Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 10:46

General

  • Target

    a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe

  • Size

    44.5MB

  • MD5

    a0608ce5cd4af06a045bf5b21750f6f4

  • SHA1

    4fa026e39e2398e26f10eebe9bfb8b86adeb21b5

  • SHA256

    8a439272ef0ef203b12ab97ee534bdbb0e5d181a9b37c0a2ff8de2e324837528

  • SHA512

    45cec17b70c88938dd67e919f0a18c1563625c99f237a8611a4ad279b904842ca2bccf091190e92031fcb1e224e2848fbf2f0262d2ef937b4d436d5cb8427f21

  • SSDEEP

    786432:ODhquvbM1BKEJVpWjL9FZDWp1+jBpR5v4to/oqBsClkuH/si:eHKBK66jL9rS1mBiyKEV

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 11 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 16 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets file execution options in registry
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:1128
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-browser --silent
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Modifies registry class
      PID:1448
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-crx="C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx"; --overwrite-extension
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      PID:600
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-scheduletask
      2⤵
      • Drops file in Windows directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      PID:2404
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-driver
      2⤵
      • Sets service image path in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Modifies registry class
      PID:1412
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-service
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2988
      • C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
        "C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe" -installandrun
        3⤵
        • Writes to the Master Boot Record (MBR)
        • Executes dropped EXE
        PID:1740
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -make-default-browser --silent
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      PID:1528
  • C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
    "C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Executes dropped EXE
    • Checks processor information in registry
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    PID:2192

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

3
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\BugReport.exe
    Filesize

    435KB

    MD5

    5eab02dbe532a55e0b8917c56ce2e362

    SHA1

    091cc3a7c45a4ac0b884154b780442b0460e7ca8

    SHA256

    5be5f2f1d16d1473e9c096f4063ff01797a80e6f533b258c96a373584584eafd

    SHA512

    8fef3a03fd755c59005962a1461c43da63543ed474602f48b8458a9cf9fbd1a36b36a947dac71330844faf5d0e0235bcb379a44bdd8fa4f70cd2bfd167b965bd

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx
    Filesize

    195KB

    MD5

    bc35dd8db0134a9a4d72b6b641d4c3d2

    SHA1

    daa4adcbbe450edd3feeddde617a99ceef7abe01

    SHA256

    69652a0d072eeab53df690c901672741ac47e5177b3db097be60946ebb19706f

    SHA512

    b65b7432ba08a1e39052a1b58d4a4cddf212012dd2877a65118baeba527134bca4305600af86dc35a4679a263444cce5f7f77dfaa48445cf78f131ae8e0f0fd7

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome.dll
    Filesize

    30.7MB

    MD5

    e72fe85d406843af9cff53044291bb14

    SHA1

    5512971045d88dfed1673016cbbb332821441653

    SHA256

    40dc8b1bd35a6f78f800f8d8fe3ce3fd40c6dd98d38a10628277d4870f757f51

    SHA512

    a2209d4f1841d026a7e7b828b87e0aecbb32324cbe80ed0cd00151651a8809aa7bacde0d02f4fff01e9c57c2a61050ad31cdf15ec93eaeaeb56add257c568b91

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dll
    Filesize

    36.4MB

    MD5

    c6876f0faad1989ee8406b6b6edba00b

    SHA1

    81400b8735881643f7002fe19d816c726a28dbf0

    SHA256

    4b6466df99d4709513bfb7cc9e1a0419606f4d0b34ce35f502beffb1ec21c889

    SHA512

    540c0051807024cd5ccfed6521649950d7c4793c70998ac5c4ad51f6b89fd74333f23c7342e09e3ae8ab3c66b36ed11be32e1ba1266c09bb82090078dc897e1d

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\TsQBDrvDll.dll
    Filesize

    107KB

    MD5

    fa8c9e95d8131746021981204bb24c03

    SHA1

    9376312d76750816597d92c8b36e57d41937bff5

    SHA256

    44353e1a7e8aaa564e53daa0285c5784b4707636c34da28e0c8d8a219279b529

    SHA512

    e0d2ee6cd34bcce44c30cae9fdda9ef962179449fb68a12a49caed92c97a7ea075517bbc2d91ddf81121bbed08e1e614adc67e0ae925923261eadf8d8907888c

