Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2025, 12:04

General

  • Target

    JaffaCakes118_e699dbd72ba9dee2511beb9e8f41fbdc.exe

  • Size

    6.4MB

  • MD5

    e699dbd72ba9dee2511beb9e8f41fbdc

  • SHA1

    7a5d8cd7ba0afd715df2e8146c30b89a92df9ec4

  • SHA256

    78007a8d9ab75cb5ff4039a9627925a0eb5a32f137148a2c3dd4e1a8dc7f2be9

  • SHA512

    763c958fef1842d1aab039f073f3e390362e1068babf712bf11221a6d9c895eb992e3cb0a7de1d70c1984e3cb145460df3812cfec9dc288af635cdbad95612b8

  • SSDEEP

    196608:+eP+HX0EGC4f/XjoeMlKAK0+KgkIJp5iCeUzFp3UvGKqQrmj/ml:+ggXK/zpmd+6IJp575zUOZImj/ml

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 57 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e699dbd72ba9dee2511beb9e8f41fbdc.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e699dbd72ba9dee2511beb9e8f41fbdc.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Users\Admin\AppData\Local\Temp\pipi_dae_392.exe
      "C:\Users\Admin\AppData\Local\Temp\pipi_dae_392.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Users\Admin\AppData\Local\Temp\pipi_setup_392.exe
        C:\Users\Admin\AppData\Local\Temp\pipi_setup_392.exe /verysilent
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2752
        • C:\Users\Admin\AppData\Local\Temp\is-IVMGS.tmp\pipi_setup_392.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-IVMGS.tmp\pipi_setup_392.tmp" /SL5="$90216,6213687,71168,C:\Users\Admin\AppData\Local\Temp\pipi_setup_392.exe" /verysilent
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2732
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\JfCheck.dll"
            5⤵
            • Loads dropped DLL
            • Installs/modifies Browser Helper Object
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:2348
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\MCCKMPlayerX.dll"
            5⤵
            • Loads dropped DLL
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:2092
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\PIPIWebPlayer.ocx"
            5⤵
            • Loads dropped DLL
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:1788
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\codec\CoreAAC.ax"
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:2184
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\codec\CoreAVC.ax"
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:2960
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\codec\MPCVideoDec.ax"
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:788
          • C:\pipi\PIPIStartSvr.exe
            "C:\pipi\PIPIStartSvr.exe" -i
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2484
          • C:\pipi\jfCacheMgr.exe
            "C:\pipi\jfCacheMgr.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            PID:2584

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-FKEO2.tmp\topWizardSmallImageFile.bmp

          Filesize

          77KB

          MD5

          2bf58dfc87fed4cd136b38eda09b03b5

          SHA1

          0466c573f89c2311bec15e1892af8bb1981f8e46

          SHA256

          59bc1f995b1c0989689039de7bdd50201ba75f700e1aba7ac548751629f77ed3

          SHA512

          f7f82b12cec7b036aae733da6c0639dc193ba979d5662b0c5595ed6e1a8120f314a6f9f4fc74c0f8d44f79884dc66d25129755160ee7dc688e7c9c0e5bc7dfe0

        • C:\Windows\SysWOW64\config\mcckmplayervod.ini

          Filesize

          31B

          MD5

          5378f5b11a7f76e5363bd9246670d2f4

          SHA1

          58377e3e0763caca75e84dcf6595ed620e72430f

          SHA256

          352c88b52b5e831263ed4486ef774c38c5c36fc07375204f4d539a4ce8d756d1

          SHA512

          38175ef3a721595f8204f1be010fbe48e033ba7746d05c6a6b4585c5a20dfbfe4d60d7dd6d3fd4166bc4fcfb7f83ba12e952cb13c31d499bbeb1f62a15e44480

