569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
25-07-2022 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
Size

1.1MB
MD5

1c43dffd44c05547555743e916f36ce4
SHA1

9fe2dd0c1be8be46a171c7b0112803a4a7167bc6
SHA256

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770
SHA512

dbdd458483166596b06409a3ee83f202dc0971e28a76e2f7f534475ce81f68cd1bde53d8b008df10234b62556ba7e4f463f3cbe2b8bed26e8b679b2cf2392b1e

Score

9^/10

bootkit discovery persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\nsd235.tmp\nsRandom.dll	acprotect
behavioral1/memory/1500-60-0x00000000002F0000-0x0000000000302000-memory.dmp	acprotect

Executes dropped EXE 10 IoCs

Processes:

V8._85416_20150820204011.exePerfTraceService.exePerfTraceService.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

pid	process
1888	V8._85416_20150820204011.exe
1260	PerfTraceService.exe
1040	PerfTraceService.exe
1484	QQBrowser.exe
1848	QQBrowser.exe
1392	QQBrowser.exe
820	QQBrowser.exe
1620	QQBrowser.exe
1564	QQBrowser.exe
1632	QQBrowser.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

QQBrowser.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe	QQBrowser.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe\DisableExceptionChainValidation = "0"	QQBrowser.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\nsd235.tmp\nsRandom.dll	upx
behavioral1/memory/1500-60-0x00000000002F0000-0x0000000000302000-memory.dmp	upx

Loads dropped DLL 37 IoCs

Processes:

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exeV8._85416_20150820204011.exeregsvr32.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

pid	process
1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
604	regsvr32.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1484	QQBrowser.exe
1888	V8._85416_20150820204011.exe
1484	QQBrowser.exe
1888	V8._85416_20150820204011.exe
820	QQBrowser.exe
820	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1392	QQBrowser.exe
1392	QQBrowser.exe
1564	QQBrowser.exe
1564	QQBrowser.exe
1632	QQBrowser.exe
1632	QQBrowser.exe
1620	QQBrowser.exe
1632	QQBrowser.exe
1564	QQBrowser.exe
1392	QQBrowser.exe
1620	QQBrowser.exe
1848	QQBrowser.exe
1848	QQBrowser.exe
1848	QQBrowser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 6 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

QQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe

Drops file in Program Files directory 64 IoCs

Processes:

V8._85416_20150820204011.exe

description	ioc	process
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\js\global.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserLiveup.exe	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\app_active.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\service\perfctrl.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\navi.ico	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\del.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\account\down.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\js\global.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\service\qqtrack.xml	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\hse.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\installed_arrow.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\up-down.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserSecurityCenter.exe	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\css\ycalendar.css	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\picker_floor.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\plugin2.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\warn-dialog-close.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\lib\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\plugin3.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\js\api.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\css\app.css	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\app.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Infobar\image\infobar_login.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\service\7z.exe	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\history2.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\site_text.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\down.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\history.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\js\tool.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\search_btn.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\NetWork.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\manifest.json	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\dock_game.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\js\search.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Infobar\image\infobar_close_active.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\lib\jquery.min.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\css\style.css	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\theme_ie.png	V8._85416_20150820204011.exe

Drops file in Windows directory 2 IoCs

Processes:

QQBrowser.exe

description	ioc	process
File created	C:\Windows\Tasks\QQBrowser Udpater Task.job	QQBrowser.exe
File created	C:\Windows\Tasks\QQBrowser Udpater Task(Core).job	QQBrowser.exe

Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exe

pid process

1448 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1448	sc.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeQQBrowser.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter.1\CLSID\ = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\ = "QQBrowser Protocol"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.webp\Content Type = "image/webp"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\QQBrowser.Protocol	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.webp\PerceivedType = "image"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID\ = "WEBPFilter.CoWEBPFilter.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilt.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\QQBrowser.Protocol\DefaultIcon	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\ = "open"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\ = "WebpImageDecodeFilter Class"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\AppUserModelID = "Tencent.QQBrowser.Default"	QQBrowser.exe
Key created	\REGISTRY\MACHINE\Software\Classes\QQBrowser.File\DefaultIcon	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\ = "webpdecodefilter 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\ = "QQBrowser HTML Document"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\""	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ = "IWebpImageDecodeFilter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID\ = "WebpDecodeFilter.WebpImageDecodeFilt.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\""	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/webp\CLSID = "{25336920-03F9-11cf-8FD0-00AA00686F13}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\AppID = "{A629F59C-66C9-4775-901A-A017530E3958}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ = "WebpImageDecodeFilter Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/webp\Extension = ".webp"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\run\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\ = "WEBPFilter CoWEBPFilter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ = "WEBPFilter.CoWEBPFilter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID\ = "WEBPFilter.CoWEBPFilter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib\ = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\WebpDecodeFilter.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\WebpDecodeFilter.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\URL Protocol	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0"	QQBrowser.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*"	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\run	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"	regsvr32.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

