Analysis

  • max time kernel
    95s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/01/2025, 12:04

General

  • Target

    JaffaCakes118_e699dbd72ba9dee2511beb9e8f41fbdc.exe

  • Size

    6.4MB

  • MD5

    e699dbd72ba9dee2511beb9e8f41fbdc

  • SHA1

    7a5d8cd7ba0afd715df2e8146c30b89a92df9ec4

  • SHA256

    78007a8d9ab75cb5ff4039a9627925a0eb5a32f137148a2c3dd4e1a8dc7f2be9

  • SHA512

    763c958fef1842d1aab039f073f3e390362e1068babf712bf11221a6d9c895eb992e3cb0a7de1d70c1984e3cb145460df3812cfec9dc288af635cdbad95612b8

  • SSDEEP

    196608:+eP+HX0EGC4f/XjoeMlKAK0+KgkIJp5iCeUzFp3UvGKqQrmj/ml:+ggXK/zpmd+6IJp575zUOZImj/ml

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 25 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e699dbd72ba9dee2511beb9e8f41fbdc.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e699dbd72ba9dee2511beb9e8f41fbdc.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Users\Admin\AppData\Local\Temp\pipi_dae_392.exe
      "C:\Users\Admin\AppData\Local\Temp\pipi_dae_392.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1132
      • C:\Users\Admin\AppData\Local\Temp\pipi_setup_392.exe
        C:\Users\Admin\AppData\Local\Temp\pipi_setup_392.exe /verysilent
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3408
        • C:\Users\Admin\AppData\Local\Temp\is-63BLS.tmp\pipi_setup_392.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-63BLS.tmp\pipi_setup_392.tmp" /SL5="$5026E,6213687,71168,C:\Users\Admin\AppData\Local\Temp\pipi_setup_392.exe" /verysilent
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3964
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\JfCheck.dll"
            5⤵
            • Loads dropped DLL
            • Installs/modifies Browser Helper Object
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:4436
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\MCCKMPlayerX.dll"
            5⤵
            • Loads dropped DLL
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:5064
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\PIPIWebPlayer.ocx"
            5⤵
            • Loads dropped DLL
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:5020
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\codec\CoreAAC.ax"
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:1380
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\codec\CoreAVC.ax"
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:4808
          • C:\Windows\SysWOW64\regsvr32.exe
            "C:\Windows\system32\regsvr32.exe" /s "C:\pipi\codec\MPCVideoDec.ax"
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:3988
          • C:\pipi\PIPIStartSvr.exe
            "C:\pipi\PIPIStartSvr.exe" -i
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:4324
          • C:\pipi\jfCacheMgr.exe
            "C:\pipi\jfCacheMgr.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:3960
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 632
              6⤵
              • Program crash
              PID:4032
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3960 -ip 3960
    1⤵
      PID:3004

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\is-63BLS.tmp\pipi_setup_392.tmp

            Filesize

            829KB

            MD5

            fb111f1c53146bc0e04b2103f7a4d4a3

            SHA1

            f3abb93fd2f3520929744075336acf0c33e4d544

            SHA256

            03cfea10a4f72c59389fdc2f9cb465a3bf2baeddb074aa2cde711e622e4a5d78

            SHA512

            03c4dc797737f7fdf66d5998c8c36a3c1b154398f0664f65a0c9b9485bd635698e6333d7bf756f9251f9512554c33817ce15942b38a55fe6bcd6e6bfdbb80855

          • C:\Users\Admin\AppData\Local\Temp\is-IQ813.tmp\PIPIRecommend.dll

            Filesize

            155KB

            MD5

            1ce3ea602274c3cc2e6037933e2b8bb2

            SHA1

            9a6137688fec60e6247085beba8a5aa064069bc0

            SHA256

            c56af8733c25963a17abb24e7340e2cb98abdd37232741391b6771bcf2a3821b

            SHA512

            d98070fec53eaa0ad39c72b38e493f828971864db2844e2c225b1ba1e803e9960f2d2b23610b569fe31875a05049d336e6932c6b5184dc5c8f78b01f36ad3b55

