569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770

Analysis

max time kernel
51s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2022 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
Size

1.1MB
MD5

1c43dffd44c05547555743e916f36ce4
SHA1

9fe2dd0c1be8be46a171c7b0112803a4a7167bc6
SHA256

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770
SHA512

dbdd458483166596b06409a3ee83f202dc0971e28a76e2f7f534475ce81f68cd1bde53d8b008df10234b62556ba7e4f463f3cbe2b8bed26e8b679b2cf2392b1e

Score

10^/10

bootkit discovery evasion persistence suricata upx

Malware Config

Signatures

suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\nsRandom.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\nsRandom.dll	acprotect

Downloads MZ/PE file

Executes dropped EXE 22 IoCs

Processes:

V8._85416_20150820204011.exePerfTraceService.exePerfTraceService.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeSoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exeuni1795887c.exe

pid	process
2744	V8._85416_20150820204011.exe
4504	PerfTraceService.exe
4476	PerfTraceService.exe
3972	QQBrowser.exe
4044	QQBrowser.exe
1252	QQBrowser.exe
3384	QQBrowser.exe
4972	QQBrowser.exe
4828	QQBrowser.exe
216	QQBrowser.exe
3860	QQBrowser.exe
1040	QQBrowser.exe
396	QQBrowser.exe
1580	QQBrowser.exe
1736	QQBrowser.exe
2412	QQBrowser.exe
1668	QQBrowser.exe
3068	QQBrowser.exe
1180	QQBrowser.exe
4416	QQBrowser.exe
676	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
3868	uni1795887c.exe

Modifies Windows Firewall 1 TTPs 14 IoCs

evasion

Modify Existing Service

T1031

Processes:

netsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exe

pid	process
5544	netsh.exe
4784	netsh.exe
1652	netsh.exe
5380	netsh.exe
2596	netsh.exe
5440	netsh.exe
5728	netsh.exe
5808	netsh.exe
6124	netsh.exe
1408	netsh.exe
5688	netsh.exe
5208	netsh.exe
6088	netsh.exe
1436	netsh.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

QQBrowser.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe	QQBrowser.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe\DisableExceptionChainValidation = "0"	QQBrowser.exe

Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\nsRandom.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\nsRandom.dll	upx
behavioral2/memory/3868-276-0x0000000000400000-0x000000000044D000-memory.dmp	upx
behavioral2/memory/3868-302-0x0000000000400000-0x000000000044D000-memory.dmp	upx
behavioral2/memory/4484-342-0x0000000010000000-0x000000001019D000-memory.dmp	upx
behavioral2/memory/4484-359-0x0000000010000000-0x000000001019D000-memory.dmp	upx

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

QQBrowser.exeV8._85416_20150820204011.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000\Control Panel\International\Geo\Nation	QQBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000\Control Panel\International\Geo\Nation	V8._85416_20150820204011.exe

Loads dropped DLL 64 IoCs

Processes:

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exeV8._85416_20150820204011.exeregsvr32.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

pid	process
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
4420	regsvr32.exe
2744	V8._85416_20150820204011.exe
3972	QQBrowser.exe
3972	QQBrowser.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
4044	QQBrowser.exe
4044	QQBrowser.exe
4044	QQBrowser.exe
1252	QQBrowser.exe
1252	QQBrowser.exe
3384	QQBrowser.exe
3384	QQBrowser.exe
1252	QQBrowser.exe
4972	QQBrowser.exe
4972	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4972	QQBrowser.exe
216	QQBrowser.exe
216	QQBrowser.exe
4828	QQBrowser.exe
216	QQBrowser.exe
4828	QQBrowser.exe
3860	QQBrowser.exe
3860	QQBrowser.exe
1040	QQBrowser.exe
1040	QQBrowser.exe
1040	QQBrowser.exe
1040	QQBrowser.exe
396	QQBrowser.exe
396	QQBrowser.exe
1040	QQBrowser.exe
1736	QQBrowser.exe
1736	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
1580	QQBrowser.exe
1580	QQBrowser.exe
1668	QQBrowser.exe
1668	QQBrowser.exe
2412	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
2412	QQBrowser.exe
3068	QQBrowser.exe
1668	QQBrowser.exe
396	QQBrowser.exe
2744	V8._85416_20150820204011.exe
1180	QQBrowser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 13 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

QQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeuni1795887c.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	uni1795887c.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe

Drops file in Program Files directory 64 IoCs

Processes:

SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exeV8._85416_20150820204011.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_minishow_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_fullshow_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\upload\btn_openfloder_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\NetWork.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\plugin1.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manifest.json	V8._85416_20150820204011.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_2x_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_definition_arr_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\upload\btn_downloadset_disable.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_share_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_tool_copyrul_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\favicon\index.html#account.ico	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CenterConsole\btn_corner_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_TVSeries_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\window\btn_cycleplay_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CenterConsole\btn_finder_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\loading\playerstop.swf	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_pushset_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_smartset_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\dbtn_shortcut_del_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\css\app.css	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_detail_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CommonCtl\btn_frametap_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_next_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\upload\btn_nv_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_play_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_pushset_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_pushset_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\upload\btn_dwdplay_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_hideconsole_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CommonCtl\btn_history_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_play_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CommonCtl\btn_retry_h.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CenterConsole\btn_treecycle_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_tool_3d_disable.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CenterConsole\btn_treeclose_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CommonCtl\btn_common_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_down_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CommonCtl\btn_frametap_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\upload\btn_nv_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\window\btn_refresh_disable.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\nsis_skin.gt	V8._85416_20150820204011.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CommonCtl\btn_addtap_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_showtree_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\window\btn_unstick_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\dlna_btn_ok_disabel.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_pause_disable.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CenterConsole\btn_searchclose_disable.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\upload\btn_upload_video_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\dbtn_shortcut_del_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\upload\btn_play_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CenterConsole\btn_searchclosepressed..png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_tool_3d_pressed.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\Bubble_up.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_episode_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File opened for modification	C:\Program Files (x86)\搜狐影音\Skin\Default\player\Frames\btn_retFrameVib_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\CenterConsole\btn_treecycle_normal.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
File created	C:\Program Files (x86)\搜狐影音\Skin\Default\player\window\btn_cycleplay_hover.png	SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe

Drops file in Windows directory 2 IoCs

Processes:

QQBrowser.exe

description	ioc	process
File created	C:\Windows\Tasks\QQBrowser Udpater Task.job	QQBrowser.exe
File created	C:\Windows\Tasks\QQBrowser Udpater Task(Core).job	QQBrowser.exe

Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exe

pid process

4560 sc.exe
1660 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
4560	sc.exe
1660	sc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

QQBrowser.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	QQBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	QQBrowser.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

QQBrowser.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	QQBrowser.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeQQBrowser.exeuni1795887c.exeV8._85416_20150820204011.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\WebpDecodeFilter.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CurVer\ = "WEBPFilter CoWEBPFilter.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ = "IWebpImageDecodeFilter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*"	QQBrowser.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\ = "open"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\URL Protocol	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}	uni1795887c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\AppID = "{A629F59C-66C9-4775-901A-A017530E3958}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\run	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilt.1\CLSID\ = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\run\command	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\run\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ = "WEBPFilter.CoWEBPFilter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/webp	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\""	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\ = "QQBrowser HTML Document"	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CurVer\ = "WebpDecodeFilter.WebpImageDecodeFilt.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0\win32\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\WebpDecodeFilter.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell	QQBrowser.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\open\command	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/webp\Extension = ".webp"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\AppUserModelID = "Tencent.QQBrowser.Default"	QQBrowser.exe
Key created	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000_Classes\Local Settings	V8._85416_20150820204011.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilt.1\ = "WebpImageDecodeFilter Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Tencent.QQBrowser.Default\.exe	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/webp\Image Filter CLSID = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\QQBrowser.File	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\open	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}\ProcID = "{C04F1217-2304-564B-0000-000000000000}"	uni1795887c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\WebpDecodeFilter.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.webp\PerceivedType = "image"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\QQBrowser.Protocol\DefaultIcon	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilt.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\ = "webpdecodefilter 1.0 Type Library"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

V8._85416_20150820204011.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

pid	process
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
4828	QQBrowser.exe
2744	V8._85416_20150820204011.exe
2744	V8._85416_20150820204011.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
3068	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe
2412	QQBrowser.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

QQBrowser.exe

description	pid	process
Token: SeSecurityPrivilege	4044	QQBrowser.exe
Token: SeSecurityPrivilege	4044	QQBrowser.exe
Token: SeSecurityPrivilege	4044	QQBrowser.exe
Token: SeSecurityPrivilege	4044	QQBrowser.exe
Token: SeSecurityPrivilege	4044	QQBrowser.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

QQBrowser.exe

pid process

1040 QQBrowser.exe
1040 QQBrowser.exe
1040 QQBrowser.exe
1040 QQBrowser.exe
1040 QQBrowser.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

QQBrowser.exeQQBrowser.exe

pid process

396 QQBrowser.exe
396 QQBrowser.exe
1180 QQBrowser.exe

pid	process
1040	QQBrowser.exe
1040	QQBrowser.exe
1040	QQBrowser.exe
1040	QQBrowser.exe
1040	QQBrowser.exe

pid	process
396	QQBrowser.exe
396	QQBrowser.exe
1180	QQBrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exeV8._85416_20150820204011.exeQQBrowser.exeQQBrowser.exe

