Analysis

  • max time kernel
    128s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 10:21

General

  • Target

    752b8a6b45ceb452cd4ef28e8f9d3965_JaffaCakes118.exe

  • Size

    34.4MB

  • MD5

    752b8a6b45ceb452cd4ef28e8f9d3965

  • SHA1

    e737a6c2fea43b9a5df2e85f90299fca3416f39e

  • SHA256

    0d4e910847a8da89c1a61e75ddd8db232083e735486178457c547e6a3958dcc1

  • SHA512

    91b7baaea54ab4feecdae6ba5d8aad7376c3e50eed649f9d8630744b333ccedbdb1cace441bec5fb6942f83b4ca2ee67bf8059eb97012bcfccd7a88502d17676

  • SSDEEP

    786432:/XCfiZDJsTvuBLeSqiPGBWnd9X5+MG+jmmXt:/XEiZWVVQP5+MG+jmm9

Malware Config

Signatures

  • Executes dropped EXE 27 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\752b8a6b45ceb452cd4ef28e8f9d3965_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\752b8a6b45ceb452cd4ef28e8f9d3965_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dictbuilder.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dictbuilder.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1788
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe" --clean_old
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2160
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe" --quit
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1772
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --usercenter=close
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:992
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetool.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetool.exe" --moveuserdata
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1036
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --moveuserdata
        3⤵
        • Executes dropped EXE
        PID:1552
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BDDownloadExe.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BDDownloadExe.exe" 1 /product=201
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • Suspicious behavior: EnumeratesProcesses
      PID:2152
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --install
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Modifies Control Panel
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --startmenuopt
        3⤵
        • Executes dropped EXE
        PID:332
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --vistataskscheduler
        3⤵
        • Executes dropped EXE
        PID:1740
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --filesec
        3⤵
        • Executes dropped EXE
        PID:1452
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --whitelist
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        PID:2796
      • C:\Windows\system32\RegSvr32.exe
        RegSvr32.exe /s "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiducnAx.dll"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:796
        • C:\Windows\SysWOW64\regsvr32.exe
          /s "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiducnAx.dll"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:2716
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --install-shell
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:2776
        • C:\Program Files (x86)\Baidu\BaiduPinyin\IMEBroker.exe
          "C:\Program Files (x86)\Baidu\BaiduPinyin\IMEBroker.exe" --quit
          4⤵
          • Executes dropped EXE
          PID:2724
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe" --quit
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --usercenter=close
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2644
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdupdate.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdupdate.exe" --installgau
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:860
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe" /u
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2736
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\cellinst.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\cellinst.exe" -reg
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:2624
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\skininst.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\skininst.exe" -reg
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:2440
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe"
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      PID:2332
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --location
        3⤵
        • Executes dropped EXE
        PID:1532
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --setopt /Command/ImportSogouDict bool:true
      2⤵
      • Executes dropped EXE
      PID:2492
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --setopt /Command/ImportQQDict bool:true
      2⤵
      • Executes dropped EXE
      PID:1972
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --setopt /Command/CheckImeSetup str:AD
      2⤵
      • Executes dropped EXE
      PID:1592
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --set-first-ime
      2⤵
      • Executes dropped EXE
      PID:1032
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --fix
      2⤵
      • Executes dropped EXE
      PID:2088

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BDDownloadExe.exe

          Filesize

          367KB

          MD5

          2f5aa7abfbbf2b087f9e4dfe423bd6a1

          SHA1

          c54a1c7d55272efc2733eea8c92e4e5d5b88c36d

          SHA256

          68ed1dc5216bc98e95b938643b44160805fb9564966ba3baa515df526ce6cff0

          SHA512

          f296c689b22ccf8d55f385e22f29e5e7e059daa44577eba05a8e42706abae4c9292c16fc9fe44d671ffb816960e69317aa5fbafb7e0702acf4f2608c6c0db719

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiduPinyin.exe

          Filesize

          2.8MB

          MD5

          080a1318a5e18553f622ee9498e1a99d

          SHA1

          8242034ceb4f3333c410478499f02885044373c2

          SHA256

          020f509f0c15d6c123b02e790d4d3d674a781ceeb8d6b304bcfb7d57479c5b36

          SHA512

          c90571a169099ad0973c090de7a1434f52bdef635730fac44029635ca91870269237595f81b6602dbb8f5cd077acafa2d36380776a3707d94fb1e8668070d1c3

