5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526

Analysis

max time kernel
67s
max time network
141s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
25-07-2022 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
Size

2.8MB
MD5

5258c6b0da9f2e14626882430b0e93fb
SHA1

13e5a003ae1bad501cfe747e142aa09c2069126f
SHA256

5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526
SHA512

a2257069b036a5ef9b084f9a58d565a5b4e577fe170a5fdf98f7fbfe158af86b4ecad3569c8b7b423fd646e7dfcaf9ef77dba44ad987653bec12913abf03661f

Score

8^/10

bootkit discovery evasion persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 15 IoCs

Processes:

V8._85416_20150820204011.exePerfTraceService.exePerfTraceService.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeBaiduPlayer5SetupSilent_359.exe

pid	process
428	V8._85416_20150820204011.exe
1700	PerfTraceService.exe
1776	PerfTraceService.exe
1548	QQBrowser.exe
296	QQBrowser.exe
1620	QQBrowser.exe
1616	QQBrowser.exe
2028	QQBrowser.exe
1592	QQBrowser.exe
1140	QQBrowser.exe
1624	QQBrowser.exe
1780	QQBrowser.exe
916	QQBrowser.exe
1496	QQBrowser.exe
1640	BaiduPlayer5SetupSilent_359.exe

Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exe

pid process

940 netsh.exe
1680 netsh.exe

pid	process
940	netsh.exe
1680	netsh.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

QQBrowser.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe	QQBrowser.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe\DisableExceptionChainValidation = "0"	QQBrowser.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1680-196-0x0000000000400000-0x000000000044D000-memory.dmp	upx

Loads dropped DLL 64 IoCs

Processes:

5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exeV8._85416_20150820204011.exeregsvr32.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

pid	process
896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
768	regsvr32.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
1548	QQBrowser.exe
1548	QQBrowser.exe
428	V8._85416_20150820204011.exe
296	QQBrowser.exe
296	QQBrowser.exe
1620	QQBrowser.exe
1620	QQBrowser.exe
1616	QQBrowser.exe
1616	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
1592	QQBrowser.exe
1592	QQBrowser.exe
1616	QQBrowser.exe
1592	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
1140	QQBrowser.exe
1140	QQBrowser.exe
1140	QQBrowser.exe
1624	QQBrowser.exe
1624	QQBrowser.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 9 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

QQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe
File opened for modification	\??\PhysicalDrive0	QQBrowser.exe

Drops file in Program Files directory 64 IoCs

Processes:

V8._85416_20150820204011.exe

description	ioc	process
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Downloader.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\app.ico	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\history.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\addressbar_white.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\searchlogo_24_google.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\lib\ycalendar.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\atbk2.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Resource.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\uninstallBtn.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\private.html	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\close.png	V8._85416_20150820204011.exe
File opened for modification	C:\Program Files (x86)\Tencent\QQ\ExtraInfo.ini	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Infobar\css\base.css	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\skin\DarkStripes.gt	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\del2.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\app.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Dialogs.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\EventTracing.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Infobar\image\infobar_fav.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\index.html	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\css\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\shadow-bottom.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\app.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\plugin3.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\css\ycalendar.css	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\error.html	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\lib\jquery.min.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_white.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\searchlogo_24_bing.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\searchlogo_24_sogou.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\account.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_unlocked.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserSecurityCenter.exe	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\default-icon.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\index.html	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\favicon\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\checkbox.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active_ie.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\site_text.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\pixel.gif	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\images\searchlogo_24_soso.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\del.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\js\	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\quickaccess\js\search.js	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_blank.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin_active.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\QBExtensionFramework.dll	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\certerror.html	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_close_btn.png	V8._85416_20150820204011.exe
File created	C:\Program Files (x86)\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil.png	V8._85416_20150820204011.exe

Drops file in Windows directory 2 IoCs

Processes:

QQBrowser.exe

description	ioc	process
File created	C:\Windows\Tasks\QQBrowser Udpater Task.job	QQBrowser.exe
File created	C:\Windows\Tasks\QQBrowser Udpater Task(Core).job	QQBrowser.exe

Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exe

pid process

1120 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1120	sc.exe

Modifies registry class 64 IoCs

Processes:

PlayerApp.exeQQBrowser.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rpm	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pss\OpenWithProgids	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.tp\DefaultIcon	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.wmp\DefaultIcon	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.asf\BDPlayer.bak = "VLC.asf"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.m2t\shell\open\command	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.pva\shell\open\command	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rt\DefaultIcon\ = "C:\\Program Files (x86)\\baidu\\BDPlayer\\5.1.1.9\\res\\icon\\Player.ico"	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rmvb\shell\open\command\ = "C:\\Program Files (x86)\\baidu\\BDPlayer\\5.1.1.9\\BDPlayer.exe --from=shell --url=\"%1\""	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.m1v	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mpeg\BDPlayer.bak = "VLC.mpeg"	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilt.1\ = "WebpImageDecodeFilter Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rp\ = "BDPlayer.rp"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.dat\shell	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.m2p	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.tpr\	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib\ = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.wmp\shell\open\ = "用百度影音5 打开(&P)"	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.smil\	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.mpeg\shell\open\command	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tpr\OpenWithProgids	PlayerApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Tencent.QQBrowser.Default\.exe	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.wm\shell\open\ = "用百度影音5 打开(&P)"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.wmp\shell\open	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rm\ = "BDPlayer.rm"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.m2ts\shell\open\command	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.wm	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rp\shell\open\ = "用百度影音5 打开(&P)"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rmvb	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.mp2v\shell\open\ = "用百度影音5 打开(&P)"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.tpr\DefaultIcon	PlayerApp.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.avi\OpenWithProgIds\BDPlayer.exe	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.wm\OpenWithProgIds\BDPlayer.exe	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpm	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.smil\DefaultIcon\ = "C:\\Program Files (x86)\\baidu\\BDPlayer\\5.1.1.9\\res\\icon\\Player.ico"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tp	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rpm\shell\open\command	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rt\shell\open\ = "用百度影音5 打开(&P)"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rmvb	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dat	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mpe\OpenWithProgIds\BDPlayer.exe	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rp\DefaultIcon	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.m2v\	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\""	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rp\shell\open\command	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpm\ = "BDPlayer.rpm"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rmvb\shell\open\command	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rmvb\BDPlayer.bak = "VLC.rmvb"	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pss\OpenWithProgids\BDPlayer.exe	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\ = "open"	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe	QQBrowser.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.avi\DefaultIcon\ = "C:\\Program Files (x86)\\baidu\\BDPlayer\\5.1.1.9\\res\\icon\\avi.ico"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.smi	PlayerApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.smi\shell\open\command\ = "C:\\Program Files (x86)\\baidu\\BDPlayer\\5.1.1.9\\BDPlayer.exe --from=shell --url=\"%1\""	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.m2p\ = "BDPlayer.m2p"	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.rpm\DefaultIcon	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.mpv2\shell	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BDPlayer.mpv2\shell\open\command	PlayerApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A629F59C-66C9-4775-901A-A017530E3958}	regsvr32.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

QQBrowser.exeV8._85416_20150820204011.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	QQBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	V8._85416_20150820204011.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	V8._85416_20150820204011.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	QQBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	QQBrowser.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

Processes:

V8._85416_20150820204011.exeQQBrowser.exeQQBrowser.exeQQBrowser.exe

pid	process
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
296	QQBrowser.exe
296	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
2028	QQBrowser.exe
428	V8._85416_20150820204011.exe
428	V8._85416_20150820204011.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
1780	QQBrowser.exe
1780	QQBrowser.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

QQBrowser.exe

description	pid	process
Token: SeSecurityPrivilege	296	QQBrowser.exe
Token: SeSecurityPrivilege	296	QQBrowser.exe
Token: SeSecurityPrivilege	296	QQBrowser.exe
Token: SeSecurityPrivilege	296	QQBrowser.exe
Token: SeSecurityPrivilege	296	QQBrowser.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