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sys
    Filesize

    87KB

    MD5

    b532e6c5bd4ed4932cf4eee3723d01d5

    SHA1

    475f5f098ed9df549d59185faa33c91f0c351fb0

    SHA256

    8b7cd3bb7c7c57dfe35a4f01a7007198439b6dc81a3b081e77e675fb53cd7c86

    SHA512

    34da35d6798a59ba2d0dd0b8e42aff25012f18102a5bbda77ac67cd75de3ea50dd98d75d2713ae6ad35b4985f34d2274bad40b2583e6fb20aede0534d1941e9d

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\natives_blob_.bin
    Filesize

    429KB

    MD5

    d0645f36f5d0fdf9e8502908cb7096aa

    SHA1

    d2442b26c40e45a00c1c3f5a88e9798606aad71e

    SHA256

    bb6a54a7414519312130fc364128d9464c3d0763e42b018ed29db22a2e389dd8

    SHA512

    73d14a588d9fed22e6109a0043cdb1cb75c665ac802555e8903679274e505d36d5d1e3e032e890311c88053a30029ce76eefd97b09211faaad6834fafb677e98

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.new
    Filesize

    979KB

    MD5

    cdacc4c6291e558d3a8f2da158e9c3c5

    SHA1

    82a70615b901cdc0f8e75888c741875da4855bee

    SHA256

    9eeee667becc54cc67c2f96631e4abe88e582795a5a361c327e67b5ad665bf0a

    SHA512

    72b1700b55009b20491a831ad6fba059ab07da95fc7078b1618590a82d483c24d42595a6bc061144267b4ca6406fdd81f857d8434ecb41220bca4eb6771fe9cd

  • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob_.bin
    Filesize

    502KB

    MD5

    af2242ad79aae7cd9922d4e6f634f5fb

    SHA1

    12be71aea2a9c043d01e87bf8fc52d02f3c8ec3c

    SHA256

    e2712545a56e648005f0945579472a6ac8ea14959503e9199cf1ee0e7fabdede

    SHA512

    f17bce35378071c85bc0b986c22e2f606307603ea8f6b0c313632e84be931cd0aa5ec764b9c9a2c4021ff0b0a97628c210f30cadd0970d7d358bb56d69728f3c

  • C:\Program Files (x86)\Tencent\QQBrowser\PrScrn.dll
    Filesize

    911KB

    MD5

    5b32ab8b61c19ba40d1cb93ab3c31917

    SHA1

    d05f572399d4ba0606db705207656cbe549a9f68

    SHA256

    e64d6ac64cfb1dcc2cf062bd2fa4cef1e01f6f9ef5d7534f8e95e195a48dca50

    SHA512

    f5b07ee841043a9c7100e206cfeb57dd316bdfc5f1fcbeb9dece1e2badf6d59b27fde7353096e2a8cc159df7ff156d09a625659513694a87cb701b869816c0cb

  • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
    Filesize

    371KB

    MD5

    32cebf22bf1b0a89b4e81b917e5c7683

    SHA1

    6f05de39211a271a31b07d9fea8f3874b20c3e7d

    SHA256

    46fd7ef6d1c2c4e82d4df3218b55dae2e6ca2cdd04bdc009d19f38dd6337b54e

    SHA512

    8a846fbf8b552bc8db72a435a7a32f3563d1cba3e1799969e049c521f1e073b69c87a3135ae9349777f32d2ac10c5999285645ce68fe3705768c0aa80299145f

  • C:\Program Files (x86)\Tencent\QQBrowser\navi.ico
    Filesize

    101KB

    MD5

    9a20e850981bb21d880808137f3eb010

    SHA1

    87f8b703f49aa85d4e09e0ec622cc474bf6d1659

    SHA256

    2066385679089ac2483795e73a4e492b5d875232bc971bb22f0951866b56de00

    SHA512

    570179ae9859ecc49096f10a42b22e66909126afbdccfa0112a76db11abfa2654ed6b500e8ce21a465f404d03c76122ebfda11d78f6f5acafda6194ce233b946