        • C:\Windows\SysWOW64\config\mcckmplayervod.ini

          Filesize

          5KB

          MD5

          c9fd3c9037f9a4484d0635868ea571e4

          SHA1

          02ac3179b0ac4b6ea91fa861ebcae2bc8072bdb3

          SHA256

          e54b124bceed3b3495bb1298cb03276b7505d850f6e3386afaa4668adc41ae4c

          SHA512

          776bf5a8f2a6550ad837df16192a64b81decf071633ae130d77e51c509c75f7de9b62975e096366fa4b4361a582224c4ca32f7d75219a6f8614450ac784c266b

        • C:\pipi\JfCheck.dll

          Filesize

          255KB

          MD5

          1657afe7575729742c65193390623784

          SHA1

          27c648287b0400c2344fbc335bc78010b751efe3

          SHA256

          7f3baae263dd7f486f83270b6ab241d5fa79610fa171eedbb320bdc6a74aa623

          SHA512

          b3aa8a4e4eac6b3bf9193c43a446c50a187c07f3d9c823ea83da131254928f8ef1a6a7c30ee1b667efb9a2521477bea5eb26cb5f282ce3c5672a33d3b7d3ce59

        • C:\pipi\MCCKMPlayerX.dll

          Filesize

          3.1MB

          MD5

          51ac0e8d96e644a5ac1c670b37269a9f

          SHA1

          ef761c6b88b2ed9174184b364d9ef472bfb85ecb

          SHA256

          1f50f6ee5b6f2e0fbaed1fdd47c20bff5f7099d6b07a5cde23ba8e24120324f9

          SHA512

          ab9d57b2e5b18af3760f3b811ae2286101ac9ea948fa042073acdd543dca3b1bf8b8c758e2e4ab5696eaf0181d5e6824d2e6a0f78153bdc2b7f6eba0e78718ca

        • C:\pipi\MFC71.DLL

          Filesize

          1.0MB

          MD5

          f35a584e947a5b401feb0fe01db4a0d7

          SHA1

          664dc99e78261a43d876311931694b6ef87cc8b9

          SHA256

          4da5efdc46d126b45daeee8bc69c0ba2aa243589046b7dfd12a7e21b9bee6a32

          SHA512

          b1ced222c3b7e63e22d093c8aa3467f5ea20312fe76a112baed7c63d238bbe8dee94dfe8f42474f7b1de7aa7acb8ba8e2b36fdd0a3cda83ee85ac9a34f859fa4

        • C:\pipi\MSVCP71.dll

          Filesize

          488KB

          MD5

          561fa2abb31dfa8fab762145f81667c2

          SHA1

          c8ccb04eedac821a13fae314a2435192860c72b8

          SHA256

          df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b

          SHA512

          7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43

        • C:\pipi\MSVCR71.dll

          Filesize

          340KB

          MD5

          86f1895ae8c5e8b17d99ece768a70732

          SHA1

          d5502a1d00787d68f548ddeebbde1eca5e2b38ca

          SHA256

          8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe

          SHA512

          3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da

        • C:\pipi\PIPIWebPlayer.ocx

          Filesize

          427KB

          MD5

          cb2d2dc09a6e895817462579fbd04f72

          SHA1

          dae1d1db8d377e16e14de46b6aba7a343f9ce9c6

          SHA256

          908868ced5007895a97a2bfe28137cfe21dbce7a0a406d4d6d73c733f6d01581

          SHA512

          e35c21871ea6b167b0bf01f94e45b352d033a9311052daf09184590e9af6e2ac45f13034d91306276f6c831e5c01cf39da972d670b61403cb6ff4f365ed3e45a

        • C:\pipi\baidu_logo.JPG

          Filesize

          6KB

          MD5

          674b355f4facfe3c02d9a4b2230b59dd

          SHA1

          e4543a4d01d28ffb184c25d283b0fdff83f6353d

          SHA256

          2a8053f50ee7658429a06c42282afeea4433307486e00f09d1c4b111fca74c3a

          SHA512

          c4f77ee544aeb0c4e77f673ec4bb23076dcc2de1595296eb1cb6da40e9651676ea72b4c6f503d663091126fb0fa1cf065b74a6acef48752baa391ace54d53f81