BDPlayerTray.exe

pid process

1636 BDPlayerTray.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

BDPlayerTray.exe

pid process

1636 BDPlayerTray.exe

pid	process
1636	BDPlayerTray.exe

pid	process
1636	BDPlayerTray.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exeV8._85416_20150820204011.exe

description	pid	process	target process
PID 896 wrote to memory of 428	896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe	V8._85416_20150820204011.exe
PID 896 wrote to memory of 428	896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe	V8._85416_20150820204011.exe
PID 896 wrote to memory of 428	896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe	V8._85416_20150820204011.exe
PID 896 wrote to memory of 428	896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe	V8._85416_20150820204011.exe
PID 428 wrote to memory of 1700	428	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 428 wrote to memory of 1700	428	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 428 wrote to memory of 1700	428	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 428 wrote to memory of 1700	428	V8._85416_20150820204011.exe	PerfTraceService.exe
PID 428 wrote to memory of 768	428	V8._85416_20150820204011.exe	regsvr32.exe
PID 428 wrote to memory of 768	428	V8._85416_20150820204011.exe	regsvr32.exe
PID 428 wrote to memory of 768	428	V8._85416_20150820204011.exe	regsvr32.exe
PID 428 wrote to memory of 768	428	V8._85416_20150820204011.exe	regsvr32.exe
PID 428 wrote to memory of 768	428	V8._85416_20150820204011.exe	regsvr32.exe
PID 428 wrote to memory of 768	428	V8._85416_20150820204011.exe	regsvr32.exe
PID 428 wrote to memory of 768	428	V8._85416_20150820204011.exe	regsvr32.exe
PID 428 wrote to memory of 1548	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1548	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1548	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1548	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 296	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 296	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 296	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 296	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1616	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1616	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1616	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1616	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1620	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1620	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1620	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1620	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 2028	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 2028	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 2028	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 2028	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1592	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1592	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1592	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1592	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1140	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1140	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1140	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1140	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1120	428	V8._85416_20150820204011.exe	sc.exe
PID 428 wrote to memory of 1120	428	V8._85416_20150820204011.exe	sc.exe
PID 428 wrote to memory of 1120	428	V8._85416_20150820204011.exe	sc.exe
PID 428 wrote to memory of 1120	428	V8._85416_20150820204011.exe	sc.exe
PID 428 wrote to memory of 1624	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1624	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1624	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1624	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1780	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1780	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1780	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1780	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 916	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 916	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 916	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 916	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1496	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1496	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1496	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 428 wrote to memory of 1496	428	V8._85416_20150820204011.exe	QQBrowser.exe
PID 896 wrote to memory of 2004	896	5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe
"C:\Users\Admin\AppData\Local\Temp\5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:896

C:\Users\Admin\AppData\Local\Temp\V8._85416_20150820204011.exe
V8._85416_20150820204011.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:428

C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
"C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe" -installAndRun "QQBrowser Performance Service"
3⤵
- Executes dropped EXE
PID:1700

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:768

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=update -source=1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies system certificate store
PID:1548

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -install
3⤵
- Executes dropped EXE
- Sets file execution options in registry
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:296

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -Module=QQBrowserFrame.dll -skinzipfactory
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1620

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -homepageimport
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1592

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -resetopenpage
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1140

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installcoexistreport -installmode=1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:2028

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installscheduletask
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
PID:1616

C:\Windows\SysWOW64\sc.exe
"sc" config fontcache start= auto
3⤵
- Launches sc.exe
PID:1120

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=QQBrowserFrame.dll -updatejumplist
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1624

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installtxservice
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:1780

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -setdefaultbrowser
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:916

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=assistant.dll -installsetdefaultbrowserreport -setdeftype=0 -setdefres=5 -beforename= -aftername=QQBrowser.exe -setdefsrc=1
4⤵
PID:748