          • C:\Users\Admin\AppData\Local\Temp\is-IQ813.tmp\jpg2bmp.dll

            Filesize

            143KB

            MD5

            df1fd0bed631d245485deeb4cfdc29f1

            SHA1

            739579e6460091e567d53a2d0179bc3a2abeb038

            SHA256

            2607f1f086472678f15e9fa6e0f21e91e816d8c4015d2ff3359e69263311d240

            SHA512

            9c2e73ecefc9b5b1f1691bdcc9fb457fb387f83f8a8e466eba4a985392a9fdb9fd2d8799e65f65e4f54de6e8c7199196be82c8525633bbff9ec3f10fad05bd8c

          • C:\Users\Admin\AppData\Local\Temp\is-IQ813.tmp\topWizardSmallImageFile.bmp

            Filesize

            77KB

            MD5

            2bf58dfc87fed4cd136b38eda09b03b5

            SHA1

            0466c573f89c2311bec15e1892af8bb1981f8e46

            SHA256

            59bc1f995b1c0989689039de7bdd50201ba75f700e1aba7ac548751629f77ed3

            SHA512

            f7f82b12cec7b036aae733da6c0639dc193ba979d5662b0c5595ed6e1a8120f314a6f9f4fc74c0f8d44f79884dc66d25129755160ee7dc688e7c9c0e5bc7dfe0

          • C:\Users\Admin\AppData\Local\Temp\pipi_dae_392.exe

            Filesize

            6.3MB

            MD5

            e209b3e6154589c34b7ebdad8d73980b

            SHA1

            b0be9c6dc0d8627b754a3c2ff1044b191e3a9052

            SHA256

            883184254d9e4abde6311df166143a5ff1c6845cdc86fc3dc6dcf3859f343d38

            SHA512

            01be02ab5de0df44abf60434e9cf72ffc199fb9ea8e7df4e83b86581558cc8e0776262a164f172bc020add351261822dce57755287f92fb6f1fde1f0936e25cc

          • C:\Users\Admin\AppData\Local\Temp\pipi_setup_392.exe

            Filesize

            6.2MB

            MD5

            cc3bba23d59e99c1bbd3727d77392518

            SHA1

            cd779107009e75ae256dcd93d472cb715dfa472e

            SHA256

            3303531c4370dab0b019c82f3ddb1294ac053bb9ce2b91cacc6370bbb3d20bf0

            SHA512

            661fa143987313bcf0bd29409358b80f1261af3589382c6e639cefa3a54ac14bc0d45f3555a031456dd57fe41736171b0b147ab23dda495110452f4dd70f26da

          • C:\Windows\SysWOW64\config\mcckmplayervod.ini

            Filesize

            31B

            MD5

            5378f5b11a7f76e5363bd9246670d2f4

            SHA1

            58377e3e0763caca75e84dcf6595ed620e72430f

            SHA256

            352c88b52b5e831263ed4486ef774c38c5c36fc07375204f4d539a4ce8d756d1

            SHA512

            38175ef3a721595f8204f1be010fbe48e033ba7746d05c6a6b4585c5a20dfbfe4d60d7dd6d3fd4166bc4fcfb7f83ba12e952cb13c31d499bbeb1f62a15e44480

          • C:\Windows\SysWOW64\config\mcckmplayervod.ini

            Filesize

            47B

            MD5

            bce0add342645081e876fc1b5c493857

            SHA1

            70b95fa92734665acd4f5920443b1a2fcb5c3127

            SHA256

            4e1ae73cb97aac9553eb06b33352ff32f3ff799512d60fb9632eaa76de209492

            SHA512

            8cbbd8142e32a02843156512535ca793083b05fa4b9c3ae48c4ecc5da3e9a9f2b5dc73772239bbaeae5043afbd1b4a2524d8ae60eefec18d3bb715bd714bc0e8

          • C:\Windows\SysWOW64\config\mcckmplayervod.ini

            Filesize

            5KB

            MD5

            c9fd3c9037f9a4484d0635868ea571e4

            SHA1

            02ac3179b0ac4b6ea91fa861ebcae2bc8072bdb3

            SHA256

            e54b124bceed3b3495bb1298cb03276b7505d850f6e3386afaa4668adc41ae4c

            SHA512

            776bf5a8f2a6550ad837df16192a64b81decf071633ae130d77e51c509c75f7de9b62975e096366fa4b4361a582224c4ca32f7d75219a6f8614450ac784c266b