  • C:\Program Files (x86)\Tencent\QQBrowser\uninst.exe
    Filesize

    328KB

    MD5

    6692f41cd02e839a491996b43a312d5f

    SHA1

    ba746167cb1a67b6e77aaedcbb5a29b225113ff7

    SHA256

    223e5b801f347022d9aa42010a36961e10e7440ed99d7712661841e64e2323ed

    SHA512

    21bde796bfdf8e6df91290631f9ee7d63b37f179fe24a11178475cccf89d1d9604a8515afc7825757cfb8bec3f0607508d30efc4dd2f0936599306e39108cfbd

  • C:\Users\Admin\AppData\Local\Temp\1F26.tmp
    Filesize

    1B

    MD5

    5058f1af8388633f609cadb75a75dc9d

    SHA1

    3a52ce780950d4d969792a2559cd519d7ee8c727

    SHA256

    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

    SHA512

    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

  • C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk
    Filesize

    2KB

    MD5

    1355c7213cb39456c4c997d126fd63f9

    SHA1

    5cbd63044a60da8c45d01e31c609387a9fd3916f

    SHA256

    a1f0bb39479d0c55c641aba400b380a82a6848afde3281b1e34208581904499b

    SHA512

    381056143b6f9d1437d5adb5d022e5dcd89a8246ba64fa1f1777d862e8622b0046a6a473830e88aa20f2123b3076b67c01b0daa833e9978f9c34997d1d732360

  • C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk
    Filesize

    2KB

    MD5

    c4bf3f58dba76399923683fea855c4ab

    SHA1

    ce88f6a99d92066411f6e7e68f9f72b645a8a820

    SHA256

    07b9184edcdace4f613fb557153e2154e5982794f055e1a368c126188542df50

    SHA512

    6b0ce22ca03e93e8dcaa5d9685973181b7f7e0425b1f12fc16fa9fe2375462e47eed1502e2bb613edf3e9bb9ac3f86c183eed01b07743b0f81dbabaa2869192f

  • C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_12296\video_box.crx
    Filesize

    65KB

    MD5

    6ec058cbe9a865cb8fc39697803771b4

    SHA1

    e93439676848e04a6bd3987e605d08f15617fd5c

    SHA256

    1afba1d1746e2fb3ea0bc8ec06f78cd468085f747054944b7613787328a6213d

    SHA512

    8ed5a4a847356195611b9dfa438eed0099f28f511e9eef1734707f86ceec4c6350ff8199a63c9aa9092b8fb0761b3e5d2518143937b4d3d9b6666a67ffbcfe7c

  • C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_16409\commenExtension.crx
    Filesize

    23KB

    MD5

    ef2e23b5d3a7afcdc15f096454aff823

    SHA1

    1c5f567c2e37107c35f48dd3bc0e1b5ab6d5703f

    SHA256

    5fcb04f2c7eddfd26094c7e2ecdf4fdcf534ee534ee7419ded4a9980b7417920

    SHA512

    42fa87061ecdbfb3967c0594d2510d7b84dbbad46120b17e7b90cf2a4766d9aa11ab7edc4caa400156e5067ec711543287df992d221bd1f605df7586e8a19d37

  • C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_22438\QBFixerPlugin.crx
    Filesize

    352KB

    MD5

    3cd510e82067a5aa6fbd5bc9cc90e941

    SHA1

    a5e0d0a0bd646d397e73b96a9fc7c85384492d20

    SHA256

    d8cffdca848ebdd79e5d12128363e31c7a8982c4a97c3239c0a114aeac28533d

    SHA512

    0050c668347c10c2344bd3f61c1b9ce5559f24b9b7ad1ddda63063428296ca818599de2fe48812a442c2916cccb0120b606b31c3f302ba3cad03e09f4c70a26d

