApp.exe

pid	process
2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
2780	minidownload.exe
2780	minidownload.exe
2780	minidownload.exe
2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
2748	SogouSoftware.exe
2748	SogouSoftware.exe
2748	SogouSoftware.exe
2748	SogouSoftware.exe
2748	SogouSoftware.exe
912	ExternalApp.exe
912	ExternalApp.exe
912	ExternalApp.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exeSogouSoftware.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
File opened for modification	\??\PhysicalDrive0	SogouSoftware.exe

Drops file in Program Files directory 64 IoCs

Processes:

ExternalApp.exeminidownload.exe

description	ioc	process
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\scroll_bk.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\left_btn_mask.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\refresh_hov2.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\tooltip.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\soft_update_left_more.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\Media.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\Printer4848.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\crash\ExceptionReport.exe	minidownload.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\.svn\text-base\driver_restore_page.xml.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\hwinfo.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\all-wcprops	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\9+.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\download\download\.svn\text-base\MiniTPFw.exe.svn-base	minidownload.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\7.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\soft_update_left_more.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\ApkTool\.svn\text-base\SogouAapt.exe.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\dlgClose_nor.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\scroll_trs.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\.svn\prop-base\dash_line.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\web_external_browser_dlg.xml	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\.svn\text-base\essential_list_dlg.xml.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\info.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\refresh_hov2.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\scroll_thu.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\recommend_hov.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\setting_dwn.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\ËÑË÷É¾³ý.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\close_dwn.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\Ñ¡ÖÐÌ¬.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\nav_btn_bg.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\.svn\prop-base\Printer4848.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\dlg_feedback.xml	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver_restore_list_item.xml	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\2.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\logo4848default.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\ËÑË÷É¾³ý.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\button.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\.svn\text-base\check_checked_disable.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\confirm_dlg.xml	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\search_delete.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\update_info.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\white.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\android_ver.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\download\download\.svn\prop-base\atl71.dll.svn-base	minidownload.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\.svn\text-base\group_list_item.xml.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\feedback_dwn.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\report_bug.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\4.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\check_checked_disable.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\.svn\prop-base\CPU.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\ApkTool\.svn\prop-base\aapt.exe.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\classify_btn_pushed.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\magnifier_search.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\refresh_hov.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\driver\.svn\prop-base\Printer.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\download\download\msvcr71.dll	minidownload.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\.svn\text-base\driver_scan_page.xml.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\download_bind_checkbox.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\GIF\.svn\format	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\scroll_trs.png	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\combo_right.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\text-base\logo3434.png.svn-base	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\tooltips_dlg.xml	ExternalApp.exe
File created	C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\prop-base\progress_fore.png.svn-base	ExternalApp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\minidownload.exe	nsis_installer_1
\Users\Admin\AppData\Local\Temp\minidownload.exe	nsis_installer_2
C:\Program Files (x86)\SogouSoftware\tmp\ExternalApp.exe	nsis_installer_1
C:\Program Files (x86)\SogouSoftware\tmp\ExternalApp.exe	nsis_installer_2

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exeSogouSoftware.exe

description	pid	process	target process
PID 2172 wrote to memory of 2780	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	minidownload.exe
PID 2172 wrote to memory of 2780	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	minidownload.exe
PID 2172 wrote to memory of 2780	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	minidownload.exe
PID 2172 wrote to memory of 2780	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	minidownload.exe
PID 2172 wrote to memory of 2780	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	minidownload.exe
PID 2172 wrote to memory of 2780	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	minidownload.exe
PID 2172 wrote to memory of 2780	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	minidownload.exe
PID 2172 wrote to memory of 2748	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	SogouSoftware.exe
PID 2172 wrote to memory of 2748	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	SogouSoftware.exe
PID 2172 wrote to memory of 2748	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	SogouSoftware.exe
PID 2172 wrote to memory of 2748	2172	6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe	SogouSoftware.exe
PID 2748 wrote to memory of 912	2748	SogouSoftware.exe	ExternalApp.exe
PID 2748 wrote to memory of 912	2748	SogouSoftware.exe	ExternalApp.exe
PID 2748 wrote to memory of 912	2748	SogouSoftware.exe	ExternalApp.exe
PID 2748 wrote to memory of 912	2748	SogouSoftware.exe	ExternalApp.exe
PID 2748 wrote to memory of 912	2748	SogouSoftware.exe	ExternalApp.exe
PID 2748 wrote to memory of 912	2748	SogouSoftware.exe	ExternalApp.exe
PID 2748 wrote to memory of 912	2748	SogouSoftware.exe	ExternalApp.exe