          • C:\pipi\JfCheck.dll

            Filesize

            255KB

            MD5

            1657afe7575729742c65193390623784

            SHA1

            27c648287b0400c2344fbc335bc78010b751efe3

            SHA256

            7f3baae263dd7f486f83270b6ab241d5fa79610fa171eedbb320bdc6a74aa623

            SHA512

            b3aa8a4e4eac6b3bf9193c43a446c50a187c07f3d9c823ea83da131254928f8ef1a6a7c30ee1b667efb9a2521477bea5eb26cb5f282ce3c5672a33d3b7d3ce59

          • C:\pipi\KmBugslayerUtil.dll

            Filesize

            25KB

            MD5

            b81c426c5cf1e529cbe740237a87f33f

            SHA1

            eeae32c6916e18a15f33df4820684818c74ffa55

            SHA256

            e2c8764c4b352f4d33674b0e86208833bb8e8b86bc2980d844472d8420105922

            SHA512

            05f75ec8ec8d20a6588c85036e475b4cdf7ba94b0ec9456a2e20d5f833c9cbdd77f668f5b2bc88abcdc4deae6c2b45bccb6573fb0e11ab87050b7b56cb41f2a6

          • C:\pipi\KmFileTypeSetting.exe

            Filesize

            42KB

            MD5

            773504a6e1b891dbda9e7cd906393df8

            SHA1

            3dcda41aa9b14b9572870f3a961e8572c3dea4f2

            SHA256

            5ed50ab0bfd7f3a0e7f7b7cb1b3a2a366c05e9630f8bf1b0435513f24fe1bdf2

            SHA512

            36a5bc03a4fe7e219b18f6a1d90ff9611d304952ffe855f8a4b28f1459a5c7c8b306d4ecde3f49e79cdfbbf1007c026a2d8ed709eaf6f34de507c5f4caacce63

          • C:\pipi\MCCKMPlayerX.dll

            Filesize

            3.1MB

            MD5

            51ac0e8d96e644a5ac1c670b37269a9f

            SHA1

            ef761c6b88b2ed9174184b364d9ef472bfb85ecb

            SHA256

            1f50f6ee5b6f2e0fbaed1fdd47c20bff5f7099d6b07a5cde23ba8e24120324f9

            SHA512

            ab9d57b2e5b18af3760f3b811ae2286101ac9ea948fa042073acdd543dca3b1bf8b8c758e2e4ab5696eaf0181d5e6824d2e6a0f78153bdc2b7f6eba0e78718ca

          • C:\pipi\MFC71.dll

            Filesize

            1.0MB

            MD5

            f35a584e947a5b401feb0fe01db4a0d7

            SHA1

            664dc99e78261a43d876311931694b6ef87cc8b9

            SHA256

            4da5efdc46d126b45daeee8bc69c0ba2aa243589046b7dfd12a7e21b9bee6a32

            SHA512

            b1ced222c3b7e63e22d093c8aa3467f5ea20312fe76a112baed7c63d238bbe8dee94dfe8f42474f7b1de7aa7acb8ba8e2b36fdd0a3cda83ee85ac9a34f859fa4

          • C:\pipi\MSVCP71.dll

            Filesize

            488KB

            MD5

            561fa2abb31dfa8fab762145f81667c2

            SHA1

            c8ccb04eedac821a13fae314a2435192860c72b8

            SHA256

            df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b

            SHA512

            7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43

          • C:\pipi\PIPIPlayer.exe

            Filesize

            883KB

            MD5

            19abe9404a640fb9d492e7432c123804

            SHA1

            fb06a19b30378cb9fb4dd72b62d1f3557658102e

            SHA256

            77eec39e9633cc07fb6fbdee6748c6c6be3003152a3cbdb07c3ae313ab65bd53

            SHA512

            139b392e30c3b503d2fed0e6058b869fd653ae76530be050d8314daf12b0aa4e9a148b998ba6275d858c22da40fc9a96785787207236c839dad7fb6b5785f7bb