description	pid	process	target process
PID 540 wrote to memory of 2744	540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe	V8._85416_20150820204011.exe
PID 540 wrote to memory of 2744	540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe	V8._85416_20150820204011.exe
PID 540 wrote to memory of 2744	540	569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe	V8._85416_20150820204011.exe
PID 2744 wrote to memory of 4504	2744	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 2744 wrote to memory of 4504	2744	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 2744 wrote to memory of 4504	2744	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 2744 wrote to memory of 4420	2744	V8._85416_20150820204011.exe	regsvr32.exe
PID 2744 wrote to memory of 4420	2744	V8._85416_20150820204011.exe	regsvr32.exe
PID 2744 wrote to memory of 4420	2744	V8._85416_20150820204011.exe	regsvr32.exe
PID 2744 wrote to memory of 3972	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3972	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3972	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4044	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4044	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4044	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1252	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1252	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1252	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3384	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3384	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3384	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4972	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4972	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4972	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4828	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4828	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4828	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 216	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 216	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 216	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 4044 wrote to memory of 1620	4044	QQBrowser.exe	regsvr32.exe
PID 4044 wrote to memory of 1620	4044	QQBrowser.exe	regsvr32.exe
PID 4044 wrote to memory of 1620	4044	QQBrowser.exe	regsvr32.exe
PID 4044 wrote to memory of 3808	4044	QQBrowser.exe	regsvr32.exe
PID 4044 wrote to memory of 3808	4044	QQBrowser.exe	regsvr32.exe
PID 4044 wrote to memory of 3808	4044	QQBrowser.exe	regsvr32.exe
PID 2744 wrote to memory of 3860	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3860	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3860	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1040	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1040	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1040	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 1040 wrote to memory of 396	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 396	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 396	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1580	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1580	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1580	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 2412	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 2412	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 2412	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1736	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1736	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1736	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1668	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1668	1040	QQBrowser.exe	QQBrowser.exe
PID 1040 wrote to memory of 1668	1040	QQBrowser.exe	QQBrowser.exe
PID 2744 wrote to memory of 3068	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3068	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 3068	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1180	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1180	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 1180	2744	V8._85416_20150820204011.exe	QQBrowser.exe
PID 2744 wrote to memory of 4416	2744	V8._85416_20150820204011.exe	QQBrowser.exe

C:\Users\Admin\AppData\Local\Temp\569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe
"C:\Users\Admin\AppData\Local\Temp\569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:540

C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\V8._85416_20150820204011.exe
V8._85416_20150820204011.exe
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2744

C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
"C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe" -installAndRun "QQBrowser Performance Service"
3⤵
- Executes dropped EXE
PID:4504

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:4420

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=update -source=1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:3972

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -install
3⤵
- Executes dropped EXE
- Sets file execution options in registry
- Checks computer location settings
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4044

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /u MetroLauncher32.dll
4⤵
PID:1620

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /u MetroLauncher64.dll
4⤵
PID:3808

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installscheduletask
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
PID:1252

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installcoexistreport -installmode=1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:4828

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -resetopenpage
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:4972

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=QQBrowserFrame.dll -updatejumplist
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3860

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -homepageimport
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:216

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -Module=QQBrowserFrame.dll -skinzipfactory
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3384

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -sc=quicklaunchpinedshortcut -fixlaunch=0
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1040

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=extension -scope=1040 /prefetch:5
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:396

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" "-host=tab" -scope=1040 -Cred=932 -group=0 -tid=1 -core=5 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1736

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=net /prefetch:4
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1668

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host= -Cred=2048 -scope=1040 -sc=quicklaunchpinedshortcut /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2412

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" "-host=tab" -scope=1040 -Cred=932 -group=0 -core=5 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1580

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installtxservice
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:3068

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -setdefaultbrowser
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installreport -name=QQBrowser_Setup_Hk_85416_3638.exe -parent=569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770.exe -occupy= -occupyparent= -method=3 -result=0 -type=1 -changedir=0 -fstartup=1 -deskicon=1 -default=1 -directopen=4468 -userplan=1 -r1= -r2=
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4416

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe"
2⤵
PID:3636

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe"
2⤵
PID:2140

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe"
2⤵
PID:228

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe"
2⤵
PID:392

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe"
2⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:676

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /PreventPinning "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音\卸载搜狐影音.lnk"
3⤵
PID:4516

C:\Program Files (x86)\搜狐影音\SHPlayer.exe
"C:\Program Files (x86)\搜狐影音\SHPlayer.exe"
3⤵
PID:1584

C:\Program Files (x86)\搜狐影音\SohuVA.exe
"C:\Program Files (x86)\搜狐影音\SohuVA.exe"
4⤵
PID:3408

C:\Program Files (x86)\搜狐影音\SHlive.exe
"C:\Program Files (x86)\搜狐影音\SHlive.exe"
4⤵
PID:1316

C:\Program Files (x86)\搜狐影音\SHUpdate.exe
"C:\Program Files (x86)\搜狐影音\SHUpdate.exe" /RegBHO
4⤵
PID:624

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" C:\Program Files (x86)\搜狐影音\SohuDetector.dll /s
5⤵
PID:1384

C:\Program Files (x86)\搜狐影音\SHRes.exe
"C:\Program Files (x86)\搜狐影音\SHRes.exe" /regserver
4⤵
PID:3096