C:\Users\Admin\AppData\Local\Temp\6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\minidownload.exe
"C:\Users\Admin\AppData\Local\Temp\minidownload.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:2780

C:\Program Files (x86)\SogouSoftware\SogouSoftware.exe
"C:\Program Files (x86)\SogouSoftware\SogouSoftware.exe" /Loader /DownLoad?status=true&softurl=http%3A%2F%2Fxiazai.sogou.com%2Fcomm%2Fredir%3Fsoftdown%3D1%26u%3DYRyEVuHeM45mBjjEUSPVUEJm8GF_McJfVdEjKPrgnocp6RPTnPFSKls2-N19zn1VfMOrRMA_6qOhShbA1gDZ21gXJ8-dW6ZyJd2HMCZpOTvLIGNafI07QZpggfaFdLzRilLVZzhV53fF-ago-P3fECJIPRI-Fuc_AxfASetSfW-LPCjVth8Sku5Jp5e2TsHIa3kHHvOR8h0rNkC1O-u-OP-8wtI1ff_KDaem0Ixui-eXWHnXXzHlFg..%26pcid%3D-5387338580520352447%26filename%3Ddjyx_22_1412837413_djyx_22_2014-10-9_VIPDL_signed.exe&iconurl=http%3A%2F%2Fpc3.gtimg.com%2Fsoftmgr%2Flogo%2F48%2F15296_48_1398674358.png&softname=%E5%AE%9E%E5%86%B5%E8%B6%B3%E7%90%832014&softsize=3.39MB
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2748

C:\Program Files (x86)\SogouSoftware\tmp\ExternalApp.exe
"C:\Program Files (x86)\SogouSoftware\tmp\ExternalApp.exe" /Update
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:912

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\SogouSoftware\3.2.2.58\npdownload.dll"
4⤵
PID:1256

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\SogouSoftware\3.2.2.58\npdownload64.dll"
4⤵
PID:2032

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\SogouSoftware\3.2.2.58\npdownload64.dll"
5⤵
PID:2020

C:\Program Files (x86)\SogouSoftware\download\download\MiniTPFw.exe
"C:\Program Files (x86)\SogouSoftware\download\download\MiniTPFw.exe"
4⤵
PID:2012

C:\Program Files (x86)\SogouSoftware\download\download\ThunderFW.exe
"C:\Program Files (x86)\SogouSoftware\download\download\ThunderFW.exe" MiniThunderPlatform2024-05-2300:33:58 "C:\Program Files (x86)\SogouSoftware\download\download\MiniThunderPlatform.exe"
5⤵
PID:1696

C:\Program Files (x86)\SogouSoftware\update\UpdateService.exe
"C:\Program Files (x86)\SogouSoftware\update\UpdateService.exe" /Install
4⤵
PID:2644

C:\Program Files (x86)\SogouSoftware\download\download\MiniThunderPlatform.exe
"C:\Program Files (x86)\SogouSoftware\download\download\MiniThunderPlatform.exe" -StartTP
3⤵
PID:1524

C:\Program Files (x86)\SogouSoftware\update\UpdateService.exe
"C:\Program Files (x86)\SogouSoftware\update\UpdateService.exe" /Service
1⤵
PID:3024

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\MySoftwareManager.xml
Filesize
23KB