          • C:\pipi\PIPIStartSvr.exe

            Filesize

            15KB

            MD5

            ce035202671f9c9dd1d0cd26d4a06adc

            SHA1

            34d42b94be4367371a74f5c0db3b760c16a80557

            SHA256

            6bbbc4d67cce170dc3b234c85a136d96e2f4a83cf2001cbb2bc1837bce218b02

            SHA512

            00415034debed0c8a65ab8c96b89828729eb9d2446ae882f363004290aba049369717ac28cd54f0a35a75b3b5183382d01e41c39c13a36297f9d27d7ddb3a7cd

          • C:\pipi\PIPIWebPlayer.ocx

            Filesize

            427KB

            MD5

            cb2d2dc09a6e895817462579fbd04f72

            SHA1

            dae1d1db8d377e16e14de46b6aba7a343f9ce9c6

            SHA256

            908868ced5007895a97a2bfe28137cfe21dbce7a0a406d4d6d73c733f6d01581

            SHA512

            e35c21871ea6b167b0bf01f94e45b352d033a9311052daf09184590e9af6e2ac45f13034d91306276f6c831e5c01cf39da972d670b61403cb6ff4f365ed3e45a

          • C:\pipi\baidu_logo.JPG

            Filesize

            6KB

            MD5

            674b355f4facfe3c02d9a4b2230b59dd

            SHA1

            e4543a4d01d28ffb184c25d283b0fdff83f6353d

            SHA256

            2a8053f50ee7658429a06c42282afeea4433307486e00f09d1c4b111fca74c3a

            SHA512

            c4f77ee544aeb0c4e77f673ec4bb23076dcc2de1595296eb1cb6da40e9651676ea72b4c6f503d663091126fb0fa1cf065b74a6acef48752baa391ace54d53f81

          • C:\pipi\codec\CoreAAC.ax

            Filesize

            312KB

            MD5

            b0ffac757be8d6cc41e1131eb2b0d959

            SHA1

            0e41733a050bc2ed53fda6337d6501b9942317c2

            SHA256

            04bf38bbd9cb8287582f9a2fb8b06e0ab30f06f676a93f4a56656b576f10e597

            SHA512

            356ecf4902f767f74670e5fcd57f26fb8a43710d0a2b3a995877e6f265119b2f091c6e5e3457dfa1767c6e4043afc470cc7090f43dd997b27c0e94c7e102bee3

          • C:\pipi\codec\CoreAVC.ax

            Filesize

            228KB

            MD5

            40850535fa9d08698e69d2985f1dc20b

            SHA1

            670ac35368499b3abe9339b7a9467e31b33b3cad

            SHA256

            67b3280ec7a04f686a94f87d7e19220f62b8e28647660fabd08ff57902ec2e9d

            SHA512

            52d909dc11f06883ae7c6ab5ef97c989a12838ad8b95681771583546669c3c19fd4a9077ce3c383330a1e9af4155324533ed62b36d70c66224f53a8160106906

          • C:\pipi\codec\MPCVideoDec.ax

            Filesize

            2.7MB

            MD5

            b49bb7b63fd5dab01d7be40144da3625

            SHA1

            3c077fba0dd9b382711f8889060d3948c7e6ae95

            SHA256

            919aa595ec2b18b811e3562ba9667c539015d401d3ef53f2c0f8e4b0ea51bebe

            SHA512

            461a5766dab7a20d905229116a000d8a0e73ec0a693f46fa7846322770df45fdf7a70aee4dfc77fd3d2dc7e2dd94615efb159497500694ff747c83dd7df78b76

          • C:\pipi\codec\rm\14_43260.dll

            Filesize

            96KB

            MD5

            8874d40067c2758aa93261dede1172cc

            SHA1

            c1af162a19494af3718f59e95201e1fd0d0d5bba

            SHA256

            3c7da8c08e7d80dc2f96848b99558addde8333bc3fba978e53b4503919f7ec2d

            SHA512

            e65903556c26e89e208c6e5f97453b6855281519b4a46d699b2e0f3a45ef4617b350019e141d4a2230bccc9601bdc28ee28533d33dda59913cdbe11bb674b018