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -module=Assistant.dll -installreport -name=QQBrowser_Setup_Hk_85416_3638.exe -parent=5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526.exe -occupy= -occupyparent= -method=3 -result=0 -type=1 -changedir=0 -fstartup=1 -deskicon=1 -default=1 -directopen=6474 -userplan=1 -r1= -r2=
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:1496

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\BaiduPlayer5SetupSilent_359.exe" + "C:\Windows\Fonts\mingliu.ttc" "C:\Users\Admin\AppData\Local\Temp\BaiduPlayer5SetupSilent_359.exe"
2⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\BaiduPlayer5SetupSilent_359.exe
BaiduPlayer5SetupSilent_359.exe
2⤵
- Executes dropped EXE
PID:1640

C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\PlayerApp.exe
"C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\PlayerApp.exe" --action=install --desktop=1 --taskbar=1
3⤵
- Modifies registry class
PID:1808

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="xUpdate" dir=in program="C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xUpdate.exe" action=allow description="C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xUpdate.exe"
4⤵
- Modifies Windows Firewall
PID:1680

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="BDPlayer" dir=in program="C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\BDPlayer.exe" action=allow description="C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\BDPlayer.exe"
4⤵
- Modifies Windows Firewall
PID:940

C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\BDPlayerTray.exe
"C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\BDPlayerTray.exe"
3⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1636

C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xReport.exe
"C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xReport.exe" pv &r=133032015352060000&op=lauch&ext=toolbar&ver=5.1.1.9&ch=359&module=BDPlayerTray
4⤵
PID:2084

C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xUpdate.exe
"C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xUpdate.exe" --version=5.1.1.9 --channel=359 --mode=slient
4⤵
PID:2224

C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xReport.exe
"C:\Program Files (x86)\baidu\BDPlayer\5.1.1.9\xReport.exe" pv &r=133032015221020000&op=install&ver=5.1.1.9&ch=359&module=BaiduPlayer5SetupSilent_359
3⤵
PID:1604

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C copy /b "C:\Users\Admin\AppData\Local\Temp\BFVCenter-y4bd[[AB005]].exe" + "C:\Windows\Fonts\mingliu.ttc" "C:\Users\Admin\AppData\Local\Temp\BFVCenter-y4bd[[AB005]].exe"
2⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\BFVCenter-y4bd[[AB005]].exe
BFVCenter-y4bd[[AB005]].exe
2⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\uni1795887c.exe
uni1795887c.exe
2⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\kinst_1_568.exe
kinst_1_568.exe
2⤵
PID:832

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -- "http://120.55.106.224/NTY2MGI1NTU3NDNhOGI0NzQ5OTIzNDBlN2UxZTVjMmJhYWM5NjYwZGE4YTI2YzE0N2JjMjQ2MWJiMTc2MzUyNi5leGU=/40.html"
2⤵
PID:676

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=extension -scope=676 /prefetch:5
3⤵
PID:1476

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" "-host=tab" -scope=676 -Cred=464 -group=0 -core=1 /prefetch:2
3⤵
PID:1032

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" "-host=tab" -scope=676 -Cred=464 -group=0 -tid=1 -core=1 /prefetch:2
3⤵
PID:2016

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host= -Cred=1 -scope=676 /prefetch:1
3⤵
PID:2036

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=net /prefetch:4
3⤵
PID:1644

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -host=net /prefetch:4
3⤵
PID:2172

C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe
"C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe"
3⤵
PID:2304

C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
"C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe"
1⤵
- Executes dropped EXE
PID:1776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\Skin\LightStripes.gt
Filesize
92KB

MD5
3392ddb4180f8142e92da3d58fea803f

SHA1
84735708fa47056106c149407ea12abe27f6a138

SHA256
fe7583042a86428eacb57cc27ad6134610308166995811e0d44de06b7d216b72

SHA512
7212ad691a1b390d81539a28ad87ea3363e0b73b28a74412eab37392a3e0b487d103f557b4768caecc98a35a3281843f92a523b77b92acd01b3ffd6406ad6f3a