MD5
f5f5698ee6b73535a7a55ffc9df6f38f

SHA1
76b4f170b339481149f72a7294218ad7ea5f9ecd

SHA256
613125461abb68bf1535c2b28d3cbf1efc3fe04484acdb89c0e961296837f1ec

SHA512
5c83a38a0a0639bada0666592bcd73754e3f161b52ffcb14f066ce11ddac2f818de39ac5a36ebe3d026c202d087fcd1284d6fd5b65d38a112c6c1647274a3bc1

Download Submit
C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\.svn\format
Filesize
2B

MD5
c30f7472766d25af1dc80b3ffc9a58c7

SHA1
136571b41aa14adc10c5f3c987d43c02c8f5d498

SHA256
aa67a169b0bba217aa0aa88a65346920c84c42447c36ba5f7ea65f422c1fe5d8

SHA512
0354672b288ac5ccd92c7336f24c3b5a9e669d95bf3036241d3919bae5aadba2c312742d7b422cb04347d6ce98151019baf81a3390e12de140365f17a9cf9afc

Download Submit
C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\download_btn_icon.png
Filesize
1003B

MD5
6e30b0f37668df11c09a638ec2901959

SHA1
62f3c4379d14c86261724942016e8b30777049cb

SHA256
bf08172a35630a61b905c438f4c7f33df2a57ad078e24125de41b77880ee7e53

SHA512
f82eb5a5efcb8994a89a30ec47fc43173964adc5913f5277ac30adfd5c7f7a5c8cddbb6dcdff6ae49dc5391bed38884633482600e1fca84ce9738e52ade08cc1

Download Submit
C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\driver_icon.png
Filesize
1KB

MD5
af5deb4ef4870c69e6a7edf2f38faef4

SHA1
16bc05409d7da0a8121da977607af958d10e96fb

SHA256
638a6fd479b267e2a2b349953604a149bd521fc3f9d8f1ccd4b53aaef0a78513

SHA512
153714ebf00226c67d2a6d2cd88c1226bd16b951704cde38df869d7c488e2c753d2bfcc9389f504558578af4819e4573fdcb1f0bf478fe227ccc9c3f31294054

Download Submit
C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\logo3434.png
Filesize
1KB

MD5
4c74aab2bcf16cb617837aaeaa7cfa1b

SHA1
37925cfde22e94db3f4ad04df39d8fb20ca55c17

SHA256
8092dffbb4bc611d6f92786fbab70fddf7da5634f84d423c6fc20afd26172628

SHA512
62d96a3dc3001b396907855f12f91073a9d9e1d602e111a859c84a3207431c12564e46d0f052f293692cb130b56eb4b9e6fe7310ec2db0b401e4225f7afefc2f

Download Submit
C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\logo_text.png
Filesize
1KB

MD5
9876c5a2a2433a1d0d12dc272c2c226b

SHA1
508fbfb0a0164ce84a83c1f8fe257035e3b62929

SHA256
e182eb30de511bbc685548a771daa015a42299c207989c495bba0e8c9f5d0c1b

SHA512
5c89ba6180d0b22cf45db507b4d90e61e4d32b0753703f5735d36caf442e25d2ee4a617495ff022a6cedbb9fd0949912d5feb068afcb6aecc2451a7541edeeef

Download Submit
C:\Program Files (x86)\SogouSoftware\3.2.2.58\skin\PNG\software_icon.png
Filesize
995B

MD5
db61ef6be10662bde9e80c76e3b51854

SHA1
f48725f24dec25548d1a778dbc9fa95146a042b2

SHA256
478ce132c5472395f0ccfe3853a6b60dc727c2ee1c8d525c05e8717e264fd176

SHA512
dce39e93e47089104cc9fd1a73abcc506ccb4b29132e2b56adf8f052c9bc6dc6a05452bf7e44c60363705467af13a1cfefb87fede4f15aee6e73272a07e72f95

Download Submit
C:\Program Files (x86)\SogouSoftware\SogouSoftware.exe
Filesize
232KB