V8._85416_20150820204011.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	V8._85416_20150820204011.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	V8._85416_20150820204011.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	V8._85416_20150820204011.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	V8._85416_20150820204011.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

V8._85416_20150820204011.exeQQBrowser.exeQQBrowser.exe

pid	process
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1888	V8._85416_20150820204011.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1848	QQBrowser.exe
1848	QQBrowser.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

QQBrowser.exe

description	pid	process
Token: SeSecurityPrivilege	1848	QQBrowser.exe
Token: SeSecurityPrivilege	1848	QQBrowser.exe
Token: SeSecurityPrivilege	1848	QQBrowser.exe
Token: SeSecurityPrivilege	1848	QQBrowser.exe
Token: SeSecurityPrivilege	1848	QQBrowser.exe

Suspicious use of WriteProcessMemory 47 IoCs

Processes:

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exeV8._85416_20150820204011.exe

description	pid	process	target process
PID 1500 wrote to memory of 1888	1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe	V8._85416_20150820204011.exe
PID 1500 wrote to memory of 1888	1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe	V8._85416_20150820204011.exe
PID 1500 wrote to memory of 1888	1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe	V8._85416_20150820204011.exe
PID 1500 wrote to memory of 1888	1500	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe	V8._85416_20150820204011.exe
PID 1888 wrote to memory of 1260	1888	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 1888 wrote to memory of 1260	1888	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 1888 wrote to memory of 1260	1888	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 1888 wrote to memory of 1260	1888	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 1888 wrote to memory of 604	1888	V8._85416_20150820204011.exe	regsvr32.exe
PID 1888 wrote to memory of 604	1888	V8._85416_20150820204011.exe	regsvr32.exe
PID 1888 wrote to memory of 604	1888	V8._85416_20150820204011.exe	regsvr32.exe
PID 1888 wrote to memory of 604	1888	V8._85416_20150820204011.exe	regsvr32.exe
PID 1888 wrote to memory of 604	1888	V8._85416_20150820204011.exe	regsvr32.exe
PID 1888 wrote to memory of 604	1888	V8._85416_20150820204011.exe	regsvr32.exe
PID 1888 wrote to memory of 604	1888	V8._85416_20150820204011.exe	regsvr32.exe
PID 1888 wrote to memory of 1484	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1484	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1484	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1484	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1848	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1848	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1848	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1848	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1392	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1392	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1392	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1392	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 820	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 820	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 820	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 820	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1620	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1620	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1620	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1620	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1632	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1632	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1632	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1632	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1564	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1564	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1564	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1564	1888	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1888 wrote to memory of 1448	1888	V8._85416_20150820204011.exe	sc.exe
PID 1888 wrote to memory of 1448	1888	V8._85416_20150820204011.exe	sc.exe
PID 1888 wrote to memory of 1448	1888	V8._85416_20150820204011.exe	sc.exe
PID 1888 wrote to memory of 1448	1888	V8._85416_20150820204011.exe	sc.exe

C:\Users\Admin\AppData\Local\Temp\569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
"C:\Users\Admin\AppData\Local\Temp\569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1500

C:\Users\Admin\AppData\Local\Temp\nsd235.tmp\V8._85416_20150820204011.exe
V8._85416_20150820204011.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1888

C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
"C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe" -installAndRun "QQBrowser Performance Service"
3⤵
- Executes dropped EXE
PID:1260

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:604

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=update -source=1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1484

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -install
3⤵
- Executes dropped EXE
- Sets file execution options in registry
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1848

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installscheduletask
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
PID:1392

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installcoexistreport -installmode=1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:1620

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -Module=QQBrowserFrame.dll -skinzipfactory
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:820

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -resetopenpage
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1564

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -homepageimport
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1632

C:\Windows\SysWOW64\sc.exe
"sc" config fontcache start= auto
3⤵
- Launches sc.exe
PID:1448

C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
"C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe"
1⤵
- Executes dropped EXE
PID:1040

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll
Filesize
135KB

MD5
12650137ef731c4f2967bd670287e357

SHA1
2386ffa665080bea8c36075992a9e236c0e54105

SHA256
7e9320481129c168c87200c1bcbc2d793046bd40d42cd198e3b610a0f08c48f1

SHA512
968b9430b29c6520633cdf91ec3a7773d4da637d53c565db213c0a0f76b4316948457d4567cdecee8b4e96c2e106e167fc9a3c94ceb0a14da2dd442734e89c03

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\dr.dll
Filesize
81KB

MD5
699f0052d0c959f1a5b7c3926cce11fa

SHA1
1f5084eacdd96553831899771fc433270c852196

SHA256
3e1f7276df5e11b20250186682464782a40f902bcc44b44e0956348921d027c8

SHA512
54d1adf7b8bf0325b10e50d34787cdf3d2cd219c2a19e8ab74f4283a55dd8ebb6910c71141449107494e2ded4452ebf6c973e3ec022b67a2da175691a1d0cc5c

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd235.tmp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd235.tmp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\DB\homepage.db
Filesize
3KB

