Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 10:21

General

  • Target

    752b8a6b45ceb452cd4ef28e8f9d3965_JaffaCakes118.exe

  • Size

    34.4MB

  • MD5

    752b8a6b45ceb452cd4ef28e8f9d3965

  • SHA1

    e737a6c2fea43b9a5df2e85f90299fca3416f39e

  • SHA256

    0d4e910847a8da89c1a61e75ddd8db232083e735486178457c547e6a3958dcc1

  • SHA512

    91b7baaea54ab4feecdae6ba5d8aad7376c3e50eed649f9d8630744b333ccedbdb1cace441bec5fb6942f83b4ca2ee67bf8059eb97012bcfccd7a88502d17676

  • SSDEEP

    786432:/XCfiZDJsTvuBLeSqiPGBWnd9X5+MG+jmmXt:/XEiZWVVQP5+MG+jmm9

Malware Config

Signatures

  • Executes dropped EXE 34 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\752b8a6b45ceb452cd4ef28e8f9d3965_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\752b8a6b45ceb452cd4ef28e8f9d3965_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dictbuilder.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dictbuilder.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2832
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe" --clean_old
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4540
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe" --quit
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3832
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --usercenter=close
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2500
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetool.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetool.exe" --moveuserdata
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4196
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --moveuserdata
        3⤵
        • Executes dropped EXE
        PID:2248
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BDDownloadExe.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BDDownloadExe.exe" 1 /product=201
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      PID:3256
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --install
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Registers COM server for autorun
      • Adds Run key to start application
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:812
      • C:\Windows\SYSTEM32\RegSvr32.exe
        RegSvr32.exe /s "C:\Windows\SysWOW64\baiducnTSF.dll"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:404
        • C:\Windows\SysWOW64\regsvr32.exe
          /s "C:\Windows\SysWOW64\baiducnTSF.dll"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:2484
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --startmenuopt
        3⤵
        • Executes dropped EXE
        PID:1640
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --vistataskscheduler
        3⤵
        • Executes dropped EXE
        PID:4668
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --filesec
        3⤵
        • Executes dropped EXE
        PID:3932
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --whitelist
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        PID:1372
      • C:\Windows\SYSTEM32\RegSvr32.exe
        RegSvr32.exe /s "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiducnAx.dll"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:468
        • C:\Windows\SysWOW64\regsvr32.exe
          /s "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiducnAx.dll"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:3172
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --install-shell
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4432
        • C:\Program Files (x86)\Baidu\BaiduPinyin\IMEBroker.exe
          "C:\Program Files (x86)\Baidu\BaiduPinyin\IMEBroker.exe" --quit
          4⤵
          • Executes dropped EXE
          PID:2868
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe" --quit
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --usercenter=close
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1132
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdupdate.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdupdate.exe" --installgau
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2344
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe" /u
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3184
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\cellinst.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\cellinst.exe" -reg
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:5032
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\skininst.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\skininst.exe" -reg
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:5108
    • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe
      "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      PID:4724
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --location
        3⤵
        • Executes dropped EXE
        PID:468
      • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
        "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --install
        3⤵
        • Executes dropped EXE
        • Registers COM server for autorun
        • Adds Run key to start application
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        PID:2868
        • C:\Windows\SYSTEM32\RegSvr32.exe
          RegSvr32.exe /s "C:\Windows\SysWOW64\baiducnTSF.dll"
          4⤵
            PID:5040
            • C:\Windows\SysWOW64\regsvr32.exe
              /s "C:\Windows\SysWOW64\baiducnTSF.dll"
              5⤵
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              PID:1420
          • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
            "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --startmenuopt
            4⤵
            • Executes dropped EXE
            PID:2164
          • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
            "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --vistataskscheduler
            4⤵
            • Executes dropped EXE
            PID:2428
          • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
            "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --filesec
            4⤵
            • Executes dropped EXE
            PID:4428
          • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
            "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --whitelist
            4⤵
            • Executes dropped EXE
            • Modifies Internet Explorer settings
            PID:540
          • C:\Windows\SYSTEM32\RegSvr32.exe
            RegSvr32.exe /s "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiducnAx.dll"
            4⤵
              PID:4052
              • C:\Windows\SysWOW64\regsvr32.exe
                /s "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiducnAx.dll"
                5⤵
                • Modifies registry class
                PID:3232
            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
              "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --install-shell
              4⤵
              • Executes dropped EXE
              PID:792
              • C:\Program Files (x86)\Baidu\BaiduPinyin\IMEBroker.exe
                "C:\Program Files (x86)\Baidu\BaiduPinyin\IMEBroker.exe" --quit
                5⤵
                • Executes dropped EXE
                PID:452
        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
          "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --setopt /Command/ImportSogouDict bool:true
          2⤵
          • Executes dropped EXE
          PID:2356
        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
          "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --setopt /Command/ImportQQDict bool:true
          2⤵
          • Executes dropped EXE
          PID:4144
        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe
          "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe" --setopt /Command/CheckImeSetup str:AD
          2⤵
          • Executes dropped EXE
          PID:2380
        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
          "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --set-first-ime
          2⤵
          • Executes dropped EXE
          PID:2068
        • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe
          "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe" --fix
          2⤵
          • Executes dropped EXE
          PID:4504