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll
Filesize
135KB

MD5
12650137ef731c4f2967bd670287e357

SHA1
2386ffa665080bea8c36075992a9e236c0e54105

SHA256
7e9320481129c168c87200c1bcbc2d793046bd40d42cd198e3b610a0f08c48f1

SHA512
968b9430b29c6520633cdf91ec3a7773d4da637d53c565db213c0a0f76b4316948457d4567cdecee8b4e96c2e106e167fc9a3c94ceb0a14da2dd442734e89c03

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\dr.dll
Filesize
81KB

MD5
699f0052d0c959f1a5b7c3926cce11fa

SHA1
1f5084eacdd96553831899771fc433270c852196

SHA256
3e1f7276df5e11b20250186682464782a40f902bcc44b44e0956348921d027c8

SHA512
54d1adf7b8bf0325b10e50d34787cdf3d2cd219c2a19e8ab74f4283a55dd8ebb6910c71141449107494e2ded4452ebf6c973e3ec022b67a2da175691a1d0cc5c

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
C:\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\QQBrowser\DB\homepage.db
Filesize
3KB

MD5
d0e7295144a4af0f9ffb401ac44a740e

SHA1
a4d164ace9e1269aa81f17340347050635e04a43

SHA256
e31a32bffc11cbdb3579a1eb3f6794bbd39c5fabd15b0151a5fd4c68d878c328

SHA512
065c79a0de85cc1406879113b9e9a14e31680e1c69a27ae2e8c2719a2fff58c8bf5fb62ae54229ddac417b3abf90fd1c471cbb84330a00506e840bbbf7850358

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\Assistant.dll
Filesize
417KB

MD5
e93b5a4fd5050116a84cf52011c516c1

SHA1
38bd7e853618d6fc8438f60715571289c01b0974

SHA256
e5ee45270cd623c9353c05349e7d0049a3f6caaad0a48c64af04d3523e07bc97

SHA512
3520ab6e36a9e44164261d1a6b6c53880b03bb102e6eafec7167f39020ae33462e8f515184704cfcd3df752ee94711b8e185ac15c18056677075c29eadd1c0d7

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBExtensionFramework.dll
Filesize
540KB

MD5
88f2d2382cce7ec315ca6860ff0c4075

SHA1
07eea3f61e2fa2d47682217b505d163f7f36fc9d

SHA256
b2c6d93708c33068fe61c0b3733ec697b179d18fba79dfcbc6eacb716fc81d45

SHA512
43bc572f67181ae5fbf26828cfdb82bd1867a69a2f74fb03346bb69cfda8d8fb2b834521bf86918c663df223bd721d1cc3837ebc8e3c164fde3f5dca92d71779

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBSafe.dll
Filesize
443KB

MD5
16ae0a59da95783599969cb2a8cd7b0d

SHA1
993030a80ecf26ebbb723053072a4084ea89d8b1

SHA256
d63ed7d6a3f5b7d5e5e641bccd8e8644493f7bd91b98656ab58d1b893958a2d9

SHA512
4a772c6300ee294aa0b7b86e8de8c88805f9509dcc9467dbe427fb918d1a4d98b597591f4fca2ef24f55bc6e0cdb11ccb8d21449424e622663d935b8005dd1d9

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Filesize
119KB

MD5
c3e4c6aaedb957ba059b51c1d2403c93

SHA1
949e35c49a4500f872ef84ea01560af4b2868790

SHA256
1415ff8057acbd5cbd24c6bd835df4c600e485009dbb052c635309a88ee69a34

SHA512
46382dc454e0e78624cbd8f0634e6641b208195d03897fcc24bf1115ca9db9628dedc855312cd42c5174d461b8e44a0871f39f99473b2bf8bc0788f65a116755

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
\Program Files (x86)\Tencent\QQBrowser\QQBrowserFrame.dll
Filesize
1.6MB