          • C:\pipi\codec\rm\28_83260.dll

            Filesize

            56KB

            MD5

            48a6d4103d97329898782f775876cbfb

            SHA1

            956f7b06f49a88c72705ef230a0e3b16aaf21e7d

            SHA256

            41b43a4d9f24287a8f6588f25c130597e908f2547a4408a0e8c6e899d2d6d1fa

            SHA512

            02e32003c5487bdd48006c0dccfe9655c88e9816d626bc8ca1b5a247d863bf9a2419ae7bd080982d7b2f88fc105606e1a31e081b98805e18f196985bc7ecf223

          • C:\pipi\codec\rm\atrc.dll

            Filesize

            76KB

            MD5

            ed7c402a17a33d428a6d0dad2e7c42d8

            SHA1

            93a6dcf0abe28a01403da578d685cc5c0b48bb82

            SHA256

            00cb4ae39a6e18c07e12ae53150ee29ece9ef4561a496920f19813aa431daff2

            SHA512

            bddc074123d3f144d7903d5f2502f8961ef79e1a06ce05d1769f37314eb276729444647a9f5c9e80fec0512cbd07b5e46be40f6f6015f8b1a255d7daf3ae28f1

          • C:\pipi\codec\rm\cook.dll

            Filesize

            64KB

            MD5

            fa220dae3898b8578c34791648321a38

            SHA1

            12bdd5396e996d071368980d36ef6f6c7b39f936

            SHA256

            f8b5898569a508e370eb25db27c1cba440c9d559529850c05589e56a93659835

            SHA512

            9c2ad73fd43de7ca16a1d75b2974a737dfe1478d094783861ff5e3f994e17bc9e36e31f130296b497bb8955849be31db526018c0621cf5b09496fc6e5c3d6f34

          • C:\pipi\codec\rm\ddnt3260.dll

            Filesize

            36KB

            MD5

            2d2fed2cfdbbd8860fa709f7d83e7df0

            SHA1

            e596609ba56c0d12e67e58e5d8d7755b1ab1e252

            SHA256

            c808b57c9518691293bfbccae717e5009c5f210bb8054bb6af0c38c2294a9643

            SHA512

            5e6e1b3d845802bf537936797e36bc91c932891a922744c63653789cc014d8908a62e38aa3e157726c7bea5bbb946676c7a5ceac66febaee06161a9574d5d526

          • C:\pipi\codec\rm\dnet3260.dll

            Filesize

            20KB

            MD5

            9ca900e5dde1807c42a81871cacfa855

            SHA1

            f079b1d0f74b0e5b22d4cd5e2b45d875876a0875

            SHA256

            a5035273193da8fd44668b5b2128d91d2d78f877729d9aa1198c4e27f16d1256

            SHA512

            bef17c32d7039f0c9fcb4555ce9ad7fc9360682e7c3a87c02c54812687ee58a7b83779bdcf87758fdb86fe9f96088e5ff14a1c76113c142fad3ccd3ea0350fdc

          • C:\pipi\codec\rm\drv1.dll

            Filesize

            100KB

            MD5

            2f8e3e67cf99d672aec7ca9b95498fc2

            SHA1

            21f91f28e633f7615d1a15c1c5aa894c624d6a39

            SHA256

            c82401a0e5765271fab9ed86cbbfc99a137274f045dd90461acab6adf9297d4a

            SHA512

            f472d37b3b9dba3a21211642395e364f617319812c9e13b492f76c60e9c554ee4034dcd3393195a115003c37041147b94767ed061f6971a5fc006b12f179049e

          • C:\pipi\codec\rm\drv2.dll

            Filesize

            172KB

            MD5

            f4988500f9d3e75e6149e0462adf5051

            SHA1

            8a672c4372f6e427c04037ed6a4e01e1e30ac39e

            SHA256

            74ae1886586ebd9834a0b9d9079e903892f3eba9864a6cb98735bcd404ea943c

            SHA512

            233314cab306d31efbcc5d49000506bea303339aebf5ae0bd41fd72031f00baa0245d5c3599c2bd2988facfb6eac7bc2880617a0dc73ad510a69572667b6054d