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /ModifyTaskbar "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\搜狐影音.lnk"
3⤵
PID:4684

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /ModifyMainShortcut
3⤵
PID:1668

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /TIFOX
3⤵
PID:748

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /ChangeSohuVARunToSHplayerRun
3⤵
PID:1644

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /F
3⤵
PID:3892

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /EnableAutoRun
3⤵
PID:2728

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /ReleaseSWF
3⤵
PID:2212

C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe
"C:\Program Files (x86)\搜狐影音\FileAssociationsTool.exe" /InstallSuccess 0
3⤵
PID:1444

C:\Program Files (x86)\搜狐影音\SHRes.exe
"C:\Program Files (x86)\搜狐影音\SHRes.exe" /RegServer
3⤵
PID:2016

C:\Program Files (x86)\搜狐影音\SHGameRes.exe
"C:\Program Files (x86)\搜狐影音\SHGameRes.exe" /RegServer
3⤵
PID:3096

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\搜狐影音\SoHuAutoDetector.dll"
3⤵
PID:392

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\搜狐影音\SHUploadFile.dll"
3⤵
PID:1728

C:\Program Files (x86)\搜狐影音\SHPlayer.exe
"C:\Program Files (x86)\搜狐影音\SHPlayer.exe" /auto
3⤵
PID:5384

C:\Program Files (x86)\搜狐影音\SohuVA.exe
"C:\Program Files (x86)\搜狐影音\SohuVA.exe"
3⤵
PID:5476

C:\Program Files (x86)\搜狐影音\SHPlayer.exe
"C:\Program Files (x86)\搜狐影音\SHPlayer.exe" /InstallStart
3⤵
PID:4340

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\搜狐影音\SohuDetector.dll"
3⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\uni1795887c.exe
uni1795887c.exe
2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
PID:3868

C:\Users\Admin\AppData\Local\Temp\RavDown\Rising.dat
"C:\Users\Admin\AppData\Local\Temp\RavDown\Rising.dat" -eo="C:\Users\Admin\AppData\Local\Temp\RAVTmp" /silence
3⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\RAVTmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\RAVTmp\setup.exe" /S/RSDOWN
3⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\RAVTmp\rslang\langsel.exe
"C:\Users\Admin\AppData\Local\Temp\RAVTmp\rslang\langsel.exe" /install /936 /950 /1252 /SILENCE
4⤵
PID:6744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://121.40.3.130/NTY5ODE2NjA0YjM5M2Y4YmVkODNiZDFiY2I3MTdmOWExNmM2YjU3NmI0YTI1M2IwMTQwOTc1MTQ0NGM1Nzc3MC5leGU=/40.html
2⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffaf40e46f8,0x7ffaf40e4708,0x7ffaf40e4718
3⤵
PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
3⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
3⤵
PID:2292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
3⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
3⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
3⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 /prefetch:8
3⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
3⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
3⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5428 /prefetch:8
3⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1044 /prefetch:1
3⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 /prefetch:8
3⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6ec8b5460,0x7ff6ec8b5470,0x7ff6ec8b5480
4⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 /prefetch:8
3⤵
PID:6876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2776190223151106304,11999172674618967004,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
3⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\kinst_1_530.exe
kinst_1_530.exe /S
2⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\KDbCIHelper.exe
"C:\Users\Admin\AppData\Local\Temp\KDbCIHelper.exe" -release
3⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\XMPSetupLite-SIjhaqws56.exe
XMPSetupLite-SIjhaqws56.exe
2⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe" /installdir "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894" /userdata "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894" /version "5.2.18.5894" /cmdfile "C:\Users\Admin\AppData\Local\Temp\XMPDC75.tmp"
3⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe" /installdir "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894" /userdata "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894" /version "5.2.18.5894" /cmdfile "C:\Users\Admin\AppData\Local\Temp\XMPED9D.tmp"
3⤵
PID:4444

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ShlExt_x64.dll" /s
4⤵
PID:5516

C:\Windows\system32\regsvr32.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ShlExt_x64.dll" /s
5⤵
PID:5612

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\VideoUrlSniffer.dll" /s
4⤵
PID:6964

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\UserAgent.dll" /s
4⤵
PID:6452

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\xlnpDapCtrl.dll" /s
4⤵
PID:6480

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\DapCtrl.dll" /s
4⤵
PID:5892

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\DapCtrl64.dll" /s
4⤵
PID:2212

C:\Windows\system32\regsvr32.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\DapCtrl64.dll" /s
5⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe" /installdir "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894" /userdata "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894" /version "5.2.18.5894" /cmdfile "C:\Users\Admin\AppData\Local\Temp\XMPED9E.tmp"
3⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpPusherSetup.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpPusherSetup.exe" /S /write /xmpsupport "XmpSetupLite"
4⤵
PID:6032