        • C:\pipi\codec\CoreAAC.ax

          Filesize

          312KB

          MD5

          b0ffac757be8d6cc41e1131eb2b0d959

          SHA1

          0e41733a050bc2ed53fda6337d6501b9942317c2

          SHA256

          04bf38bbd9cb8287582f9a2fb8b06e0ab30f06f676a93f4a56656b576f10e597

          SHA512

          356ecf4902f767f74670e5fcd57f26fb8a43710d0a2b3a995877e6f265119b2f091c6e5e3457dfa1767c6e4043afc470cc7090f43dd997b27c0e94c7e102bee3

        • C:\pipi\codec\CoreAVC.ax

          Filesize

          228KB

          MD5

          40850535fa9d08698e69d2985f1dc20b

          SHA1

          670ac35368499b3abe9339b7a9467e31b33b3cad

          SHA256

          67b3280ec7a04f686a94f87d7e19220f62b8e28647660fabd08ff57902ec2e9d

          SHA512

          52d909dc11f06883ae7c6ab5ef97c989a12838ad8b95681771583546669c3c19fd4a9077ce3c383330a1e9af4155324533ed62b36d70c66224f53a8160106906

        • C:\pipi\codec\MPCVideoDec.ax

          Filesize

          2.7MB

          MD5

          b49bb7b63fd5dab01d7be40144da3625

          SHA1

          3c077fba0dd9b382711f8889060d3948c7e6ae95

          SHA256

          919aa595ec2b18b811e3562ba9667c539015d401d3ef53f2c0f8e4b0ea51bebe

          SHA512

          461a5766dab7a20d905229116a000d8a0e73ec0a693f46fa7846322770df45fdf7a70aee4dfc77fd3d2dc7e2dd94615efb159497500694ff747c83dd7df78b76

        • C:\pipi\codec\rm\pncrt.dll

          Filesize

          272KB

          MD5

          13001eb0a58b4de96126b16ab15fd8cc

          SHA1

          4dfe6d2d02e9fa194f4af3d054b458b5a4bafbe6

          SHA256

          e983aa97fe1ce6af92f06433a71e03f54d3fc78392e26691cace927094bab8d7

          SHA512

          1a7c052bc1e7c824a3aff5e27c5cbd0720893e341dfb93062021b82c3a6d940c4ea23cbcdfaaeb174d90f51c36f0d8c62f693766f42172f894b6b689d26f49b2

        • C:\pipi\config\config.ini

          Filesize

          646B

          MD5

          e4a3f8797262dfaf39aea78e9f5dfc86

          SHA1

          f191ba6ed659c02fe025da21d7eeb7341a9c3ce2

          SHA256

          0572dfd01784d4603573f60c8287ec9ec7751b8fe1e1abd96bed391029950c89

          SHA512

          dfb6429be8e555d1f0c0422909b929737e5b046e006f1f311e55ade3199a81c8c894b338fda4aeaca5b8d4000e451f8fbb2034c35b461f955c9d55fe1bff73e0

        • C:\pipi\config\config.ini

          Filesize

          731B

          MD5

          37e880e056079ca389ea1355298070f9

          SHA1

          c2670cfd86411ce33baf3329b14494569cdfffc8

          SHA256

          6af40df9a276648b83b43d1b218e93419b9697ae98ed9b318228d890f98d8f99

          SHA512

          29a6b50c7b46951d7f1eb69e5aa5332b510009709716702dfe097ea6c7f177d28dcc19ef65d6fa0145295fade682116c9328bff6dcb66e603a7e8d434618d2ae

        • C:\pipi\config\config.ini

          Filesize

          753B

          MD5

          54e880bd430eff4ae4e9c24b8262b94a

          SHA1

          76fe6fbb36277f1730e485013a8260385d422ae8

          SHA256

          37467129443334ef0a740c3081ea83d9eb6d4dcc779583b1f886ab76b646f1d4

          SHA512

          3f46cb49bd4f5044318806bf96eec059d14a65cc3756846fe1b5d4f4c5dab497dcb2cbc015473403b3ccef65cddecb56d245cf80572d9faca698960405c765d1