MD5
d0e7295144a4af0f9ffb401ac44a740e

SHA1
a4d164ace9e1269aa81f17340347050635e04a43

SHA256
e31a32bffc11cbdb3579a1eb3f6794bbd39c5fabd15b0151a5fd4c68d878c328

SHA512
065c79a0de85cc1406879113b9e9a14e31680e1c69a27ae2e8c2719a2fff58c8bf5fb62ae54229ddac417b3abf90fd1c471cbb84330a00506e840bbbf7850358

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBExtensionFramework.dll
Filesize
540KB

MD5
88f2d2382cce7ec315ca6860ff0c4075

SHA1
07eea3f61e2fa2d47682217b505d163f7f36fc9d

SHA256
b2c6d93708c33068fe61c0b3733ec697b179d18fba79dfcbc6eacb716fc81d45

SHA512
43bc572f67181ae5fbf26828cfdb82bd1867a69a2f74fb03346bb69cfda8d8fb2b834521bf86918c663df223bd721d1cc3837ebc8e3c164fde3f5dca92d71779

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll
Filesize
135KB

MD5
12650137ef731c4f2967bd670287e357

SHA1
2386ffa665080bea8c36075992a9e236c0e54105

SHA256
7e9320481129c168c87200c1bcbc2d793046bd40d42cd198e3b610a0f08c48f1

SHA512
968b9430b29c6520633cdf91ec3a7773d4da637d53c565db213c0a0f76b4316948457d4567cdecee8b4e96c2e106e167fc9a3c94ceb0a14da2dd442734e89c03

Download Submit
\Program Files (x86)\Tencent\QQBrowser\dr.dll
Filesize
81KB

MD5
699f0052d0c959f1a5b7c3926cce11fa

SHA1
1f5084eacdd96553831899771fc433270c852196

SHA256
3e1f7276df5e11b20250186682464782a40f902bcc44b44e0956348921d027c8

SHA512
54d1adf7b8bf0325b10e50d34787cdf3d2cd219c2a19e8ab74f4283a55dd8ebb6910c71141449107494e2ded4452ebf6c973e3ec022b67a2da175691a1d0cc5c

Download Submit
\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
\Users\Admin\AppData\Local\Temp\12au6c8509\QBInstaller.dll
Filesize
622KB

MD5
ce9341acc89b84af512afa5b68c7c0b0

SHA1
c63900266799e535374166f2837667da1a85a500

SHA256
beb45eb024534ac0970e6d9455a9d0c27d9a24aa11364ec023cd6c09339aa467

SHA512
8c1e5ff28a557c4e6acf2393394ebba43123af1dafeca5e04e55b54805dacd215d23198fa4aaf6de8378ce398aaeb578170958dcd33840a8851e031a0b3756fa

Download Submit
\Users\Admin\AppData\Local\Temp\nsd235.tmp\Base64.dll
Filesize
4KB

MD5
f0e3845fefd227d7f1101850410ec849

SHA1
3067203fafd4237be0c186ddab7029dfcbdfb53e

SHA256
7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554

SHA512
584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd235.tmp\Inetc.dll
Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
\Users\Admin\AppData\Local\Temp\nsd235.tmp\NSISdl.dll
Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
\Users\Admin\AppData\Local\Temp\nsd235.tmp\System.dll
Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd235.tmp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
\Users\Admin\AppData\Local\Temp\nsd235.tmp\ZipDLL.dll
Filesize
163KB

MD5
2dc35ddcabcb2b24919b9afae4ec3091

SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939

SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

Download Submit
\Users\Admin\AppData\Local\Temp\nsd235.tmp\nsRandom.dll
Filesize
21KB

MD5
ab467b8dfaa660a0f0e5b26e28af5735

SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d

SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

Download Submit
\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
memory/604-76-0x0000000000000000-mapping.dmp

Download
memory/820-100-0x0000000000000000-mapping.dmp

Download
memory/1260-73-0x0000000000000000-mapping.dmp

Download
memory/1392-99-0x0000000000000000-mapping.dmp

Download
memory/1448-142-0x0000000000000000-mapping.dmp

Download
memory/1484-84-0x0000000000000000-mapping.dmp

Download
memory/1484-98-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1484-97-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1500-54-0x0000000076291000-0x0000000076293000-memory.dmp

Filesize
8KB

Download
memory/1500-143-0x00000000002F0000-0x0000000000302000-memory.dmp

Filesize
72KB

Download
memory/1500-62-0x0000000000540000-0x000000000056D000-memory.dmp

Filesize
180KB

Download
memory/1500-60-0x00000000002F0000-0x0000000000302000-memory.dmp

Filesize
72KB

Download
memory/1564-108-0x0000000000000000-mapping.dmp

Download
memory/1620-101-0x0000000000000000-mapping.dmp

Download
memory/1632-104-0x0000000000000000-mapping.dmp

Download
memory/1848-92-0x0000000000000000-mapping.dmp

Download
memory/1888-65-0x0000000000000000-mapping.dmp

Download