MD5
0bc2d003fcfe3fa65f4c3ba7a015fa41

SHA1
72ed85bc1c57259b4f2ed36d16ce3fed4e30607c

SHA256
388069590fb9569b6c498f941d0565416cb52fc803648ee21b8c59917c63eb4b

SHA512
ae8d83e6ca21ee9b0d5e5845fac3a4dc01c6038243da36b4360b2f42763478265cdafc89072c47672b9738de1930e5e5191e2bf91715055cbd16a949d313ff24

Download Submit
C:\Program Files (x86)\SogouSoftware\SogouSoftwareLoader.dll
Filesize
450KB

MD5
b1ce2dba9515e144908aa34ac77f5a46

SHA1
0a3e601eeba273a16d815c5e59793eb73db9daad

SHA256
5a7349e46f16ec394af8575b666c132c010bacaa2c59da472b842ffeccc5623f

SHA512
d0a78b5de9126b8126b531fb8f72ae375aac898930dccd8a61f173c28470895daab56b368c34a5925020dfdc642785651445967904d8756bb1ce7c1d2f95525a

Download Submit
C:\Program Files (x86)\SogouSoftware\download\download\.svn\prop-base\atl71.dll.svn-base
Filesize
53B

MD5
113136892f2137aa0116093a524ade0b

SHA1
a0284943f8ddfe69ceec90833e66d96bdf4a97f0

SHA256
ebbf7e8800c3446bc3a195fa53573bde1073b0bf7581a614372f1391a9286d02

SHA512
d3201cc19ae702a9813aa8bc39612ebaa48138903e9ede64dcadff213691f6e711876aa4fa083887c545325d5d8bf70649523c528090542459f2b01697180e99

Download Submit
C:\Program Files (x86)\SogouSoftware\manifest.cfg
Filesize
29B

MD5
dbdddb37dffafd829b9dddd86c8cbf57

SHA1
4fd1a652c7bfe2eb39e98a795cd77bc415b13d07

SHA256
e661aadd4b5793e960bebdb4862589720b757d7f2c9849c73a9490c162830466

SHA512
f1883accc58a7098f9b15a1a7225e7ef0e2ce3175dde6f5b2851c63654ee02919db734e41b45e74f998ba4c5e4f1fdc96abb5546a7fa1b02cc32ffe7d0c5fe36

Download Submit
C:\Program Files (x86)\SogouSoftware\tmp\ExternalApp.exe
Filesize
11.9MB

MD5
1ea611695a4d643cf4c63a60151b9387

SHA1
7210cc8750b0c8c4d5cf0c49ad5274f1aab2c724

SHA256
9c2f73221152802fd96b407477ee23b75f1ce9c9dc7de0c019e95f9d9b453ff2

SHA512
68b50b8facba55b416b4160849c8ef4d79cc2af3969de14f26b96aeb9ed610ecfc201202a3f542030e5f26fb021e85acbb8c0602f1ef285387bfbac4b39e1a87

Download Submit
C:\Program Files (x86)\SogouSoftware\Èí¼þÖúÊÖ.lnk
Filesize
944B

MD5
8de96925237b1a38a4d66a893df9031f

SHA1
d991c9721c0b49d16c6f5b9930b30c0c24c5aed6

SHA256
4d8e930f154cbceab3f86477c72816876a313eb53e8055064b3089768c3b70e4

SHA512
bcb0c53f326904a60a3a70a0d79ef5a1c1eec0595477de532202f7fd726faed7d811edbd6f45f6f5375db3497440aca9256273be7a73012cad46662b2450ffbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\assis[1].js
Filesize
15KB

MD5
b621cf91adddd75acd495c9f297723f7

SHA1
7cda3f9ffe420cbef342fb30c78f5b3809a5b127

SHA256
b5701c3457b2c81e03a8d2ddb455b058585ff5d9849433ba5afcbda57dc7e80d

SHA512
e9a09b552759dc82bc04d50430d33c3f0ee80b16bc5dead5e68f3cf9fed69ade83f826f3a91417009d6140a6009bfb1f6336a677bb41a83bd5b6faf2901858c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\style[1].css
Filesize
22KB