        • C:\pipi\config\enumwindow.ini

          Filesize

          485B

          MD5

          97129f3dad72c31fc0c0522b13d8a8e9

          SHA1

          5746b079d104ebc4ead8e3a1840a72caf9aeedac

          SHA256

          39b8d619b336a8edabe2b10ab945e0dbed4dc51dfe6453bdb884f48469e539ab

          SHA512

          984b150090134d35bf6172a7c06d98758d9898b8657cb891febf1b69e7e8fdbb27dd05a8e3d3cc148b1b4c7722bd8188941b4b32afae16e428595c9957d4a770

        • C:\pipi\config\partner.ini

          Filesize

          35B

          MD5

          23a7ec3ae915bf850ac0ca9fa4627efd

          SHA1

          cf9b332f74bd6583e05ea448e7ca61e0840f46b0

          SHA256

          4380b09b0804ff4910cd84b2231d5a671a7a40e7cb67c3276f9007fb1ef28294

          SHA512

          2ca515e1bc2e64844db065d42b1f6f1b900b669ece1b403c4923ea2747103853b960f86eb6b2a8299afe265fd0827231d27519d69d72bbcf46abfd019d89885d

        • C:\pipi\config\skin.ini

          Filesize

          15KB

          MD5

          f33179b59f10498a6ae36f981fb485b8

          SHA1

          ca724a40aa3c6d62461ead3a6815eececdc71195

          SHA256

          3407e2ddd689f40f3e8e3c2c8dd87b52a182143acf1ffedcc7608e72fecff9d7

          SHA512

          4db4cb0471e9fc2bcdffc5ad87375c239ea3ec103cdca57b5376ac530cd2284a2e60730b22017346a53b0adeb768330a3569f1a25ba9e51fb8ff9f0f0b440730

        • C:\pipi\google_logo.JPG

          Filesize

          5KB

          MD5

          4beef83fec516b37b5219e8433c07498

          SHA1

          8fab8c53263ecbe34109a2e91ef4a739a8735646

          SHA256

          f4cf7983c35b8842b356371c557885faf26261ef523d0f9e0d3921e20f165e8c

          SHA512

          577009e03ee341b7ad4b0979b6e47df79f64cf9139c4eb4e26696c3b21b74960f61362253363bba8e49537ad039626b9dfad182b6b68b73ddce7bb9ac86b694f

        • C:\pipi\jfCacheMgr.exe

          Filesize

          1.9MB

          MD5

          46f26ea44b601aceffb91595b949ff63

          SHA1

          0a5e49443eb64e7e3395d578d852a2d61a8a2923

          SHA256

          c481592291afeea322c440d0b03323f2920cfb619e326e93f36dc28b52e2312e

          SHA512

          b1edd7f979937669ae5e811b75d2114866307f03f258880f8d2c43aab76e1bea87c668cce2be6de7e019564c3354fdede508798a13cf41e8b5d5fa3507888610

        • C:\pipi\jfres_plug.dll

          Filesize

          6.6MB

          MD5

          d429f2117ba8d39c28f85a8d7d50a7c6

          SHA1

          042be6a8f49bbdc61b467bb018743ffccaca7262

          SHA256

          896fd2153552f48b47ea98a171720020a09ce0cff5517a9e728a576a942b1c13

          SHA512

          57de255f2d11bba70591f4b64e3f13d4ffac20892afe662adfa61de07ec656bf4c49303d04afbd31195a2447142c4303bde4f6c4b92c1147754fb09719ba165c

        • C:\pipi\setupwelcome.JPG

          Filesize

          36KB

          MD5

          5f2e955342701741fa97750aa5d99487

          SHA1

          eb81e74ef78dd94e4da1d041d04afc5bad2b4d47

          SHA256

          8ac83f47e5353f052b1f7c729f4e1b1ae41377010421b71ea034d20850b4efed

          SHA512

          6b708d617905902fbad5fa83f16c699240c046d4ed11fdfb963ecc41795a6f2bd014a0ec4450893c62954a62dbfeacdf1132a320b442d993bfd2b27eed986efa