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BDDownloadExe.exe

              Filesize

              367KB

              MD5

              2f5aa7abfbbf2b087f9e4dfe423bd6a1

              SHA1

              c54a1c7d55272efc2733eea8c92e4e5d5b88c36d

              SHA256

              68ed1dc5216bc98e95b938643b44160805fb9564966ba3baa515df526ce6cff0

              SHA512

              f296c689b22ccf8d55f385e22f29e5e7e059daa44577eba05a8e42706abae4c9292c16fc9fe44d671ffb816960e69317aa5fbafb7e0702acf4f2608c6c0db719

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\BaiduPinyin.exe

              Filesize

              2.8MB

              MD5

              080a1318a5e18553f622ee9498e1a99d

              SHA1

              8242034ceb4f3333c410478499f02885044373c2

              SHA256

              020f509f0c15d6c123b02e790d4d3d674a781ceeb8d6b304bcfb7d57479c5b36

              SHA512

              c90571a169099ad0973c090de7a1434f52bdef635730fac44029635ca91870269237595f81b6602dbb8f5cd077acafa2d36380776a3707d94fb1e8668070d1c3

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\IMEFREETYPE.dll

              Filesize

              762KB

              MD5

              8d82ce7a07be1b62440c0cec4e170a15

              SHA1

              3c6d41dc25978907acff8369778b4e352d56ccc1

              SHA256

              c6a521c1f3c2611e063d4929fb4a2c466395d4a54a17b6c1036f9e92a0d3ede2

              SHA512

              033f08cc83b6bc911c5cb136e152b920cb7193b1ce6e4529a84260ed0225d814059a4a47c603070db6191a86ddef4104e3eec712bccb8f0d2d0b85050612651f

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\app.ini

              Filesize

              2KB

              MD5

              2acb717904708b6b98f41dc5f2dd17d0

              SHA1

              4a2460b5904e20339109bd4ef04b0f43ad3bc30b

              SHA256

              d9e8604274f890c75250ff38ddd069f4c8c412c8b3cf8a98e67b2706bfced59c

              SHA512

              e736e4c7e0fa239964546e2d4fa0241e80f82fbef7acc31b9373e6c9c02c99b09ae20fd402fc922bec9288537588e4b91ebe1970651ed87877cb2bdc93b2494c

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\autoupdate.ini

              Filesize

              1KB

              MD5

              3c45a3efd6faca8afd99af299c37b0a2

              SHA1

              3f9658399ed8de6292e7cf7c16060248c7114f90

              SHA256

              ca25c996b6d5ebe5348c6baddd2073309539171bcf706e6c6c1d06e7ce421ffc

              SHA512

              21f708eabc7152beb7479a3fa7c19c7b95028f3f78fd34c15fb180a16b03c0b02de290dff611692acf2c80cd5c9885e7818cf312adcf859cd975ca1c79b913d2