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\MSVCR120.dll

          Filesize

          948KB

          MD5

          034ccadc1c073e4216e9466b720f9849

          SHA1

          f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

          SHA256

          86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

          SHA512

          5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baiducn.ime

          Filesize

          399KB

          MD5

          56385cb44bcf0b46d7b27ae70dc304f8

          SHA1

          f488aff961286a852fba6f887ba9369d7dbb8bbe

          SHA256

          1ef970a39e17a0f1188f7ea88a871a833613b0fbc5fbc028f2a29bcddba72159

          SHA512

          37725ad5e9599ce7db125453a4f63ead7d6648dca65ab93bb5ed6888404a04d86dfcea1d0a28ec4a005449d1246a452e03bb4a8bcf5c4bed42071cb1c2afb681

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baiducnx64.ime

          Filesize

          469KB

          MD5

          385de7eb355e2b67bc8efaf1d28db78b

          SHA1

          f8dcd255c7160347af343bd6824640d1960a3afe

          SHA256

          a00392e1f6c235507cf6077f16052216de8c50ea3c601b32ea8f1e75f447d650

          SHA512

          95461dbb67355cd44ebe0f8ae124bd878a7588e09ef9fc682ac256a1c5c243f5d1ffcf1189f714670f4298ce8e67e6463f98bb83540652edfaddd55e3d173267

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\Default\thumbnail.dat

          Filesize

          376KB

          MD5

          3c11f16a387925e9c088b0d819795bb4

          SHA1

          bf99c57feafd149b93c73fac2211b8be00b3e536

          SHA256

          0b07258015b5e139776c9be53965f4442bfc9d7265db93665f2a10a166fb04ce

          SHA512

          2a5cf1c37d3cc67709a427a5831a46218e15550054896b333c5ec9a7f6b370fb271d06696b842c2dc55947ed9dabaea5fb9bb1c859ca4132106cc02c590ab1be

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\dummygram.dat

          Filesize

          16.0MB

          MD5

          df695d1bb876e0aff16e80d37c13a045

          SHA1

          bfa3f935d0259f103213c86b19643c9d0e839d31

          SHA256

          8f34cb39e843f2569e530d13f9583d385d80273c7f0a7bd3227fba11336527fa

          SHA512

          8ad735da6d0cb7050474d53787bbbcf371cdc70ba6bb54e8b649331570f29f99f609ad897178f0c430548da245a31ffdf0db8f4cc1931f7bb1837d273d4d02e7

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\engraw.dat

          Filesize

          385KB

          MD5

          5fba35a5c0c99d59803bf9d2590c3f82

          SHA1

          8e8e082647997cb688effe79ec12529bd03e9987

          SHA256

          835828871ef9af95f85b8f249f2cacdbbae6c73ef802448f7c59584eb63265f6

          SHA512

          4217349c66ee47d096d2a4c19fa408dd6f08a09a9c47cb9493b5a2faff6f3f4f0d855cf02905f24f0a8d1ce6bb1d4d561c4f69a1378b09ff473f997855ddedf2

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\rawdict.dat

          Filesize

          6.3MB

          MD5

          d28c28b7d005a754a60839b4091aa556

          SHA1

          90e2b7ef24d2521b66ffa793d19dd7bbe8fe3bbb

          SHA256

          1d753a7609cfe79ec3abc6b2c0c6d552f29caf1251ffae2cb8fb81a71d80ee84

          SHA512

          96a754995b7751cb4a0df624bd8f4975b9fa40ef97329a798abf47197537c62f51f1b47900d82be14f2d2d2785e963897ab6f7cb713e6a76fef0107c4517c089

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\rawgram.dat

          Filesize

          15.1MB

          MD5

          2e1b6f915bc3efb9bd950099e9a25fa2

          SHA1

          ada21f4380f5c2bbf9a023fb3a97c6abc67d8552

          SHA256

          5f6bd5aa51cf2590579116816e87a26617f1424fdb00f4703dd4ee9429d425e8

          SHA512

          771557c762acab825f5f96bc83cac0612b5551f2c2d85406fe2288aad9aef9a17b16769ba29a7b5ef5087f17b5f2d0538480b3c16f809c5b52fb1afc4420f51c