C:\PROGRA~2\THUNDE~1\XMP\V5218~1.589\Bin\ThunderFW.exe
"C:\PROGRA~2\THUNDE~1\XMP\V5218~1.589\Bin\ThunderFW.exe" "XmpTipWnd" "C:\Users\Public\Thunder Network\Pusher\Pusher\XmpTipWnd.1.0.0.99.exe"
5⤵
PID:6836

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Public\Thunder Network\Pusher\Pusher\xappex.1.1.1.99.dll"
5⤵
PID:6904

C:\Windows\system32\regsvr32.exe
/s "C:\Users\Public\Thunder Network\Pusher\Pusher\xappex.1.1.1.99.dll"
6⤵
PID:7012

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="DownloadSDKServer" dir=in action=allow program="C:\Users\Public\Thunder Network\Pusher\Pusher\TP\DownloadSDKServer.exe" enable=yes
5⤵
- Modifies Windows Firewall
PID:5208

C:\PROGRA~2\THUNDE~1\XMP\V5218~1.589\Bin\ThunderFW.exe
"C:\PROGRA~2\THUNDE~1\XMP\V5218~1.589\Bin\ThunderFW.exe" "DownloadSDKServer" "C:\Users\Public\Thunder Network\Pusher\Pusher\TP\DownloadSDKServer.exe"
5⤵
PID:6200

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "迅雷影音" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\XMP.exe"
3⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe" /installdir "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894" /userdata "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894" /version "5.2.18.5894" /cmdfile "C:\Users\Admin\AppData\Local\Temp\XMP5513.tmp"
3⤵
PID:2988

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "XLLiveUD" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\XLLiveUD.exe"
3⤵
PID:5176

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "XLBugReport" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\XLBugReport.exe"
3⤵
PID:5332

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "迅雷下载服务" "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\TP\DownloadSDKServer.exe"
3⤵
PID:5436

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "APlayer" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\APlayer.exe"
3⤵
PID:5496

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "XLLiveUD" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\XLLiveUD.exe"
3⤵
PID:5524

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "aapt" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\aapt.exe"
3⤵
PID:5556

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "adb" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\adb.exe"
3⤵
PID:5584

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "DPInstX64" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\DPInstX64.exe"
3⤵
PID:5632

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "InstallDriver" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\InstallDriver.exe"
3⤵
PID:5724

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "PreInstall" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\PreInstall.exe"
3⤵
PID:5796

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "DPInst" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\DPInst.exe"
3⤵
PID:5916

C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe
"C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\ThunderFW.exe" "XLLiveUD" "C:\Users\Admin\AppData\Local\Temp\xlliveud\xmp_5.2.18.5894\XLLiveUD.exe"
3⤵
PID:6008

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="迅雷影音" dir=in action=allow program="C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\XMP.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:6088

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="XLLiveUD" dir=in action=allow program="C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\XLLiveUD.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:6124

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="APlayer" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\APlayer.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:1436

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="迅雷下载服务" dir=in action=allow program="C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\TP\DownloadSDKServer.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:1408

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="XLBugReport" dir=in action=allow program="C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894\Bin\XLBugReport.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:1652

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="XLLiveUD" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\XLLiveUD.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:2596

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="aapt" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\aapt.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:5380

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="DPInstX64" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\DPInstX64.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:5544

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="InstallDriver" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\InstallDriver.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:5440

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="adb" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\adb.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:4784

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="DPInst" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\DPInst.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:5728

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="PreInstall" dir=in action=allow program="C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\PreInstall.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:5808

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="XLLiveUD" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\xlliveud\xmp_5.2.18.5894\XLLiveUD.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:5688

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe" /installdir "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894" /userdata "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894" /version "5.2.18.5894" /cmdfile "C:\Users\Admin\AppData\Local\Temp\XMP7A5F.tmp"
3⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\XMPSvc\XMPServiceHelper.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSvc\XMPServiceHelper.exe" /install
3⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe" /installdir "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894" /userdata "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894" /version "5.2.18.5894" /cmdfile "C:\Users\Admin\AppData\Local\Temp\XMP808A.tmp"
3⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe
"C:\Users\Admin\AppData\Local\Temp\XMPSetupLite-SIjhaqws56\5.2.18.5894\XmpSetupAgent.exe" /installdir "C:\Program Files (x86)\Thunder Network\XMP\V5.2.18.5894" /userdata "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894" /version "5.2.18.5894" /cmdfile "C:\Users\Admin\AppData\Local\Temp\XMP81C4.tmp"
3⤵
PID:6596

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" "C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\XMediaLibrary64.dll" /s
4⤵
PID:7124

C:\Windows\system32\regsvr32.exe
"C:\Users\Public\Thunder Network\XMP5\V5.2.18.5894\Program\XMediaLibrary64.dll" /s
5⤵
PID:628

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]"
2⤵
PID:5876

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]"
2⤵
PID:6428

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]"
2⤵
PID:3620

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]"
2⤵
PID:6012

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]"
2⤵
PID:476

C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\[email protected]
[email protected]
2⤵
PID:4496