          • C:\pipi\codec\rm\drvc.dll

            Filesize

            260KB

            MD5

            e9ad4c6feede8ce70a1a21ed1dc0e2ad

            SHA1

            ec6b32969e43328a177456be63864d004d501fce

            SHA256

            ef8d7d81cb460db57f2e737ca0de3e0c6c06f78273e49a47b24f0a1eeaa2909f

            SHA512

            ccd0a54e989b882db33e932fd95d29922dcc3e8608f32beef5882182be0534d809f67ce4d54ac894165f51e237ad39402ca97cf05e933fdd3c01c4f6ae50643c

          • C:\pipi\codec\rm\hxltcolor.dll

            Filesize

            236KB

            MD5

            ba25f69ff1b1d3e18557ed0a94350eb9

            SHA1

            a6d8a39ad9d1c8584c284c5255102b61701af70c

            SHA256

            524b6e2cbbd6adfe45ed4d12227651c02780d4c312b55139436db079b5e786a3

            SHA512

            29a0448d50ce656109255e800018181990afac935fde665f01558338102abe7ec7a9019a09d3a138e0134590ed9f632cf9be219977d6070fb9303eb6eef67329

          • C:\pipi\codec\rm\pncrt.dll

            Filesize

            272KB

            MD5

            13001eb0a58b4de96126b16ab15fd8cc

            SHA1

            4dfe6d2d02e9fa194f4af3d054b458b5a4bafbe6

            SHA256

            e983aa97fe1ce6af92f06433a71e03f54d3fc78392e26691cace927094bab8d7

            SHA512

            1a7c052bc1e7c824a3aff5e27c5cbd0720893e341dfb93062021b82c3a6d940c4ea23cbcdfaaeb174d90f51c36f0d8c62f693766f42172f894b6b689d26f49b2

          • C:\pipi\config\clienttype.ini

            Filesize

            577B

            MD5

            f838fd895631c25e59c7cdf033c7eca0

            SHA1

            68b7caf508fe2db5bc7dad588ed3bdbc21c281e4

            SHA256

            9100f2113f8409387b6e003d9647465b78665c3a6a7194236c79b32c0cc278ee

            SHA512

            aa2432e6152cfb15b50d6be710d3b82901b6f737f70dab6881fbb7e294fd2430f232329a48b7ce8cfe8573c52c4ec94e8a609c523a6b5e0d466dc33be8d69bd9

          • C:\pipi\config\config.ini

            Filesize

            646B

            MD5

            e4a3f8797262dfaf39aea78e9f5dfc86

            SHA1

            f191ba6ed659c02fe025da21d7eeb7341a9c3ce2

            SHA256

            0572dfd01784d4603573f60c8287ec9ec7751b8fe1e1abd96bed391029950c89

            SHA512

            dfb6429be8e555d1f0c0422909b929737e5b046e006f1f311e55ade3199a81c8c894b338fda4aeaca5b8d4000e451f8fbb2034c35b461f955c9d55fe1bff73e0

          • C:\pipi\config\config.ini

            Filesize

            677B

            MD5

            6dea98687b555d25b9400b6608a7c3c1

            SHA1

            840775ca8fcc8b3d32289107cad7379f38057144

            SHA256

            b3163e59f46029b0be23f91e48fd7ae6f89a59e116033c0fe4afd6ebc6c06b8f

            SHA512

            164633e7777326a4bbb32462bbf59b488b7d22d0d040fa9fb5d6c8e6b82de585b9508ae2a3f5ffb6349799b77bd2dde8a7ee93bd07f99b0fb4b1c9af0950ed82

          • C:\pipi\config\config.ini

            Filesize

            691B

            MD5

            eed2f7590a7321701b1070a1883f6411

            SHA1

            7d6ccfcfb450861e0933539b6aeae0aa4b164157

            SHA256

            4222651dd7db6caa911fff7b3ca95561b173d81f16c4eb25cf664374769d5e75

            SHA512

            1df0b046093e17529836335f70027aabeb697c05f7a2fddfe3d055a7cbef278bda9b82fe65aff6620ec82e9c0e03c212f2025aa1d3ddf7a537a5085c7daeeb60