  • C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_23147\NetService.crx
    Filesize

    953KB

    MD5

    8fa18bac4d634e866db77b20567cfb94

    SHA1

    76b7a7fef39133eb9b7c1c7291308c2411e143c2

    SHA256

    ef8176f0291a9568142503f70bb27dbd44a0c887218b5cbc2f79f1ad8add2eaf

    SHA512

    facfa6dd453ca9bdbaf71db46977474fc581e18e5268c08c9d5eaca319e4e56b1ffa1713244da342b2d894d20a1ea44415ce0ca1d2cd7b72b54cb788134153a0

  • C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\fpbdfpimimonlkoapobdbldphmiplmml\9.3.0_0\manifest.json
    Filesize

    1KB

    MD5

    9d061a95aa0a91ceb6ea56bae71551d9

    SHA1

    25095f4ae70e1e3da3daecfef0a97e44582f852b

    SHA256

    4615c32d49123a9057199601a9c12537d1ab25d1d8ac7849bc9ba33964441389

    SHA512

    ff5a1a258db5aae7d9df408fae979b0ec0a46464b3502622ffed57e5ba3fe43902b399dfd15be40de1737aee02599e4db6d2f3ea57c45914d2fbbcf2f29e818b

  • C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe
    Filesize

    762KB

    MD5

    615878bb4b3e98caf6b3e25c199573fb

    SHA1

    d88bb05e57ec805c3837ca2bec4b238a0d92847b

    SHA256

    fa2212f08b4232252024cb3430fd82373cb1f8a95b3f0eb1133714125ded367f

    SHA512

    3fc479974026001090efd2498066636a4fff9200f0210af4c9bbde82e8d3ed2a61db14ba187f7c21214106a6d9c8fd623521c14e73d38bb6a5edff529cd6227a

  • C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\QBSafe.dll
    Filesize

    368KB

    MD5

    cbad84f42aa44031511f8d1dff5297c9

    SHA1

    b7a1d30392fb29a0aef425e2afdfd6126ded4203

    SHA256

    4f06ecd993de1a299a52ba59388966bdad19c52c4e7c21564153be05c7381f28

    SHA512

    d471f4c0bb6f8b4a83f4f2c47866b7a3e342f3adbcd190b2d8cd4a6d16842fc9cf2da5d1a663c9135916f9ae48381b6ea77bb4bfe151c3e670baf266f638cd51

  • C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\manifest.json
    Filesize

    270B

    MD5

    052b4574459359dad6219da8f690243e

    SHA1

    776db69df5690415e566a65814d4df3cec5e838d

    SHA256

    bef816cf2b5611e343b490e31494168feda0e01d5abede3675c2678284445349

    SHA512

    1ef217e48cd7f46299a6796965e4f2e731bcc247a8dfe3c25e4344dc57fc46779e0ddbeb0b58b9b943934cafe4bc95c8e642e15d03f5fa125dab7830828441ab

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk
    Filesize

    2KB

    MD5

    bfe1681a2f03b3c9aa63909f6edabef0

    SHA1

    94475fe1695fdcf8dd855aa3ebd4013aa28178e9

    SHA256

    e3a4e5ca7d2cdb9e47763439221b74350dff0041e15a9025b8c7c3d74280207f

    SHA512

    4e17c35809146d3fd587690d9276e68b5af65f73085af778623b02197a8936499299f0b99e9e38fe41028fcd146092dbb62f6948b92d13f824c306cf367a7713

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk
    Filesize

    2KB

    MD5

    8feb5d7fe8b327a5d3033ceb9c92f512

    SHA1

    ef4f628f65d570bd1c2c27a4961f4cab137840ae

    SHA256

    f2840340dc784453c87deff9662190d3632fd1a132cd137083816c9c4fdee136

    SHA512

    c61821b6034dc6cc5fa0054720a4db77a7e957704372763bb9c7c1f81f70453ac45e807536b31b077db6234cfe1b3b281f0dc0f00de7f0c0ae9fab1ebc737e01