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baiducn.ime

              Filesize

              399KB

              MD5

              56385cb44bcf0b46d7b27ae70dc304f8

              SHA1

              f488aff961286a852fba6f887ba9369d7dbb8bbe

              SHA256

              1ef970a39e17a0f1188f7ea88a871a833613b0fbc5fbc028f2a29bcddba72159

              SHA512

              37725ad5e9599ce7db125453a4f63ead7d6648dca65ab93bb5ed6888404a04d86dfcea1d0a28ec4a005449d1246a452e03bb4a8bcf5c4bed42071cb1c2afb681

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baiducnTSF.dll

              Filesize

              518KB

              MD5

              047883fa5f336320c303345fd0c2a37c

              SHA1

              d5a647ce1dde1faa4128c1db5c82851ca73716a7

              SHA256

              aca42b70ee70806ff6a298acbfda17051f3514073ba1bffeb64006d56d75a9ea

              SHA512

              b8e8032fd8c4a94fa7841bfa4a9b89c894766cfebb2702da2570acddee1c161c7a12551f51d3dce81fb10d55e56075c226843d811a20ef6cafafa3e58418dd48

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baiducnTSFx64.dll

              Filesize

              606KB

              MD5

              523d13d373e36022819a8bfd4106afa7

              SHA1

              928fd5209a568333193b4327897fbcd25829a876

              SHA256

              6717422b8a66c295cdc52624794354c642c0f5b3c9fc945e17c700765815a2ff

              SHA512

              d5be101c0a4c7bdf5eddf351311e8a7db74d2fef8f97171e3ea0820fc7384c8505915ecfc774f70c519ed87807173397f6771d515bbc816d113a24460b72fafd

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baiducnx64.ime

              Filesize

              469KB

              MD5

              385de7eb355e2b67bc8efaf1d28db78b

              SHA1

              f8dcd255c7160347af343bd6824640d1960a3afe

              SHA256

              a00392e1f6c235507cf6077f16052216de8c50ea3c601b32ea8f1e75f447d650

              SHA512

              95461dbb67355cd44ebe0f8ae124bd878a7588e09ef9fc682ac256a1c5c243f5d1ffcf1189f714670f4298ce8e67e6463f98bb83540652edfaddd55e3d173267

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdaucommon.dll

              Filesize

              139KB

              MD5

              93bfa462ede419250bc876b2884ece05

              SHA1

              233a8a946f119492b8fa2b4b8993e5d3db00acfe

              SHA256

              6a2b893de7fbc1c0c507a35c14882236c326f553baf07409cd358308eefcb5af

              SHA512

              2cae7a79f3adbc23fbd7a84689321b438596bd9cec5b2bca274f0d67ae0bad7b9b984ba352256fe6079338435958e28923915d029bc4b2e52fd04dff61312245

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdnetdll.dll

              Filesize

              195KB

              MD5

              d55a908913b1f2bc2e9e0195472882f7

              SHA1

              627509ef0575d389e39a2dbae82e94da50346f2e

              SHA256

              0be32940021bce94782662b3377e2658600e0ada82ad3ce561b00a3abfdc528d

              SHA512

              1a500d47e0785a0467e29a4986f0dc658a9c105855d70d4c17d4a8df7d5354d808fec25f79bb507719eeb93c1a5db49a006e291b1ea4dd18049c1d94696d5eea

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\Default\thumbnail.dat

              Filesize

              376KB

              MD5

              3c11f16a387925e9c088b0d819795bb4

              SHA1

              bf99c57feafd149b93c73fac2211b8be00b3e536

              SHA256

              0b07258015b5e139776c9be53965f4442bfc9d7265db93665f2a10a166fb04ce

              SHA512

              2a5cf1c37d3cc67709a427a5831a46218e15550054896b333c5ec9a7f6b370fb271d06696b842c2dc55947ed9dabaea5fb9bb1c859ca4132106cc02c590ab1be

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\dummygram.dat

              Filesize

              16.0MB

              MD5

              df695d1bb876e0aff16e80d37c13a045

              SHA1

              bfa3f935d0259f103213c86b19643c9d0e839d31

              SHA256

              8f34cb39e843f2569e530d13f9583d385d80273c7f0a7bd3227fba11336527fa

              SHA512

              8ad735da6d0cb7050474d53787bbbcf371cdc70ba6bb54e8b649331570f29f99f609ad897178f0c430548da245a31ffdf0db8f4cc1931f7bb1837d273d4d02e7