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe

          Filesize

          3.2MB

          MD5

          0ccf4e1bd3bdd1119d96bd92b89e6a76

          SHA1

          9b00ad3520a26a9f6e0644c2796c85d8ae54c47d

          SHA256

          5893e51697c153e3ef8b257cba716577b7cc3e82fd0a8fbab51189706dedfc40

          SHA512

          e259835f453a9d7a3ece6e9b79d087ec7d596810ed072964e38b21eca613c2321b3964ec79806269eb6abcda40aafcd9d5e82f360018cbfa1e86266baff8507e

        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe

          Filesize

          495KB

          MD5

          2456be54b003a06e0418a2e40d24d7d7

          SHA1

          3b05821418dd7ee9c162bad6efeab51d6ac59b91

          SHA256

          5a3e0a62c53dc9f5dc231a487e70120099b35c61c7a1bb259f478e642a080f1d

          SHA512

          79dcaee135a8ede7d8cd278b5266441ac6728b93245f17b8d305aff36d9980fe88ae9f51b5ca5776633064d47670f751ff0cd8150807030df9ff080c6957e82b

        • C:\ProgramData\Baidu\Common\Global.db

          Filesize

          52B

          MD5

          829c3e3c9b2acb6cd72830b9cd90b0fa

          SHA1

          52b11f87f3c554fe900a714c29b428e4cafdb760

          SHA256

          10a5d14955952807113652da83e32416f436161c8c9aff5a1fcc2c56d847ff43

          SHA512

          a733cf4879fe5c0b4b48c8bd15d276b45423d21fffdddee4421c09891605e03c63663b071acf96b5eb4fe50be7c3895852ba7b429b50d9524479d69ea7b93907

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

          Filesize

          2KB

          MD5

          36f9150171fecdee49cd0efc7890d239

          SHA1

          34a7504712efb5bf8e08843a9e101e474ed81a41

          SHA256

          0a512e04179c2262c1846bc2cd9279a1a26030fd871ef1afaad63c4a54cd4731

          SHA512

          ed7670510eba4aa29bac21537427cefa7bfc0ad69160ad7de1601a9d146c86c0f9ef89f829baf595ec3e047be5155974d7a2e3aa18bbd29abb5da817a27c979b

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

          Filesize

          2KB

          MD5

          989f034c6b1a2d22f560bf090528932a

          SHA1

          83c8a49772473c39bf248b0eccb1bc834b1f0ea8

          SHA256

          5642a45bf8c8767bafc5e7858ec4c316ccbd787804e38033ecf6d2f4e301490a

          SHA512

          664230d455327f9655c5b5d137e9ee1d87e5b740582f25827ee85dc9170406a5a12816f3d2020dadecf0f8c788b2977fae8c192c5b883fd78c8863f7bbbd8659

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

          Filesize

          2KB

          MD5

          bdbc7107e98c12289350c9bf47575cc2

          SHA1

          b151b64ca392d0ed9d9281dc6dd099112a52206d

          SHA256

          781f6846e93cd61c4651bbc7ed4c10cf14dfc407517d1718a371a27fee4ba571

          SHA512

          282334ebe505725fb585a9b37b68accecae73f4227af620ff6e9a5a1c4c9add5adbe5b4e373bd79396329b973db0f280830b2a530dabfe6ba733b832df15f8ea

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

          Filesize

          289B

          MD5

          594a495ab13f9e25f437986639e3574a

          SHA1

          c15ffe9884ac5e1b1765c83241be0c01dc315fbc

          SHA256

          b4d810cac49676bbe7afde55f2460d4ee558ccb051b873b084b1ce310660a2c3

          SHA512

          08917462657248b543cc2b3dc4737bea8f3dca3984df6c3bd8c505eae38c025c9f404d1e77dbb0b4bbc9b1259d2f1c9d7c8387fdc696f06e5cf585c824521719

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

          Filesize

          1KB

          MD5

          d817ddd97fcdc6d8bccb583a4c31103c

          SHA1

          eea25f55e680b736d964880f7e91fe714ca44793

          SHA256

          df855cef2830f4bc2f0f3a63727a7c5c60735bf4133690a097569780f666670e

          SHA512

          5d877b2a25f3c8d0b5cdc0e6f5a4b2fd34459ad292a1b4c85b98874eb52023ec3c48384c193a712f7c1b1e2693c08ca669efe2036d51a2ce295bca8ce5dc038c