  • C:\Users\Admin\Desktop\QQ浏览器.lnk
    Filesize

    2KB

    MD5

    22520a7296b0e5f4e8f32b41945201c4

    SHA1

    bd5bb3b6aaacfc4d677771ce5596edd64590e5aa

    SHA256

    eb0ea1f38791c8f071bb7a207bc79f60229224e99c86c2328869c30099ac1872

    SHA512

    4e57e74e62453b8759d3b845fd558ef7ea78ae003bc21c975ac1964dc5227b0dc4f3197faa25bff3ebb9e13caf6146e53cced1d3c4b8756157b81edbf33564bf

  • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Windows\Temp\Tar349D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dll
    Filesize

    4.0MB

    MD5

    a912a3a846b7f5a480a8e9d91382cd35

    SHA1

    f53b3631eced69da79fce1508974d49511666a3a

    SHA256

    ab3b482cf7f146595153b8b3b4be2820f06825e71128bb42c5f1fcbaa4b787f8

    SHA512

    c26e6c8054f1921391c428553edae24bfd1afea7eaf2c0dae699997165edb4b821fd0e45075c8524c838e5da5b36b7dd9a1744053a66a72b952bdab072ed4231

  • \Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll
    Filesize

    185KB

    MD5

    6f069180da502b676d0b5c3cb0f5d09d

    SHA1

    5e8219473af1347a2a7c756fa5641d1f57f7262c

    SHA256

    cf3232a4e7fee0279ee7b6a6086393282cb7ec9ed3088832777336bcac380bd0

    SHA512

    07a8e8e84b9954b5e6241bdb42d7cacd6101c9b1a0b9dfd505b2e2dd80b234132d59bd8841bbf0ae003cefb19fccb0f4978dd4c269751a974841c2ebfd1216f3

  • \Users\Admin\AppData\Local\Temp\12auf7611cc\QBInstaller.dll
    Filesize

    847KB

    MD5

    10682bc530feb4b73955233e5fb1acd3

    SHA1

    3aca6f9337af75f4e57e12e088deaf34b85282bf

    SHA256

    950d2a8194c71fa5cf629499c2a53ddcc981546a0aad4e73e301b37c31f4fc35

    SHA512

    6663a0c0faa306df1a3810846e629a8f58d46a45eb51fb3faf9c21a9e2bfdf505946d266b6c4e303562e886be70ab5dc26785ddd0218b38ddab5b469c7ec875f

  • \Users\Admin\AppData\Local\Temp\Tencent\QQBrowser\F1Assistant.dll
    Filesize

    2.6MB

    MD5

    63f70e1c2aa0b6cf8767806e92a6e048

    SHA1

    22e48e4e64fa386bb728f43bcd3d9b4210e63516

    SHA256

    aac837c6189cba6a77d0e6902786c70761d112f97d9c367412cc22b0fad94011

    SHA512

    d0eed6608ef9f6ca4c58d6f657f9edc554cada84efa283cc0ccff00a1a493a060092a91328a01a8c75bace977f60c0a7f842631ec1f846e3a59b3495cd25c9bb

  • memory/600-260-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/600-258-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/600-259-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/1528-690-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/1528-691-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/1528-701-0x000000006FFE0000-0x000000006FFF0000-memory.dmp
    Filesize

    64KB

  • memory/1528-689-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2152-840-0x0000000004FE0000-0x0000000004FFA000-memory.dmp
    Filesize

    104KB

  • memory/2152-1-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2152-841-0x0000000004FE0000-0x0000000004FFA000-memory.dmp
    Filesize

    104KB

  • memory/2152-649-0x0000000004FE0000-0x0000000004FFA000-memory.dmp
    Filesize

    104KB

  • memory/2152-2-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2152-0-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2152-648-0x0000000004FE0000-0x0000000004FFA000-memory.dmp
    Filesize

    104KB

  • memory/2192-700-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2192-698-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2192-699-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2404-625-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2404-624-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB

  • memory/2404-623-0x000000006FFF0000-0x0000000070000000-memory.dmp
    Filesize

    64KB