        • C:\pipi\topWizardSmallImageFile.jpg

          Filesize

          2KB

          MD5

          5ed5fd48c11acc65c88b0954a7224fe1

          SHA1

          5bfe240886fdae4f231671bf46c67d4c1cfe2f27

          SHA256

          51c476f505836fa5a4e5a0331fca86d03ef729aaacd4ba08a4351cd3a933136e

          SHA512

          dc5ee19db8136c13718a40dbbb65e8bd10932ad8c28e94239d466c1382e0c68ca46ef513b215762e81f2dbfadd9dc67dafe465317963040da36901858d3975da

        • C:\pipi\wizard_recommand.JPG

          Filesize

          5KB

          MD5

          1f03b9d855e4f6044db8d3d9834a5e46

          SHA1

          0b52092d8edc49e57ff48d8e81ddb8f2e8db6fb7

          SHA256

          eaf146a8b301d03c0ee4a21d05ede09b7cb6bfd4eca5882014c69701bb6257f5

          SHA512

          050dbf6fa7d6629881be01e81fea412104144da96071497e22019347f28dd49321468bca030f62898247c025e7d108be420d2ca18d46d9b45e7bd18148493d89

        • \Users\Admin\AppData\Local\Temp\is-FKEO2.tmp\PIPIRecommend.dll

          Filesize

          155KB

          MD5

          1ce3ea602274c3cc2e6037933e2b8bb2

          SHA1

          9a6137688fec60e6247085beba8a5aa064069bc0

          SHA256

          c56af8733c25963a17abb24e7340e2cb98abdd37232741391b6771bcf2a3821b

          SHA512

          d98070fec53eaa0ad39c72b38e493f828971864db2844e2c225b1ba1e803e9960f2d2b23610b569fe31875a05049d336e6932c6b5184dc5c8f78b01f36ad3b55

        • \Users\Admin\AppData\Local\Temp\is-FKEO2.tmp\_isetup\_shfoldr.dll

          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

        • \Users\Admin\AppData\Local\Temp\is-FKEO2.tmp\jpg2bmp.dll

          Filesize

          143KB

          MD5

          df1fd0bed631d245485deeb4cfdc29f1

          SHA1

          739579e6460091e567d53a2d0179bc3a2abeb038

          SHA256

          2607f1f086472678f15e9fa6e0f21e91e816d8c4015d2ff3359e69263311d240

          SHA512

          9c2e73ecefc9b5b1f1691bdcc9fb457fb387f83f8a8e466eba4a985392a9fdb9fd2d8799e65f65e4f54de6e8c7199196be82c8525633bbff9ec3f10fad05bd8c

        • \Users\Admin\AppData\Local\Temp\is-IVMGS.tmp\pipi_setup_392.tmp

          Filesize

          829KB

          MD5

          fb111f1c53146bc0e04b2103f7a4d4a3

          SHA1

          f3abb93fd2f3520929744075336acf0c33e4d544

          SHA256

          03cfea10a4f72c59389fdc2f9cb465a3bf2baeddb074aa2cde711e622e4a5d78

          SHA512

          03c4dc797737f7fdf66d5998c8c36a3c1b154398f0664f65a0c9b9485bd635698e6333d7bf756f9251f9512554c33817ce15942b38a55fe6bcd6e6bfdbb80855

        • \Users\Admin\AppData\Local\Temp\pipi_dae_392.exe

          Filesize

          6.3MB

          MD5

          e209b3e6154589c34b7ebdad8d73980b

          SHA1

          b0be9c6dc0d8627b754a3c2ff1044b191e3a9052

          SHA256

          883184254d9e4abde6311df166143a5ff1c6845cdc86fc3dc6dcf3859f343d38

          SHA512

          01be02ab5de0df44abf60434e9cf72ffc199fb9ea8e7df4e83b86581558cc8e0776262a164f172bc020add351261822dce57755287f92fb6f1fde1f0936e25cc