MD5
ac368d3a4082cd39d2c111a6ab4d1d5f

SHA1
d9aafaeac680e932415cdbb4e20ba945b063a501

SHA256
329fb2c78ed371031aed38de0ce8bb08c669455b6417c1020ad3bc6dd116f306

SHA512
c7383c00ecb356f010f483d6b1500d4245bea9b30c257fdc97a9742c125a441068282b2a905095034f4ebce0c60939a1bd4990ce7105d96207498ead337354a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\list[1].css
Filesize
1KB

MD5
c8b5721be97c34c28287a0a0dbfae44a

SHA1
b3d2b6488e7768e0bd2116a7d49db6f0a6a13b0f

SHA256
e77fb0539e543b69f7adc7c85a705de353dd22381a5678280403b693b5383b8b

SHA512
adfc46e4f90106019b709896759e24c9d55cdb96506c5ddb1203504959aa66859bb3f0e4a4c86af1b5af1827e5ed7b56b764af4dc48638eb67834d49524f9d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\scroll[1].js
Filesize
7KB

MD5
5bf16947424e2f6f04cfafe47a29ea48

SHA1
772b93297ac092f2229f2f200c660032f0c5b23d

SHA256
18970a865d7947e55463a342f53a4995c632d612025c5c04221f123285303648

SHA512
338d64b08706b1700a0e851d2d196909664720dcd070ab661a7efeeb0348d6ab3e811b68bae2355e5da807391dc16ae97aa2d281ff0b4a36cd6e0d94d40b7caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\jquery-1.11.1.min[1].js
Filesize
93KB

MD5
8101d596b2b8fa35fe3a634ea342d7c3

SHA1
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd

SHA256
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

SHA512
9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OXQUUOQX.txt
Filesize
95B

MD5
01b610c1b1543f598a0ce0d47a3874fa

SHA1
85ec1fe475eda3806778f2db060759cbe3c578f9

SHA256
612d8099a0c2d70cdecb406013862f3e7c7bab020a45bc802085d9f591f8e627

SHA512
d5a7cf0fc06a8f071a9bb1ba0f009557412f4aa4240972d07fd2b4b7ff2dbede8ef1e6934d708d876b2efe57dc25e561ba4811698b64e32d7fd9b41fe23f8337

Download Submit
\Program Files (x86)\SogouSoftware\3.2.2.58\CommonState.dll
Filesize
83KB

MD5
6e888d41691f655ab9ec752384e009eb

SHA1
6c54689dc6fe3070e2d24011a9f8e710f5444d66

SHA256
a5adc7b2757172c55834a3720731c0b3eb22ddd1766cc531c06de537bcef786d

SHA512
5995cb6a7bc4573d5593904fb518bef91401b4f44fef808ed915017a0b7f0589bb5b810fc183b196ea57de32ec4a0e63b54ce89dde3283e41ff706c6999c4977

Download Submit
\Program Files (x86)\SogouSoftware\3.2.2.58\DuiLib.dll
Filesize
827KB

MD5
28ba86c039552346dafff7e9363ce02e

SHA1
0c7848c17f84f7fae9f058ae49658dba4371975c

SHA256
49837458d579b16b25f81d0d477922c0d363867e120e0114577c2eb0506639a9

SHA512
60fa470134c5a9dfeacf2ebf615d656fd84d80f00ce0c3ff6d617e73f7942b5d48501b1073cd76fa717a0323d69b246170af5f8232ae7d4af3bc45b0325e7283

Download Submit
\Program Files (x86)\SogouSoftware\3.2.2.58\SogouSoftware.dll
Filesize
1.2MB

MD5
fb7a98797d8601196a79545775864de7

SHA1
0148ce7895eab4725b95a57e0fd3469a21de579f

SHA256
ffd9ab6a997659efee084a1493784c2755010a04f5a2ab03cd0ea74c637b3e96

SHA512
3afbef824abb40ccf128bdfa52cb7357b7340fe9a65139b6a2f42a17425548a96a7c95c3154728517aa784d8b00c0a5834a4af95f04bdc590eb8cfab9c24f75a