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\user.ini

          Filesize

          272B

          MD5

          b9b6d8a79955458ba0d79cea6e13c576

          SHA1

          1a4b22040821ce4401864834ebd944cac2635a01

          SHA256

          9e0bef1262b4ab1443125fe77a6da668625fda64a9829322004a493fe62d067c

          SHA512

          f70b4bda295f16121dd950fd4463ee2493f278c696f1bdff757e20d7a377fcdbdcda2346931817ca596b4b6961bf02c63fb50499471c758739f3dcb1c414b61c

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

          Filesize

          5KB

          MD5

          8bd681be0ff7cd577c5d410664dffbce

          SHA1

          6012e06eb1833a0ca1810a4271ff993713dde8ce

          SHA256

          b8205656ef56039f5f35e3ec4fd37ed25ba7a254d63a66b92fbdbd2962bbe407

          SHA512

          0e5a2502191ace453ecac113e1e6ddb4340083d47ec8457c76debc74a68d116e12839c9cf51f7bf64e1c61a5d49366f87d0c8c1cdd2294736bf5cdf47c0b12fe

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

          Filesize

          5KB

          MD5

          7a92798fc305f1a72cc6af2d33f3468c

          SHA1

          f84b99ce8287a160d41ab01c07202dff03967010

          SHA256

          9e07548010ab6725520f656de366fcd8ee88aa1512e5b656550c520d93eee186

          SHA512

          eb45138fee23cbc9324986782abd6ee715151f2c2307ac8cedcf1752bfd0081cd1e22bfe0a7395b4fd4812ec6a567247e30ac3a58e0131cd05ff8b5fc504a6d5

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

          Filesize

          5KB

          MD5

          af00948cfaa2a77d44fe50c1a7eae666

          SHA1

          be6ef0e47be64a5d7412da71135fc52f5071f107

          SHA256

          6c00146d42d54816962aae488064a71b90c7199059b3ec388d802488e4e22c59

          SHA512

          a7079fbbd6fb3be979ddeebbab357db4f121e47478b8ba9644704f5d932adafed20c68da1d364532afe6a84660204c85fcec08692b58171ef0ae9f7552c87863

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

          Filesize

          5KB

          MD5

          2fb267f3b3b2ebc481ef825730e26413

          SHA1

          d30dbc3f0292f232d2d71b38c794a65d537e0436

          SHA256

          8c4f021093e4bf80c751b178d41ff60f1c88ffd6f995b8ebcc3f46ec29c303c5

          SHA512

          b85caaa289ccb48c53f71ab966732348b7dcea40a7f8290818a72924b77bca7b0965dda882457f8065c19a771fd8a3d94edef252b3cfb8964716e1b75cdc037a

        • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

          Filesize

          4KB

          MD5

          e414c66bf2e61b60c3d80bd18e60d5bd

          SHA1

          d8d8637ddca0f689f474a5252615fd4ed2115da3

          SHA256

          15963d5145eb555c87f444dc63c8dde3dbe679d216388a2e1bfbfd9c5ba65d1b

          SHA512

          0bf4face902e04d1cdd2ff90e53ad48ecf1a9adc22de4d5c1805c33e2fe37456ebe33d5afc0706e866fac73e77ebe4a33188c79c5982ed0fb232104d2ce1944b

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\IMEFREETYPE.dll

          Filesize

          762KB

          MD5

          8d82ce7a07be1b62440c0cec4e170a15

          SHA1

          3c6d41dc25978907acff8369778b4e352d56ccc1

          SHA256

          c6a521c1f3c2611e063d4929fb4a2c466395d4a54a17b6c1036f9e92a0d3ede2

          SHA512

          033f08cc83b6bc911c5cb136e152b920cb7193b1ce6e4529a84260ed0225d814059a4a47c603070db6191a86ddef4104e3eec712bccb8f0d2d0b85050612651f

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdaucommon.dll

          Filesize

          139KB

          MD5

          93bfa462ede419250bc876b2884ece05

          SHA1

          233a8a946f119492b8fa2b4b8993e5d3db00acfe

          SHA256

          6a2b893de7fbc1c0c507a35c14882236c326f553baf07409cd358308eefcb5af

          SHA512

          2cae7a79f3adbc23fbd7a84689321b438596bd9cec5b2bca274f0d67ae0bad7b9b984ba352256fe6079338435958e28923915d029bc4b2e52fd04dff61312245

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdnetdll.dll

          Filesize

          195KB

          MD5

          d55a908913b1f2bc2e9e0195472882f7

          SHA1

          627509ef0575d389e39a2dbae82e94da50346f2e

          SHA256

          0be32940021bce94782662b3377e2658600e0ada82ad3ce561b00a3abfdc528d

          SHA512

          1a500d47e0785a0467e29a4986f0dc658a9c105855d70d4c17d4a8df7d5354d808fec25f79bb507719eeb93c1a5db49a006e291b1ea4dd18049c1d94696d5eea