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\engraw.dat

              Filesize

              385KB

              MD5

              5fba35a5c0c99d59803bf9d2590c3f82

              SHA1

              8e8e082647997cb688effe79ec12529bd03e9987

              SHA256

              835828871ef9af95f85b8f249f2cacdbbae6c73ef802448f7c59584eb63265f6

              SHA512

              4217349c66ee47d096d2a4c19fa408dd6f08a09a9c47cb9493b5a2faff6f3f4f0d855cf02905f24f0a8d1ce6bb1d4d561c4f69a1378b09ff473f997855ddedf2

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\rawdict.dat

              Filesize

              6.3MB

              MD5

              d28c28b7d005a754a60839b4091aa556

              SHA1

              90e2b7ef24d2521b66ffa793d19dd7bbe8fe3bbb

              SHA256

              1d753a7609cfe79ec3abc6b2c0c6d552f29caf1251ffae2cb8fb81a71d80ee84

              SHA512

              96a754995b7751cb4a0df624bd8f4975b9fa40ef97329a798abf47197537c62f51f1b47900d82be14f2d2d2785e963897ab6f7cb713e6a76fef0107c4517c089

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dict\rawgram.dat

              Filesize

              15.1MB

              MD5

              2e1b6f915bc3efb9bd950099e9a25fa2

              SHA1

              ada21f4380f5c2bbf9a023fb3a97c6abc67d8552

              SHA256

              5f6bd5aa51cf2590579116816e87a26617f1424fdb00f4703dd4ee9429d425e8

              SHA512

              771557c762acab825f5f96bc83cac0612b5551f2c2d85406fe2288aad9aef9a17b16769ba29a7b5ef5087f17b5f2d0538480b3c16f809c5b52fb1afc4420f51c

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\dictbuilder.exe

              Filesize

              264KB

              MD5

              78b547129a5af3251cd3a2cab4107d4e

              SHA1

              da5d2da96f238fa327cdea23225b08f813d5504d

              SHA256

              9415b6d6014edb194cb9e428e77900c37b1b9a950e2c97bd013d4af8f5e8455a

              SHA512

              ef9a1edb6272e2eeab04eeb142c5f0a7806f4e96335a1aab6d391746de795f00ea62c06ecdf0df7bc5e6933e1961afa94df11639ff5f16d0bae871a584b3bc48

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeconfig.exe

              Filesize

              3.2MB

              MD5

              0ccf4e1bd3bdd1119d96bd92b89e6a76

              SHA1

              9b00ad3520a26a9f6e0644c2796c85d8ae54c47d

              SHA256

              5893e51697c153e3ef8b257cba716577b7cc3e82fd0a8fbab51189706dedfc40

              SHA512

              e259835f453a9d7a3ece6e9b79d087ec7d596810ed072964e38b21eca613c2321b3964ec79806269eb6abcda40aafcd9d5e82f360018cbfa1e86266baff8507e

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imepng.dll

              Filesize

              298KB

              MD5

              40e91fcd84dafcc606ccc876f991a7e6

              SHA1

              21e2dab15eddb84c631838e1575a72598e9355c2

              SHA256

              bb0258c4b7ea8543f2f5aced98081d7a973f337c57be08f294ab189d13e7c417

              SHA512

              dda11e19996c688090776fd3ba1428af05fb234a51947e4692b83cd11eff3ad39d7a46e481c536f0aea780c827c8169616ff74b2b9b5aadb4abab11b1e852693

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetool.exe

              Filesize

              432KB

              MD5

              ab89cdea049ae1fdc3d4ba269b47591d

              SHA1

              860a07b2cb483bfec40ed2fadfb20c7b3f8f43c7

              SHA256

              b3eafdf7094878fd617385db01cd4c06fbf34cc734252cd104d24e418bb84553

              SHA512

              22552f2d815b2e4b9bd19be63b34592412f1eae698fc71c28f6e73d690331c3aa2b8950aed160249317673a9f22f81086c5f2ff376b47b75d980fc90ca80b2fe