          • C:\pipi\config\enumwindow.ini

            Filesize

            485B

            MD5

            97129f3dad72c31fc0c0522b13d8a8e9

            SHA1

            5746b079d104ebc4ead8e3a1840a72caf9aeedac

            SHA256

            39b8d619b336a8edabe2b10ab945e0dbed4dc51dfe6453bdb884f48469e539ab

            SHA512

            984b150090134d35bf6172a7c06d98758d9898b8657cb891febf1b69e7e8fdbb27dd05a8e3d3cc148b1b4c7722bd8188941b4b32afae16e428595c9957d4a770

          • C:\pipi\config\partner.ini

            Filesize

            35B

            MD5

            23a7ec3ae915bf850ac0ca9fa4627efd

            SHA1

            cf9b332f74bd6583e05ea448e7ca61e0840f46b0

            SHA256

            4380b09b0804ff4910cd84b2231d5a671a7a40e7cb67c3276f9007fb1ef28294

            SHA512

            2ca515e1bc2e64844db065d42b1f6f1b900b669ece1b403c4923ea2747103853b960f86eb6b2a8299afe265fd0827231d27519d69d72bbcf46abfd019d89885d

          • C:\pipi\config\skin.ini

            Filesize

            15KB

            MD5

            f33179b59f10498a6ae36f981fb485b8

            SHA1

            ca724a40aa3c6d62461ead3a6815eececdc71195

            SHA256

            3407e2ddd689f40f3e8e3c2c8dd87b52a182143acf1ffedcc7608e72fecff9d7

            SHA512

            4db4cb0471e9fc2bcdffc5ad87375c239ea3ec103cdca57b5376ac530cd2284a2e60730b22017346a53b0adeb768330a3569f1a25ba9e51fb8ff9f0f0b440730

          • C:\pipi\dbghelp.dll

            Filesize

            478KB

            MD5

            5f9bcab7284a5be1f362e8815d0005c2

            SHA1

            3ec0f1c7bce67e6d7c09cb30c90b3c3cb0c9b228

            SHA256

            f4425ea3234eb7d108e829dc299e6533edffaf5bc449816d201af6a77a888c17

            SHA512

            2ed5f23aa1f987e6a4752693e30c5a30b22a13184547b452950a4367c9bbd3eb1bde2c9d8cf6203fc3615c964ff94b871c48855904078df533a105567c3dc9cd

          • C:\pipi\google_logo.JPG

            Filesize

            5KB

            MD5

            4beef83fec516b37b5219e8433c07498

            SHA1

            8fab8c53263ecbe34109a2e91ef4a739a8735646

            SHA256

            f4cf7983c35b8842b356371c557885faf26261ef523d0f9e0d3921e20f165e8c

            SHA512

            577009e03ee341b7ad4b0979b6e47df79f64cf9139c4eb4e26696c3b21b74960f61362253363bba8e49537ad039626b9dfad182b6b68b73ddce7bb9ac86b694f

          • C:\pipi\jfCacheMgr.exe

            Filesize

            1.9MB

            MD5

            46f26ea44b601aceffb91595b949ff63

            SHA1

            0a5e49443eb64e7e3395d578d852a2d61a8a2923

            SHA256

            c481592291afeea322c440d0b03323f2920cfb619e326e93f36dc28b52e2312e

            SHA512

            b1edd7f979937669ae5e811b75d2114866307f03f258880f8d2c43aab76e1bea87c668cce2be6de7e019564c3354fdede508798a13cf41e8b5d5fa3507888610

          • C:\pipi\jfres_plug.dll

            Filesize

            6.6MB

            MD5

            d429f2117ba8d39c28f85a8d7d50a7c6

            SHA1

            042be6a8f49bbdc61b467bb018743ffccaca7262

            SHA256

            896fd2153552f48b47ea98a171720020a09ce0cff5517a9e728a576a942b1c13

            SHA512

            57de255f2d11bba70591f4b64e3f13d4ffac20892afe662adfa61de07ec656bf4c49303d04afbd31195a2447142c4303bde4f6c4b92c1147754fb09719ba165c