Download Submit
\Program Files (x86)\SogouSoftware\3.2.2.58\npdownload.dll
Filesize
272KB

MD5
c97af614b96b1d7adeed67261b3771c0

SHA1
f67f94dff7a78953d4a9a6af63d30fc7dfe40a8e

SHA256
98f283754465cae416af646c9c68e4c1a60eea088616bb5a265cfdd9c896b1b8

SHA512
972cee7e0fe258ec1d62cbe7b077380010a5ab4a02c24791d23e10047f5d2a16e847b2a33bde9f7b27e6a59483f61371d98186281ef40a3a370629f546f6d322

Download Submit
\Program Files (x86)\SogouSoftware\3.2.2.58\npdownload64.dll
Filesize
315KB

MD5
b256f88501223e358c03ea2a172e0f7f

SHA1
9ee8c5b3db6d7076742c488b001a76741fc3aefe

SHA256
2fc446c8fdb3ad5711e6e83c720379062accd40cf9203c6e484eea83faecb840

SHA512
10f9d2bcf55d2241cb92dea7b1f7833f7d2536e93c7906d3c483df25f8515f24bd3fa57659f8972b888cf57457ae5bd5a9f564e9326278ddc66ed7201e52d19e

Download Submit
\Program Files (x86)\SogouSoftware\3.2.2.58\sqlite3.dll
Filesize
589KB

MD5
ae8a8778ac495b47070774f33089753a

SHA1
24b443630adbf79b12c920f8fa2586abdf8ba6d2

SHA256
bc35883beeb5da827d8eceb32d30bd07a838ad6c8ffa07f0dc7708a118ab4a39

SHA512
1bd8933a7ca742769bce5463190d774ecfb70b984e500ab8b0229330eb7c4aa5e7c8432385459f4cc8e528504d2d5382e8379f7d6c13daa7a7506184fef3b125

Download Submit
\Program Files (x86)\SogouSoftware\download\download\MiniTPFw.exe
Filesize
58KB

MD5
58bb62e88687791ad2ea5d8d6e3fe18b

SHA1
0ffb029064741d10c9cf3f629202aa97167883de

SHA256
f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100

SHA512
cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5

Download Submit
\Program Files (x86)\SogouSoftware\update\UpdateService.exe
Filesize
168KB

MD5
3d3e5a0455863ae5b4db90b07c974967

SHA1
d6316c15eeccb0942a2779636812be9b3da333d7

SHA256
8671d4570f9462ff5c4cca67094baaecefebea212b2c8f27ad29d38f76ff312b

SHA512
37178f6ce1bb692b3eb19767955089be56649a02b8eaa940522fcac29397030e2510a3c7419f3e72be0b595b2e8c8f13ce6d4ac723f22a52103d669e6490331e

Download Submit
\Users\Admin\AppData\Local\Temp\minidownload.exe
Filesize
1.9MB

MD5
0618e9851ea4a522abeded8d40c2f19e

SHA1
c6772967fdf545e32d28f3b46e97aec5b9ff99f5

SHA256
506c374fbdf14420306e2da8d123c2138c2ceabd2046178317508a25949d3dc4

SHA512
b8c4816d81aa14646a3b690da76c0d33f59b7d419305638747503dba6bb84a63b906fe7d0ced59850ad25db37c1e0e6f3bd614a902f2f5ffb3d2bf74ec4e571f

Download Submit
\Users\Admin\AppData\Local\Temp\nso164F.tmp\System.dll
Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/1524-1173-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2748-1172-0x0000000009B60000-0x0000000009BB6000-memory.dmp

Filesize
344KB

Download
memory/2748-1171-0x0000000009B60000-0x0000000009BB6000-memory.dmp

Filesize
344KB

Download
memory/2748-1170-0x0000000009B60000-0x0000000009BB6000-memory.dmp

Filesize
344KB

Download