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imetoolx64.exe

              Filesize

              495KB

              MD5

              2456be54b003a06e0418a2e40d24d7d7

              SHA1

              3b05821418dd7ee9c162bad6efeab51d6ac59b91

              SHA256

              5a3e0a62c53dc9f5dc231a487e70120099b35c61c7a1bb259f478e642a080f1d

              SHA512

              79dcaee135a8ede7d8cd278b5266441ac6728b93245f17b8d305aff36d9980fe88ae9f51b5ca5776633064d47670f751ff0cd8150807030df9ff080c6957e82b

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imeutil.exe

              Filesize

              105KB

              MD5

              2ff02072877da8f34f9af9928aa5f5b3

              SHA1

              d9e5bee9e783fecd13e95e2cdea37fcaa9a1cbd7

              SHA256

              756d55a8085e1b07695eb90db9266e98a0f0afc67ae188867eed96badc3d59ea

              SHA512

              9f340860dfce4f20b674d8db7ceb15af5dd618cfb6e75a154c043a16a2fd3e57a97b763cbe84a945d06ef324b11f2b6da4ec798fa536033ccf76de2a62787c1a

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\imezlib.dll

              Filesize

              186KB

              MD5

              de63b59c6697079ecc7646589deaafef

              SHA1

              709c2d6058556dd0f9d46ef840153249cd60d94b

              SHA256

              183db759881d0213aa708410c122a7373ba08dbe122343b6acf9292741108d97

              SHA512

              0e8493cc0f1ee0666305c06928d4811563aa07187bdb3146bf21b3446e946e6f582c7e1375f32281b259163de72a0d54b0ade097843bbfdd5ff599d444f54573

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\libcurl.dll

              Filesize

              295KB

              MD5

              60054f32651599c68fab41b220f476e0

              SHA1

              281a63035340db32bb7d55e009f8097546f4aa9a

              SHA256

              4352c68ffc4308c2e24acc19608318a52dd0a9f362f1cd2c8ff07b55ae37dde9

              SHA512

              daa3431d8d70b0278a13b04dc1d74b44d235296c86686fc233dcd23af963bcd5977dd97ea5546cf548e222fb43f7bba5db350f1de1c2fbefe1379c717d8e2a39

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\libeay32.dll

              Filesize

              1.1MB

              MD5

              b8a2583697545aea9baa1383f9796368

              SHA1

              a8d5fa264d96e70e36461d99a44a9a39cb186730

              SHA256

              1f649a43e098fef9be0cbdf6f57b1afd3aa14d06c5c1aa82f5c26b769f04f141

              SHA512

              cbb43e7b2cee7d76ac026ec3deb9626c43d6acbc595cebd41293cc1045808a7f09da19ab64c7b0a44432281e43e4904432906f5c3dec6bb1f3c146c907fc6864

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\msvcp120.dll

              Filesize

              444KB

              MD5

              fd5cabbe52272bd76007b68186ebaf00

              SHA1

              efd1e306c1092c17f6944cc6bf9a1bfad4d14613

              SHA256

              87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

              SHA512

              1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\msvcr120.dll

              Filesize

              948KB

              MD5

              034ccadc1c073e4216e9466b720f9849

              SHA1

              f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

              SHA256

              86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

              SHA512

              5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

            • C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\ssleay32.dll

              Filesize

              267KB

              MD5

              0f6f9f42e4dd9dcd5715955e3838ec4a

              SHA1

              f93a11370df53d30a84268b003fab1b8eb2a3960

              SHA256

              6f34c5eec35a9f5af26cd163792c53fbd30ff0d04110f6bddeeff413f8dea10a

              SHA512

              ecc9ba94660d2d3ea7a80e2a67e3db129e983d33697fa5da6c000a7b53c3e3a1460bedb12fc82af422f03c9e9c097335e9704dd21ae9d7b4baa78f19826c4920

            • C:\Program Files (x86)\Baidu\BaiduPinyin\IMEBroker.exe

              Filesize

              161KB

              MD5

              59294fde17337c3b141160be336fa7b0

              SHA1

              59331a76ec7bdb6ef4cf3566391587229b942378

              SHA256

              044bea17ccaff8d1bd437dd13a0d37798ac1629f7fc6fb1cf6d5c4d0e065e5f4

              SHA512

              f9be627ce0587e89132e013000d88db0b943f6b11e630e78aefd2f347a12f7ddf30b0a71ed5049017f2148083166924bc2c6ae35ed9d635c492dd84312d0e414