          • C:\pipi\libdb43.dll

            Filesize

            644KB

            MD5

            2d5a45f9b7c32a3612a120ee66608d95

            SHA1

            78335a698b4500a1348c1c5ffd5015ea56a9987a

            SHA256

            7394c140e21c8dc95790d30eaec28d2c3807b8a63813de4252db874c938eb2c2

            SHA512

            9ad364d6d810caa8a5c0162a3b1a2f79bcebf30864f3ba12a87e1a3ced0a7f60a7b36dcb2a599495073bd3ac9146163530170409073545a87d67374dedde9e97

          • C:\pipi\msvcr71.dll

            Filesize

            340KB

            MD5

            86f1895ae8c5e8b17d99ece768a70732

            SHA1

            d5502a1d00787d68f548ddeebbde1eca5e2b38ca

            SHA256

            8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe

            SHA512

            3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da

          • C:\pipi\setupwelcome.JPG

            Filesize

            36KB

            MD5

            5f2e955342701741fa97750aa5d99487

            SHA1

            eb81e74ef78dd94e4da1d041d04afc5bad2b4d47

            SHA256

            8ac83f47e5353f052b1f7c729f4e1b1ae41377010421b71ea034d20850b4efed

            SHA512

            6b708d617905902fbad5fa83f16c699240c046d4ed11fdfb963ecc41795a6f2bd014a0ec4450893c62954a62dbfeacdf1132a320b442d993bfd2b27eed986efa

          • C:\pipi\topWizardSmallImageFile.jpg

            Filesize

            2KB

            MD5

            5ed5fd48c11acc65c88b0954a7224fe1

            SHA1

            5bfe240886fdae4f231671bf46c67d4c1cfe2f27

            SHA256

            51c476f505836fa5a4e5a0331fca86d03ef729aaacd4ba08a4351cd3a933136e

            SHA512

            dc5ee19db8136c13718a40dbbb65e8bd10932ad8c28e94239d466c1382e0c68ca46ef513b215762e81f2dbfadd9dc67dafe465317963040da36901858d3975da

          • C:\pipi\unins000.exe

            Filesize

            839KB

            MD5

            2c6d392a649e15f0218a8c888ed85b8b

            SHA1

            d823c2dd56b4d7b761a136b261d315e958d20b3e

            SHA256

            58cd2fddcac89292d5332b401cf61cab57cce5220352e9344b668874d00fc337

            SHA512

            382417dd1f9a8f70b93644157a56ae473e74c371f95d269c5e99963c5096bec90d70f6efc24ec1fc598cf50fcbfc909f94a340d3cb05215810f04f063d6c3f87

          • C:\pipi\wizard_recommand.JPG

            Filesize

            5KB

            MD5

            1f03b9d855e4f6044db8d3d9834a5e46

            SHA1

            0b52092d8edc49e57ff48d8e81ddb8f2e8db6fb7

            SHA256

            eaf146a8b301d03c0ee4a21d05ede09b7cb6bfd4eca5882014c69701bb6257f5

            SHA512

            050dbf6fa7d6629881be01e81fea412104144da96071497e22019347f28dd49321468bca030f62898247c025e7d108be420d2ca18d46d9b45e7bd18148493d89

          • memory/3408-17-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

          • memory/3408-681-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

          • memory/3408-60-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

          • memory/3408-20-0x0000000000401000-0x000000000040B000-memory.dmp

            Filesize

            40KB

          • memory/3964-38-0x0000000003990000-0x00000000039B8000-memory.dmp

            Filesize

            160KB

          • memory/3964-29-0x0000000000400000-0x00000000004E1000-memory.dmp

            Filesize

            900KB

          • memory/3964-61-0x0000000000400000-0x00000000004E1000-memory.dmp

            Filesize

            900KB

          • memory/3964-678-0x0000000000400000-0x00000000004E1000-memory.dmp

            Filesize

            900KB

          • memory/4808-562-0x0000000010000000-0x0000000010103000-memory.dmp

            Filesize

            1.0MB

          • memory/4808-563-0x0000000010000000-0x0000000010103000-memory.dmp

            Filesize

            1.0MB