MD5
68eb386277ed0c2e4a13b6c5731f236e

SHA1
c831285069732bc3578a508052ce5e8723aac582

SHA256
84ef4e2ec7265038cb82c4a4ee149e394c1a66b7f84853130fba167965d09f2a

SHA512
6f9f76da55a863f6c817322b66c658492fc7d01a60673c7d622dc14baf2c6524f4fba4911c8b1419203f8ffc72c757c272001bf0fe67515411eaf2e9df035381

Download Submit
\Program Files (x86)\Tencent\QQBrowser\WebpDecodeFilter.dll
Filesize
135KB

MD5
12650137ef731c4f2967bd670287e357

SHA1
2386ffa665080bea8c36075992a9e236c0e54105

SHA256
7e9320481129c168c87200c1bcbc2d793046bd40d42cd198e3b610a0f08c48f1

SHA512
968b9430b29c6520633cdf91ec3a7773d4da637d53c565db213c0a0f76b4316948457d4567cdecee8b4e96c2e106e167fc9a3c94ceb0a14da2dd442734e89c03

Download Submit
\Program Files (x86)\Tencent\QQBrowser\dr.dll
Filesize
81KB

MD5
699f0052d0c959f1a5b7c3926cce11fa

SHA1
1f5084eacdd96553831899771fc433270c852196

SHA256
3e1f7276df5e11b20250186682464782a40f902bcc44b44e0956348921d027c8

SHA512
54d1adf7b8bf0325b10e50d34787cdf3d2cd219c2a19e8ab74f4283a55dd8ebb6910c71141449107494e2ded4452ebf6c973e3ec022b67a2da175691a1d0cc5c

Download Submit
\Program Files (x86)\Tencent\QQBrowser\service\PerfTraceService.exe
Filesize
272KB

MD5
1b47580cce6db40a3f389ebd6250795f

SHA1
951ced03a17e826df41cd2314bb5079ba7fc74e3

SHA256
f2adc20c2fa2e5fa02fda7469b6ac15a623f3cd098343198f54156f219716a7c

SHA512
c864cbce5bbd7cccb8bec1e724fd884b053ff0ba3080d14a0afacc5cd55b9866f37cddc1a1d62cfb6fdca9a068663e2fff5c5ad32c3d55da49cca633606646e5

Download Submit
\Users\Admin\AppData\Local\Temp\12au6ca084\QBInstaller.dll
Filesize
622KB

MD5
ce9341acc89b84af512afa5b68c7c0b0

SHA1
c63900266799e535374166f2837667da1a85a500

SHA256
beb45eb024534ac0970e6d9455a9d0c27d9a24aa11364ec023cd6c09339aa467

SHA512
8c1e5ff28a557c4e6acf2393394ebba43123af1dafeca5e04e55b54805dacd215d23198fa4aaf6de8378ce398aaeb578170958dcd33840a8851e031a0b3756fa

Download Submit
\Users\Admin\AppData\Local\Temp\V8._85416_20150820204011.exe
Filesize
4.9MB

MD5
3c4c8edac2cd495654fa87ffeefb77ce

SHA1
35d3ffb6b8e12ca3efc1a99957fd1e31ad40d998

SHA256
6e7903668f26e1efd1bde8875682d0016bf48382d38576f3c5cdb01c56f9f61e

SHA512
a4cccdd4fcb72ad5fed7f7b663481c7d81f0436d69c9c85da90d4cc59dbb7e702e1fe01fdd7431976f9725ecd7a7c40c2fe2752b0bb03ea19f13a241cb488d2e

Download Submit
\Users\Admin\AppData\Local\Temp\nstF74D.tmp\Base64.dll
Filesize
4KB

MD5
f0e3845fefd227d7f1101850410ec849

SHA1
3067203fafd4237be0c186ddab7029dfcbdfb53e

SHA256
7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554

SHA512
584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a

Download Submit
\Users\Admin\AppData\Local\Temp\nstF74D.tmp\Inetc.dll
Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
\Users\Admin\AppData\Local\Temp\nstF74D.tmp\NSISdl.dll
Filesize
14KB