            • C:\ProgramData\Baidu\Common\Global.db

              Filesize

              52B

              MD5

              78c80d224904b9e4b9499353e2bb570a

              SHA1

              494e5e9f09c81111271c2bbfeea211e4064b9d37

              SHA256

              9dcbcbb31e7f4616fe36dee093ea650ce4311a6b98decc95f8d4fef4914338a3

              SHA512

              fe722dc9e68971e458cd0e3d3f4740d759e88b7e522f7f42f67a8643d65cf0feb06a0c087441802cf852b4695062ac935690e03483193f1de380c5a9456ecf13

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

              Filesize

              1KB

              MD5

              a65a1485e411592e8e6376afece3402a

              SHA1

              eba0ec02b6a1e46694695364ef00210d960f9439

              SHA256

              08792c5f47c35cd041207194cfe6c241adc60153517a5ce2e681ba285264ac14

              SHA512

              1d10f810357aefdb2e4e230d24239093a5b549765df672746ef60ba3c169e74fe38c9e077f96003528cccd52eb4852c60c28d3f762c81000c22cc7b591066ac0

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

              Filesize

              1KB

              MD5

              b244d142970f4fe298ad320adad6f739

              SHA1

              c1a1347c63dcc7978c7dff81d4651ff9a2966d9f

              SHA256

              5127c735b441607adfb1dff2a640a574eca4a99b82e140e13ba6fe40d30d5c39

              SHA512

              052536e87ebf1c59d0e4891070846a4433a1cbe81aaa865c7675a65e0a1c5bf8ee7e9d8b44119536fe5284dc42ef3938aa1b3bcc5e10b35bc89543af6e4dfea8

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

              Filesize

              2KB

              MD5

              7b2b2832e759dca63140a12649190551

              SHA1

              6c2581ec8289b3f00d2fe883aba4a59a661e7b43

              SHA256

              0e98e065638d841cbbdfa639ad09e68097611aae44cca0fbc164de9202e9732a

              SHA512

              fd91662c1c8625e7d4280fcac1873d5c3223e253b3ce87c496c41d7c11286ad78a7dd744c9ed29ef5f475007c3c2e1b255d1b917547f11df9d9c83dcd5d56532

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

              Filesize

              2KB

              MD5

              e93ac512626c45264525ccb2fdbc88e4

              SHA1

              588224ed01168ad9355eb4f0ae0dc8ca7af9a590

              SHA256

              379fd56370dd3f14f0a378d46a49412a6858def2b69f97462f49118f2b59dc54

              SHA512

              e6a00e9b772fe7bcd51b829e92ed4cbeb7721a94d0e01c47d89b8c4ab35d5317bb8cf645297b2d2ca632d37ac5388bda6dd1c4bc5019f8061dc8507d51ac73fd

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

              Filesize

              2KB

              MD5

              f1ede77ce6342d08ffefd923de89f04f

              SHA1

              ea4af90b7a25f46adc1c8051217f98de35af12e4

              SHA256

              cae2055ba0e8fb682e18dd77d00e05c0ad0db4a0845cb599a157dd110509d855

              SHA512

              60bd7836c6dc3e07ffa9b2d36f1cbf06d680a5089e03e3482c9e27908b970b879238ad7743cf671a7a449f21b027478938134b0995d8c6294d5e758880f3c2e0

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

              Filesize

              298B

              MD5

              2ef237975ba195302430d3917ae557b2

              SHA1

              0b5aa3003e57fc25a6043224f557a0d22ad33c80

              SHA256

              dbde22027829840767e2043a8ea9ba9b9495477d8926d8ba6b3d9251a379b907

              SHA512

              400186f38d3584a51e42faa4d1e434383e3a1c041c9a4f92272960f236546f2a43835b05688589e77188aa421889aa4bc09775531ac4fe6cc8759a50df3a1e49