C:\Windows\SysWOW64\sc.exe
sc stop QiyiService
3⤵
- Launches sc.exe
PID:4560

C:\Windows\SysWOW64\sc.exe
sc delete QiyiService
3⤵
- Launches sc.exe
PID:1660

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\yx_lyb.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\yx_lyb.exe"
2⤵
PID:4184

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\yx_lyb.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\yx_lyb.exe"
2⤵
PID:6476

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\yx_lyb.exe" + "C:\Windows\Fonts\arial.ttf" "C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\yx_lyb.exe"
2⤵
PID:6356

C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
"C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe"
1⤵
- Executes dropped EXE
PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Program Files (x86)\搜狐影音\SHRes.exe
"C:\Program Files (x86)\搜狐影音\SHRes.exe" -Embedding
1⤵
PID:3424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
1⤵
PID:6636

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k XMPService -s XMPService
1⤵
PID:7028

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Impair Defenses

T1562

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBExtensionFramework.dll
Filesize
540KB

MD5
88f2d2382cce7ec315ca6860ff0c4075

SHA1
07eea3f61e2fa2d47682217b505d163f7f36fc9d

SHA256
b2c6d93708c33068fe61c0b3733ec697b179d18fba79dfcbc6eacb716fc81d45

SHA512
43bc572f67181ae5fbf26828cfdb82bd1867a69a2f74fb03346bb69cfda8d8fb2b834521bf86918c663df223bd721d1cc3837ebc8e3c164fde3f5dca92d71779

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Skin\LightStripes.gt
Filesize
92KB

MD5
3392ddb4180f8142e92da3d58fea803f

SHA1
84735708fa47056106c149407ea12abe27f6a138

SHA256
fe7583042a86428eacb57cc27ad6134610308166995811e0d44de06b7d216b72

SHA512
7212ad691a1b390d81539a28ad87ea3363e0b73b28a74412eab37392a3e0b487d103f557b4768caecc98a35a3281843f92a523b77b92acd01b3ffd6406ad6f3a

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll
Filesize
135KB

MD5
12650137ef731c4f2967bd670287e357

SHA1
2386ffa665080bea8c36075992a9e236c0e54105

SHA256
7e9320481129c168c87200c1bcbc2d793046bd40d42cd198e3b610a0f08c48f1

SHA512
968b9430b29c6520633cdf91ec3a7773d4da637d53c565db213c0a0f76b4316948457d4567cdecee8b4e96c2e106e167fc9a3c94ceb0a14da2dd442734e89c03

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll
Filesize
135KB

MD5
12650137ef731c4f2967bd670287e357

SHA1
2386ffa665080bea8c36075992a9e236c0e54105

SHA256
7e9320481129c168c87200c1bcbc2d793046bd40d42cd198e3b610a0f08c48f1

SHA512
968b9430b29c6520633cdf91ec3a7773d4da637d53c565db213c0a0f76b4316948457d4567cdecee8b4e96c2e106e167fc9a3c94ceb0a14da2dd442734e89c03

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\dr.dll
Filesize
81KB

MD5
699f0052d0c959f1a5b7c3926cce11fa

SHA1
1f5084eacdd96553831899771fc433270c852196

SHA256
3e1f7276df5e11b20250186682464782a40f902bcc44b44e0956348921d027c8

SHA512
54d1adf7b8bf0325b10e50d34787cdf3d2cd219c2a19e8ab74f4283a55dd8ebb6910c71141449107494e2ded4452ebf6c973e3ec022b67a2da175691a1d0cc5c

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\dr.dll
Filesize
81KB

MD5
699f0052d0c959f1a5b7c3926cce11fa

SHA1
1f5084eacdd96553831899771fc433270c852196

SHA256
3e1f7276df5e11b20250186682464782a40f902bcc44b44e0956348921d027c8

SHA512
54d1adf7b8bf0325b10e50d34787cdf3d2cd219c2a19e8ab74f4283a55dd8ebb6910c71141449107494e2ded4452ebf6c973e3ec022b67a2da175691a1d0cc5c

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\12aue573c3e\QBInstaller.dll
Filesize
622KB

MD5
ce9341acc89b84af512afa5b68c7c0b0

SHA1
c63900266799e535374166f2837667da1a85a500

SHA256
beb45eb024534ac0970e6d9455a9d0c27d9a24aa11364ec023cd6c09339aa467

SHA512
8c1e5ff28a557c4e6acf2393394ebba43123af1dafeca5e04e55b54805dacd215d23198fa4aaf6de8378ce398aaeb578170958dcd33840a8851e031a0b3756fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\Base64.dll
Filesize
4KB

MD5
f0e3845fefd227d7f1101850410ec849

SHA1
3067203fafd4237be0c186ddab7029dfcbdfb53e

SHA256
7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554

SHA512
584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\Base64.dll
Filesize
4KB