        • \Users\Admin\AppData\Local\Temp\pipi_setup_392.exe

          Filesize

          6.2MB

          MD5

          cc3bba23d59e99c1bbd3727d77392518

          SHA1

          cd779107009e75ae256dcd93d472cb715dfa472e

          SHA256

          3303531c4370dab0b019c82f3ddb1294ac053bb9ce2b91cacc6370bbb3d20bf0

          SHA512

          661fa143987313bcf0bd29409358b80f1261af3589382c6e639cefa3a54ac14bc0d45f3555a031456dd57fe41736171b0b147ab23dda495110452f4dd70f26da

        • \pipi\KmFileTypeSetting.exe

          Filesize

          42KB

          MD5

          773504a6e1b891dbda9e7cd906393df8

          SHA1

          3dcda41aa9b14b9572870f3a961e8572c3dea4f2

          SHA256

          5ed50ab0bfd7f3a0e7f7b7cb1b3a2a366c05e9630f8bf1b0435513f24fe1bdf2

          SHA512

          36a5bc03a4fe7e219b18f6a1d90ff9611d304952ffe855f8a4b28f1459a5c7c8b306d4ecde3f49e79cdfbbf1007c026a2d8ed709eaf6f34de507c5f4caacce63

        • \pipi\PIPIPlayer.exe

          Filesize

          883KB

          MD5

          19abe9404a640fb9d492e7432c123804

          SHA1

          fb06a19b30378cb9fb4dd72b62d1f3557658102e

          SHA256

          77eec39e9633cc07fb6fbdee6748c6c6be3003152a3cbdb07c3ae313ab65bd53

          SHA512

          139b392e30c3b503d2fed0e6058b869fd653ae76530be050d8314daf12b0aa4e9a148b998ba6275d858c22da40fc9a96785787207236c839dad7fb6b5785f7bb

        • \pipi\PIPIStartSvr.exe

          Filesize

          15KB

          MD5

          ce035202671f9c9dd1d0cd26d4a06adc

          SHA1

          34d42b94be4367371a74f5c0db3b760c16a80557

          SHA256

          6bbbc4d67cce170dc3b234c85a136d96e2f4a83cf2001cbb2bc1837bce218b02

          SHA512

          00415034debed0c8a65ab8c96b89828729eb9d2446ae882f363004290aba049369717ac28cd54f0a35a75b3b5183382d01e41c39c13a36297f9d27d7ddb3a7cd

        • \pipi\unins000.exe

          Filesize

          839KB

          MD5

          2c6d392a649e15f0218a8c888ed85b8b

          SHA1

          d823c2dd56b4d7b761a136b261d315e958d20b3e

          SHA256

          58cd2fddcac89292d5332b401cf61cab57cce5220352e9344b668874d00fc337

          SHA512

          382417dd1f9a8f70b93644157a56ae473e74c371f95d269c5e99963c5096bec90d70f6efc24ec1fc598cf50fcbfc909f94a340d3cb05215810f04f063d6c3f87

        • memory/2092-329-0x0000000000120000-0x000000000012A000-memory.dmp

          Filesize

          40KB

        • memory/2092-338-0x0000000000120000-0x000000000012A000-memory.dmp

          Filesize

          40KB

        • memory/2732-218-0x0000000000400000-0x00000000004E1000-memory.dmp

          Filesize

          900KB

        • memory/2732-701-0x0000000000400000-0x00000000004E1000-memory.dmp

          Filesize

          900KB

        • memory/2732-48-0x0000000000310000-0x0000000000338000-memory.dmp

          Filesize

          160KB

        • memory/2752-217-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB

        • memory/2752-702-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB

        • memory/2752-28-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB

        • memory/2960-585-0x0000000010000000-0x0000000010103000-memory.dmp

          Filesize

          1.0MB

        • memory/2960-584-0x0000000010000000-0x0000000010103000-memory.dmp

          Filesize

          1.0MB