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dictbuilder.exe

          Filesize

          264KB

          MD5

          78b547129a5af3251cd3a2cab4107d4e

          SHA1

          da5d2da96f238fa327cdea23225b08f813d5504d

          SHA256

          9415b6d6014edb194cb9e428e77900c37b1b9a950e2c97bd013d4af8f5e8455a

          SHA512

          ef9a1edb6272e2eeab04eeb142c5f0a7806f4e96335a1aab6d391746de795f00ea62c06ecdf0df7bc5e6933e1961afa94df11639ff5f16d0bae871a584b3bc48

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imepng.dll

          Filesize

          298KB

          MD5

          40e91fcd84dafcc606ccc876f991a7e6

          SHA1

          21e2dab15eddb84c631838e1575a72598e9355c2

          SHA256

          bb0258c4b7ea8543f2f5aced98081d7a973f337c57be08f294ab189d13e7c417

          SHA512

          dda11e19996c688090776fd3ba1428af05fb234a51947e4692b83cd11eff3ad39d7a46e481c536f0aea780c827c8169616ff74b2b9b5aadb4abab11b1e852693

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetool.exe

          Filesize

          432KB

          MD5

          ab89cdea049ae1fdc3d4ba269b47591d

          SHA1

          860a07b2cb483bfec40ed2fadfb20c7b3f8f43c7

          SHA256

          b3eafdf7094878fd617385db01cd4c06fbf34cc734252cd104d24e418bb84553

          SHA512

          22552f2d815b2e4b9bd19be63b34592412f1eae698fc71c28f6e73d690331c3aa2b8950aed160249317673a9f22f81086c5f2ff376b47b75d980fc90ca80b2fe

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe

          Filesize

          105KB

          MD5

          2ff02072877da8f34f9af9928aa5f5b3

          SHA1

          d9e5bee9e783fecd13e95e2cdea37fcaa9a1cbd7

          SHA256

          756d55a8085e1b07695eb90db9266e98a0f0afc67ae188867eed96badc3d59ea

          SHA512

          9f340860dfce4f20b674d8db7ceb15af5dd618cfb6e75a154c043a16a2fd3e57a97b763cbe84a945d06ef324b11f2b6da4ec798fa536033ccf76de2a62787c1a

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imezlib.dll

          Filesize

          186KB

          MD5

          de63b59c6697079ecc7646589deaafef

          SHA1

          709c2d6058556dd0f9d46ef840153249cd60d94b

          SHA256

          183db759881d0213aa708410c122a7373ba08dbe122343b6acf9292741108d97

          SHA512

          0e8493cc0f1ee0666305c06928d4811563aa07187bdb3146bf21b3446e946e6f582c7e1375f32281b259163de72a0d54b0ade097843bbfdd5ff599d444f54573

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\libcurl.dll

          Filesize

          295KB

          MD5

          60054f32651599c68fab41b220f476e0

          SHA1

          281a63035340db32bb7d55e009f8097546f4aa9a

          SHA256

          4352c68ffc4308c2e24acc19608318a52dd0a9f362f1cd2c8ff07b55ae37dde9

          SHA512

          daa3431d8d70b0278a13b04dc1d74b44d235296c86686fc233dcd23af963bcd5977dd97ea5546cf548e222fb43f7bba5db350f1de1c2fbefe1379c717d8e2a39

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\libeay32.dll

          Filesize

          1.1MB

          MD5

          b8a2583697545aea9baa1383f9796368

          SHA1

          a8d5fa264d96e70e36461d99a44a9a39cb186730

          SHA256

          1f649a43e098fef9be0cbdf6f57b1afd3aa14d06c5c1aa82f5c26b769f04f141

          SHA512

          cbb43e7b2cee7d76ac026ec3deb9626c43d6acbc595cebd41293cc1045808a7f09da19ab64c7b0a44432281e43e4904432906f5c3dec6bb1f3c146c907fc6864