MD5
f0e3845fefd227d7f1101850410ec849

SHA1
3067203fafd4237be0c186ddab7029dfcbdfb53e

SHA256
7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554

SHA512
584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\Inetc.dll
Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\Inetc.dll
Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\NSISdl.dll
Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\NSISdl.dll
Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\System.dll
Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\ZipDLL.dll
Filesize
163KB

MD5
2dc35ddcabcb2b24919b9afae4ec3091

SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939

SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\ZipDLL.dll
Filesize
163KB

MD5
2dc35ddcabcb2b24919b9afae4ec3091

SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939

SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\nsRandom.dll
Filesize
21KB

MD5
ab467b8dfaa660a0f0e5b26e28af5735

SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d

SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyDDD4.tmp\nsRandom.dll
Filesize
21KB

MD5
ab467b8dfaa660a0f0e5b26e28af5735

SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d

SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\DB\homepage.db
Filesize
3KB

MD5
d0e7295144a4af0f9ffb401ac44a740e

SHA1
a4d164ace9e1269aa81f17340347050635e04a43

SHA256
e31a32bffc11cbdb3579a1eb3f6794bbd39c5fabd15b0151a5fd4c68d878c328

SHA512
065c79a0de85cc1406879113b9e9a14e31680e1c69a27ae2e8c2719a2fff58c8bf5fb62ae54229ddac417b3abf90fd1c471cbb84330a00506e840bbbf7850358

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
memory/216-300-0x0000000000000000-mapping.dmp

Download
memory/216-204-0x0000000000000000-mapping.dmp

Download
memory/228-266-0x0000000000000000-mapping.dmp

Download
memory/392-337-0x0000000000000000-mapping.dmp

Download
memory/392-267-0x0000000000000000-mapping.dmp

Download
memory/396-239-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/396-233-0x0000000000000000-mapping.dmp

Download
memory/396-241-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/396-238-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/540-142-0x0000000002290000-0x00000000022A2000-memory.dmp

Filesize
72KB

Download
memory/540-235-0x0000000002290000-0x00000000022A2000-memory.dmp

Filesize
72KB

Download
memory/540-275-0x0000000003F51000-0x0000000003F54000-memory.dmp

Filesize
12KB

Download
memory/540-133-0x0000000002291000-0x0000000002294000-memory.dmp

Filesize
12KB

Download
memory/540-293-0x00000000024A1000-0x00000000024A4000-memory.dmp

Filesize
12KB

Download
memory/540-140-0x0000000002291000-0x0000000002294000-memory.dmp

Filesize
12KB

Download
memory/540-141-0x0000000002290000-0x00000000022A2000-memory.dmp

Filesize
72KB

Download
memory/540-236-0x0000000002290000-0x00000000022A2000-memory.dmp

Filesize
72KB

Download
memory/540-304-0x0000000000761000-0x0000000000764000-memory.dmp

Filesize
12KB

Download
memory/624-325-0x0000000000000000-mapping.dmp

Download
memory/676-269-0x0000000000000000-mapping.dmp

Download
memory/748-328-0x0000000000000000-mapping.dmp

Download
memory/840-311-0x0000000000000000-mapping.dmp

Download
memory/964-277-0x0000000000000000-mapping.dmp

Download
memory/1040-232-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1040-234-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1040-225-0x0000000000000000-mapping.dmp

Download
memory/1040-229-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

Filesize
64KB

Download
memory/1040-231-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1040-230-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1180-255-0x0000000000000000-mapping.dmp

Download
memory/1184-268-0x0000000000000000-mapping.dmp

Download
memory/1252-177-0x0000000000000000-mapping.dmp

Download
memory/1316-308-0x0000000000000000-mapping.dmp

Download
memory/1444-332-0x0000000000000000-mapping.dmp

Download
memory/1580-240-0x0000000000000000-mapping.dmp

Download
memory/1584-510-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-427-0x000000006C410000-0x000000006CFCE000-memory.dmp

Filesize
11.7MB

Download
memory/1584-592-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-588-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-518-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-586-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-584-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-582-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-516-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-577-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-514-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-487-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-573-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-512-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-571-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-524-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-508-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-569-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-506-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-567-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-503-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-565-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-563-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-561-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-554-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-558-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-301-0x0000000000000000-mapping.dmp

Download
memory/1584-556-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-500-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-551-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-305-0x0000000036580000-0x0000000036590000-memory.dmp

Filesize
64KB

Download
memory/1584-498-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-495-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-493-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-491-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-489-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-549-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-485-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-483-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-481-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-547-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-479-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-545-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-464-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-448-0x000000006C410000-0x000000006CFCE000-memory.dmp

Filesize
11.7MB

Download
memory/1584-543-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-432-0x000000006C410000-0x000000006CFCE000-memory.dmp

Filesize
11.7MB

Download
memory/1584-520-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-527-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-530-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-534-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-536-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-541-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-579-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1584-539-0x000000006E120000-0x000000006E275000-memory.dmp