MD5
254f13dfd61c5b7d2119eb2550491e1d

SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6

SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

Download Submit
\Users\Admin\AppData\Local\Temp\nstF74D.tmp\System.dll
Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nstF74D.tmp\ZipDLL.dll
Filesize
163KB

MD5
2dc35ddcabcb2b24919b9afae4ec3091

SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939

SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

Download Submit
\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
\Users\Admin\AppData\Roaming\Tencent\QQBrowser\InstModules\QBUtils.dll
Filesize
1.7MB

MD5
268905b968aace3dbaf5dd97391071e9

SHA1
3ea52528166806275bf9c6a7aa8d4f359a140889

SHA256
caa9c84d342c14543ddaf861efcc7b8e997f2d8bd270d408ba9764e29fcc88fd

SHA512
1f0483c53bb3901721f90071889036777ae84ea257b8afa98c04b8142bae321732d012484482ea556f6cca65ec1255459a08e4156cc3cd52fbc44541b2fb568b

Download Submit
memory/296-92-0x0000000000000000-mapping.dmp

Download
memory/316-189-0x0000000000000000-mapping.dmp

Download
memory/428-63-0x0000000000000000-mapping.dmp

Download
memory/676-205-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/676-207-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/676-204-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

Filesize
64KB

Download
memory/676-203-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/676-206-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/676-209-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/676-201-0x0000000000000000-mapping.dmp

Download
memory/748-182-0x0000000000000000-mapping.dmp

Download
memory/768-74-0x0000000000000000-mapping.dmp

Download
memory/832-199-0x0000000000000000-mapping.dmp

Download
memory/896-195-0x0000000002EC0000-0x0000000002F0D000-memory.dmp

Filesize
308KB

Download
memory/896-54-0x0000000075271000-0x0000000075273000-memory.dmp

Filesize
8KB

Download
memory/896-60-0x00000000004B0000-0x00000000004DD000-memory.dmp

Filesize
180KB

Download
memory/896-238-0x0000000002EC0000-0x0000000002F0D000-memory.dmp

Filesize
308KB

Download
memory/916-163-0x0000000000000000-mapping.dmp

Download
memory/940-179-0x0000000000000000-mapping.dmp

Download
memory/1032-211-0x0000000000000000-mapping.dmp

Download
memory/1120-140-0x0000000000000000-mapping.dmp

Download
memory/1140-128-0x0000000000000000-mapping.dmp

Download
memory/1476-208-0x0000000000000000-mapping.dmp

Download
memory/1496-165-0x0000000000000000-mapping.dmp

Download
memory/1548-82-0x0000000000000000-mapping.dmp

Download
memory/1548-93-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1548-96-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1592-109-0x0000000000000000-mapping.dmp

Download
memory/1616-102-0x0000000000000000-mapping.dmp

Download
memory/1620-103-0x0000000000000000-mapping.dmp

Download
memory/1624-146-0x0000000000000000-mapping.dmp

Download
memory/1624-188-0x0000000000000000-mapping.dmp

Download
memory/1640-174-0x0000000000000000-mapping.dmp

Download
memory/1644-220-0x0000000000000000-mapping.dmp

Download
memory/1680-196-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/1680-193-0x0000000000000000-mapping.dmp

Download
memory/1680-176-0x0000000000000000-mapping.dmp

Download
memory/1700-71-0x0000000000000000-mapping.dmp

Download
memory/1780-158-0x0000000000000000-mapping.dmp

Download
memory/2004-173-0x0000000000000000-mapping.dmp

Download
memory/2016-214-0x0000000000000000-mapping.dmp

Download
memory/2028-104-0x0000000000000000-mapping.dmp

Download
memory/2036-217-0x0000000000000000-mapping.dmp

Download
memory/2084-229-0x0000000000000000-mapping.dmp

Download
memory/2172-235-0x0000000000000000-mapping.dmp

Download
memory/2224-237-0x0000000000000000-mapping.dmp

Download
memory/2304-242-0x0000000000000000-mapping.dmp

Download