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\msvcp120.dll

          Filesize

          444KB

          MD5

          fd5cabbe52272bd76007b68186ebaf00

          SHA1

          efd1e306c1092c17f6944cc6bf9a1bfad4d14613

          SHA256

          87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

          SHA512

          1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

        • \Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\ssleay32.dll

          Filesize

          267KB

          MD5

          0f6f9f42e4dd9dcd5715955e3838ec4a

          SHA1

          f93a11370df53d30a84268b003fab1b8eb2a3960

          SHA256

          6f34c5eec35a9f5af26cd163792c53fbd30ff0d04110f6bddeeff413f8dea10a

          SHA512

          ecc9ba94660d2d3ea7a80e2a67e3db129e983d33697fa5da6c000a7b53c3e3a1460bedb12fc82af422f03c9e9c097335e9704dd21ae9d7b4baa78f19826c4920

        • \Users\Admin\AppData\Local\Temp\nsi1A94.tmp\Src\Protocol.dll

          Filesize

          668KB

          MD5

          a438e303cf31126c5d6b882aeded21a8

          SHA1

          eebe92a2e07ec209e6c366899938d2f7677e9977

          SHA256

          7c301b9c44cae3a53a4f939a391ae36e79e29f9216fc903665b4551426cecd90

          SHA512

          ddc47c35d7b662e939d471e07f5f45e979abd4df14b334c5c12f229f7d185bb9925693d9dd71e36c97eef02c92f961775f5d7cd605b36af9e6a5c9d83af3964b

        • \Users\Admin\AppData\Local\Temp\nsi1A94.tmp\Src\Report.dll

          Filesize

          316KB

          MD5

          98a2b4d094fa825e601b1f68752d4ac5

          SHA1

          0197c18e2443b53add35870df81a0123acbaa0cd

          SHA256

          3347ab083d69d9d4bf6c8e6816c56a1eb694b581721965ebd44d240fe956e164

          SHA512

          47ef8d5ee9273a41169ec522245869f6d9d90b840d56d88e68bd693b4d1b4243b005cede1a5f9420ff1a5240f7de8ba7a5b915b846af9e1c57a0d4eaa584d53d

        • \Users\Admin\AppData\Local\Temp\nsi1A94.tmp\System.dll

          Filesize

          19KB

          MD5

          35d7b29c3ed690a8b0cd323917677b42

          SHA1

          ad74d2babe09f94838e408c8f9f77b6b56c644f5

          SHA256

          714bd22a836a7f164b848541b8bf8ac80a20ff38e10e412bf9ef518620a80b8c

          SHA512

          abc6f37b7306de737adf998607e81304ecc1589ac8e3164651b237def11b424a190e84608f4f6ce44a63ce225d93be7c617a736c82fb6b9077c5222c2e17b67d

        • \Users\Admin\AppData\Local\Temp\nsi1A94.tmp\chkm.dll

          Filesize

          74KB

          MD5

          3b8308f1dba641b49a642fa6d92f3451

          SHA1

          a11164e08bd9c594b6d608c51a2428a4c6b555a2

          SHA256

          2061a94b4d34a77f935f95a3741f917c91b27d0e1585c2ee2f8e00806b671db7

          SHA512

          dc089fc2bb43ccfcca8748013636e8d249cd91e1b08b30358d00df0decaec5782d2af85274e7b70784d4e58c934dfe5112fdcb4006de2a5dbe9c76dae9ed1f81

        • \Users\Admin\AppData\Local\Temp\nsi1A94.tmp\insthelper.dll

          Filesize

          774KB

          MD5

          8bcd300c69b67e78b09cf07aecfa14fb

          SHA1

          d92bdb71d8b8477a3f0838360191aecc459a3c09

          SHA256

          d62d59db60544bd44db6d710f3b6d48608bee022d908dc46d16885e79dd1ca0d

          SHA512

          393667c3423ed6defeca5c7c51c3244106ebb737398b34822a38edf9fa68cead72016a77c29d4f47d0c5c784c6339e8080d3b35eb17d325658a951c464951cf4

        • \Users\Admin\AppData\Local\Temp\nsi1A94.tmp\reportsetup.dll

          Filesize

          309KB

          MD5

          52c3b9ac0484ece3b524a9526272f88e

          SHA1

          c07268de6a13290acbf58ec5ef75e2468533d791

          SHA256

          210876c0ff70ffaa88a05f9ef794a96136549f4168e940e256fb4ac85b0fff71

          SHA512

          da7710404e5630509eeaf9e318e2a4a2d9c4f269aee6cdce5d2a8f128094e7c92940312fda9913f5c44dce5159b59159f40137ddb2e7975e450f30c6a7b24f47