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Account\.common\Status.ini

              Filesize

              1KB

              MD5

              94aace7e8db312e4309a763f7de02615

              SHA1

              21fd5f9124559dbc731793ab199f38058012b251

              SHA256

              55495404ee79e3d57ce0bbb0b1ef608b81bcc5edd408a00a51c04b3496325508

              SHA512

              2575240d741acbb596a30497fb5031858fae005013ae287716b8149e69308a180db634d5b2654bf91de4bd94e28554c0e8f743267721a2afc84f9bd86dc69a2d

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

              Filesize

              3KB

              MD5

              e0a095730f835e0e7478370494d7b83f

              SHA1

              cbf10f25be12f519b4153921b3968994221e34fd

              SHA256

              087ff9cbed1cae73d82b55f54ead208d9e62e3db8c1064b1f68d4be751525a05

              SHA512

              2ee95ed6b2fa2537dd84a634eb46c412d45710d52e804a1ec4aa2e2aa0dffa1bfd95c9ecef89229225fd580479c4b1d055992593b408c6773d14185d04d26788

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

              Filesize

              5KB

              MD5

              81907ca28ac98ab419d426e01aa3d48b

              SHA1

              7a7120e6193e241e38dc70d79666d24024be8093

              SHA256

              038ed6a7239f237f9e58fa75f0f43c47730c6ca46b266b9c4f21fea059f62bcf

              SHA512

              54dacb61d7f6f3aafdf6c31e6ee480426404e5cd710f0ae3ba0bfc9cf069f267b04cee37950ea81d0613ff9e5905c35fcd67924fab8ea51de3de8bd3e8bb2908

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

              Filesize

              5KB

              MD5

              01e6a2a43777aa803d1099cf977ccfb7

              SHA1

              1c964afd6d1ff42cce318aecdde70f8af4f3ce06

              SHA256

              a2358aceb9641e189ac150226e39d428959d35b320b636da6523c04ed6c40cdb

              SHA512

              e408f868e74388b32af330e94afcf9c640e696059507b2e8d255e124dbf8c2daf863357b9d2152b0690c8ea290aa78d2fb7663b043148500ae1230ccf838c033

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

              Filesize

              5KB

              MD5

              4d7f729eaf4361a6461ec5c2cdb206a2

              SHA1

              d65d9f3350b9d5ad199a993605a2dcfa8bd47e37

              SHA256

              b66d80f8a2b4ecd28b2d01e73b435b111e4752efce459ed1d27fb96b763b6fb7

              SHA512

              37dc62770a5d9760ca85b1c95b23f92b0501da2b3ad82141d94167cafa68dc680b77a3e058ed7715ffcf3de7275f70daf6e48997a1a5591693d952e7cf860dcd

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

              Filesize

              878B

              MD5

              f352b2482a325a6871ae74859bb9f04b

              SHA1

              235b5744155abee234b46bc14eadd93581514b81

              SHA256

              ccbd4e577790e5433261f8e44fc25186b6037e34f8ce1300d5b73d82d25e4880

              SHA512

              31e83118f3b39ee2b079132ee714ff0d27e697ef76cdd6381831345c7cbbaaca54b0c8eab5a8710d26e75e5f06b39036d6ca7874b1bfa1e82b2f514f3564c7dc

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

              Filesize

              3KB

              MD5

              97db575c53470e2812c998ce9211cbd8

              SHA1

              dcb5a92ce1539937d11ca5d75a352e7ff2b9e7c2

              SHA256

              697d27f7fcd1648bcac9880fe20b59c5390a84cc52f3669fca6220fa034dab2b

              SHA512

              b9ba012412b64d01f285c12cc581c82f39071451548451b4c4f08bbed99ef97874674b84901fdf59784b4f79cd1919c72d997afed40820aa1736d690f979004a

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\Status.ini

              Filesize

              751B

              MD5

              9d5cefafbc538ec83c31969ece92b375

              SHA1

              6169822e24ac7c84f188c298b77b28b3661cdd4b

              SHA256

              30f0b84a2a46c2448fafb371936ebdb0779a739aeecc40ecadf9005a60196a39

              SHA512

              06201d8e71f2eb6b6f6b0c92daa83939b6987b5c60d8306e44b204ca582433737a01b78d037b04430de9eef562d02957936f4aa0000ed84af2943efbb7726e40