Filesize
1.3MB

Download
memory/1620-217-0x0000000000000000-mapping.dmp

Download
memory/1644-330-0x0000000000000000-mapping.dmp

Download
memory/1668-244-0x0000000000000000-mapping.dmp

Download
memory/1668-321-0x0000000000000000-mapping.dmp

Download
memory/1728-341-0x0000000000000000-mapping.dmp

Download
memory/1736-243-0x0000000000000000-mapping.dmp

Download
memory/1824-274-0x0000000000000000-mapping.dmp

Download
memory/2016-333-0x0000000000000000-mapping.dmp

Download
memory/2140-265-0x0000000000000000-mapping.dmp

Download
memory/2212-331-0x0000000000000000-mapping.dmp

Download
memory/2292-280-0x0000000000000000-mapping.dmp

Download
memory/2384-286-0x0000000000000000-mapping.dmp

Download
memory/2412-242-0x0000000000000000-mapping.dmp

Download
memory/2728-317-0x0000000000000000-mapping.dmp

Download
memory/2744-147-0x0000000000000000-mapping.dmp

Download
memory/2784-282-0x0000000000000000-mapping.dmp

Download
memory/3068-248-0x0000000000000000-mapping.dmp

Download
memory/3096-334-0x0000000000000000-mapping.dmp

Download
memory/3096-327-0x0000000036580000-0x0000000036590000-memory.dmp

Filesize
64KB

Download
memory/3096-324-0x0000000000000000-mapping.dmp

Download
memory/3144-292-0x0000000000000000-mapping.dmp

Download
memory/3176-312-0x0000000005040000-0x0000000005100000-memory.dmp

Filesize
768KB

Download
memory/3176-318-0x0000000005460000-0x000000000554D000-memory.dmp

Filesize
948KB

Download
memory/3176-310-0x0000000019170000-0x000000001925F000-memory.dmp

Filesize
956KB

Download
memory/3176-315-0x0000000005110000-0x0000000005386000-memory.dmp

Filesize
2.5MB

Download
memory/3176-303-0x0000000000000000-mapping.dmp

Download
memory/3176-322-0x0000000005C20000-0x0000000005D4C000-memory.dmp

Filesize
1.2MB

Download
memory/3176-343-0x0000000003E70000-0x0000000003ED1000-memory.dmp

Filesize
388KB

Download
memory/3176-307-0x0000000004FF0000-0x000000000502F000-memory.dmp

Filesize
252KB

Download
memory/3176-347-0x0000000006300000-0x0000000006361000-memory.dmp

Filesize
388KB

Download
memory/3176-352-0x0000000019170000-0x000000001925F000-memory.dmp

Filesize
956KB

Download
memory/3176-320-0x0000000036B10000-0x0000000036B20000-memory.dmp

Filesize
64KB

Download
memory/3176-340-0x0000000007950000-0x0000000007B05000-memory.dmp

Filesize
1.7MB

Download
memory/3176-338-0x0000000007340000-0x00000000074F5000-memory.dmp

Filesize
1.7MB

Download
memory/3384-181-0x0000000000000000-mapping.dmp

Download
memory/3408-306-0x0000000000000000-mapping.dmp

Download
memory/3540-279-0x0000000000000000-mapping.dmp

Download
memory/3636-264-0x0000000000000000-mapping.dmp

Download
memory/3808-218-0x0000000000000000-mapping.dmp

Download
memory/3860-219-0x0000000000000000-mapping.dmp

Download
memory/3868-302-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/3868-276-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/3868-273-0x0000000000000000-mapping.dmp

Download
memory/3892-326-0x0000000000000000-mapping.dmp

Download
memory/3972-169-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/3972-171-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/3972-160-0x0000000000000000-mapping.dmp

Download
memory/4044-170-0x0000000000000000-mapping.dmp

Download
memory/4292-329-0x0000000000000000-mapping.dmp

Download
memory/4416-256-0x0000000000000000-mapping.dmp

Download
memory/4420-156-0x0000000000000000-mapping.dmp

Download
memory/4444-339-0x0000000000000000-mapping.dmp

Download
memory/4484-342-0x0000000010000000-0x000000001019D000-memory.dmp

Filesize
1.6MB

Download
memory/4484-359-0x0000000010000000-0x000000001019D000-memory.dmp

Filesize
1.6MB

Download
memory/4484-289-0x0000000000000000-mapping.dmp

Download
memory/4504-153-0x0000000000000000-mapping.dmp

Download
memory/4516-294-0x0000000000000000-mapping.dmp

Download
memory/4636-298-0x0000000000000000-mapping.dmp

Download
memory/4684-314-0x0000000000000000-mapping.dmp

Download
memory/4688-346-0x0000000000000000-mapping.dmp

Download
memory/4828-193-0x0000000000000000-mapping.dmp

Download
memory/4852-284-0x0000000000000000-mapping.dmp

Download
memory/4972-186-0x0000000000000000-mapping.dmp

Download
memory/4980-296-0x0000000000000000-mapping.dmp

Download
memory/6452-378-0x0000000019170000-0x000000001925F000-memory.dmp

Filesize
956KB

Download