            • C:\Users\Admin\AppData\LocalLow\Baidu\BaiduPinyin\common.ini

              Filesize

              568B

              MD5

              0fcd28ed0e69ca531809e8e2058eb246

              SHA1

              5d7a1862ee5c8a708c91a9866b503d87cbfacc84

              SHA256

              2c6c16ec784410c022bfe6dd4618fb2f4cff421c0cbc151707afbf9db0ad3a3c

              SHA512

              276995e090a70844cbc912d9660d39c33dc5f8eed0985dd5d9c8b56a360c933f2ca63cbf32eb548031b4557260f0b720487242b2fcbc63e7e4e6937c2ac887c4

            • C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\Src\Protocol.dll

              Filesize

              668KB

              MD5

              a438e303cf31126c5d6b882aeded21a8

              SHA1

              eebe92a2e07ec209e6c366899938d2f7677e9977

              SHA256

              7c301b9c44cae3a53a4f939a391ae36e79e29f9216fc903665b4551426cecd90

              SHA512

              ddc47c35d7b662e939d471e07f5f45e979abd4df14b334c5c12f229f7d185bb9925693d9dd71e36c97eef02c92f961775f5d7cd605b36af9e6a5c9d83af3964b

            • C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\Src\Report.dll

              Filesize

              316KB

              MD5

              98a2b4d094fa825e601b1f68752d4ac5

              SHA1

              0197c18e2443b53add35870df81a0123acbaa0cd

              SHA256

              3347ab083d69d9d4bf6c8e6816c56a1eb694b581721965ebd44d240fe956e164

              SHA512

              47ef8d5ee9273a41169ec522245869f6d9d90b840d56d88e68bd693b4d1b4243b005cede1a5f9420ff1a5240f7de8ba7a5b915b846af9e1c57a0d4eaa584d53d

            • C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\System.dll

              Filesize

              19KB

              MD5

              35d7b29c3ed690a8b0cd323917677b42

              SHA1

              ad74d2babe09f94838e408c8f9f77b6b56c644f5

              SHA256

              714bd22a836a7f164b848541b8bf8ac80a20ff38e10e412bf9ef518620a80b8c

              SHA512

              abc6f37b7306de737adf998607e81304ecc1589ac8e3164651b237def11b424a190e84608f4f6ce44a63ce225d93be7c617a736c82fb6b9077c5222c2e17b67d

            • C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\chkm.dll

              Filesize

              74KB

              MD5

              3b8308f1dba641b49a642fa6d92f3451

              SHA1

              a11164e08bd9c594b6d608c51a2428a4c6b555a2

              SHA256

              2061a94b4d34a77f935f95a3741f917c91b27d0e1585c2ee2f8e00806b671db7

              SHA512

              dc089fc2bb43ccfcca8748013636e8d249cd91e1b08b30358d00df0decaec5782d2af85274e7b70784d4e58c934dfe5112fdcb4006de2a5dbe9c76dae9ed1f81

            • C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\insthelper.dll

              Filesize

              774KB

              MD5

              8bcd300c69b67e78b09cf07aecfa14fb

              SHA1

              d92bdb71d8b8477a3f0838360191aecc459a3c09

              SHA256

              d62d59db60544bd44db6d710f3b6d48608bee022d908dc46d16885e79dd1ca0d

              SHA512

              393667c3423ed6defeca5c7c51c3244106ebb737398b34822a38edf9fa68cead72016a77c29d4f47d0c5c784c6339e8080d3b35eb17d325658a951c464951cf4

            • C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\reportsetup.dll

              Filesize

              309KB

              MD5

              52c3b9ac0484ece3b524a9526272f88e

              SHA1

              c07268de6a13290acbf58ec5ef75e2468533d791

              SHA256

              210876c0ff70ffaa88a05f9ef794a96136549f4168e940e256fb4ac85b0fff71

              SHA512

              da7710404e5630509eeaf9e318e2a4a2d9c4f269aee6cdce5d2a8f128094e7c92940312fda9913f5c44dce5159b59159f40137ddb2e7975e450f30c6a7b24f47