Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 10:46

General

  • Target

    a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe

  • Size

    44.5MB

  • MD5

    a0608ce5cd4af06a045bf5b21750f6f4

  • SHA1

    4fa026e39e2398e26f10eebe9bfb8b86adeb21b5

  • SHA256

    8a439272ef0ef203b12ab97ee534bdbb0e5d181a9b37c0a2ff8de2e324837528

  • SHA512

    45cec17b70c88938dd67e919f0a18c1563625c99f237a8611a4ad279b904842ca2bccf091190e92031fcb1e224e2848fbf2f0262d2ef937b4d436d5cb8427f21

  • SSDEEP

    786432:ODhquvbM1BKEJVpWjL9FZDWp1+jBpR5v4to/oqBsClkuH/si:eHKBK66jL9rS1mBiyKEV

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 16 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 8 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets file execution options in registry
    • Writes to the Master Boot Record (MBR)
    • Checks computer location settings
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:2296
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-crx="C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx"; --overwrite-extension
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      PID:4584
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-browser --silent
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Modifies registry class
      PID:3216
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-scheduletask
      2⤵
      • Drops file in Windows directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      PID:996
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-driver
      2⤵
      • Sets service image path in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Modifies registry class
      PID:4268
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-service
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:860
      • C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
        "C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe" -installandrun
        3⤵
        • Writes to the Master Boot Record (MBR)
        • Executes dropped EXE
        PID:4484
    • C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -make-default-browser --silent
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Modifies registry class
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:1380
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8
    1⤵
      PID:2044
    • C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
      "C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe"
      1⤵
      • Writes to the Master Boot Record (MBR)
      • Drops file in System32 directory
      • Executes dropped EXE
      • Checks processor information in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:1204

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Persistence

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    2
    T1547.001

    Pre-OS Boot

    1
    T1542

    Bootkit

    1
    T1542.003

    Privilege Escalation

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    2
    T1547.001

    Defense Evasion

    Modify Registry

    3
    T1112

    Pre-OS Boot

    1
    T1542

    Bootkit

    1
    T1542.003

    Subvert Trust Controls

    1
    T1553

    Install Root Certificate

    1
    T1553.004

    Discovery

    Query Registry

    3
    T1012

    System Information Discovery

    3
    T1082

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dll
      Filesize

      4.0MB

      MD5

      a912a3a846b7f5a480a8e9d91382cd35

      SHA1

      f53b3631eced69da79fce1508974d49511666a3a

      SHA256

      ab3b482cf7f146595153b8b3b4be2820f06825e71128bb42c5f1fcbaa4b787f8

      SHA512

      c26e6c8054f1921391c428553edae24bfd1afea7eaf2c0dae699997165edb4b821fd0e45075c8524c838e5da5b36b7dd9a1744053a66a72b952bdab072ed4231

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx
      Filesize

      195KB

      MD5

      bc35dd8db0134a9a4d72b6b641d4c3d2

      SHA1

      daa4adcbbe450edd3feeddde617a99ceef7abe01

      SHA256

      69652a0d072eeab53df690c901672741ac47e5177b3db097be60946ebb19706f

      SHA512

      b65b7432ba08a1e39052a1b58d4a4cddf212012dd2877a65118baeba527134bca4305600af86dc35a4679a263444cce5f7f77dfaa48445cf78f131ae8e0f0fd7

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PrScrn.dll
      Filesize

      911KB

      MD5

      5b32ab8b61c19ba40d1cb93ab3c31917

      SHA1

      d05f572399d4ba0606db705207656cbe549a9f68

      SHA256

      e64d6ac64cfb1dcc2cf062bd2fa4cef1e01f6f9ef5d7534f8e95e195a48dca50

      SHA512

      f5b07ee841043a9c7100e206cfeb57dd316bdfc5f1fcbeb9dece1e2badf6d59b27fde7353096e2a8cc159df7ff156d09a625659513694a87cb701b869816c0cb

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome.dll
      Filesize

      30.7MB

      MD5

      e72fe85d406843af9cff53044291bb14

      SHA1

      5512971045d88dfed1673016cbbb332821441653

      SHA256

      40dc8b1bd35a6f78f800f8d8fe3ce3fd40c6dd98d38a10628277d4870f757f51

      SHA512

      a2209d4f1841d026a7e7b828b87e0aecbb32324cbe80ed0cd00151651a8809aa7bacde0d02f4fff01e9c57c2a61050ad31cdf15ec93eaeaeb56add257c568b91

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dll
      Filesize

      36.4MB

      MD5

      c6876f0faad1989ee8406b6b6edba00b

      SHA1

      81400b8735881643f7002fe19d816c726a28dbf0

      SHA256

      4b6466df99d4709513bfb7cc9e1a0419606f4d0b34ce35f502beffb1ec21c889

      SHA512

      540c0051807024cd5ccfed6521649950d7c4793c70998ac5c4ad51f6b89fd74333f23c7342e09e3ae8ab3c66b36ed11be32e1ba1266c09bb82090078dc897e1d

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\TsQBDrvDll.dll
      Filesize

      107KB

      MD5

      fa8c9e95d8131746021981204bb24c03

      SHA1

      9376312d76750816597d92c8b36e57d41937bff5

      SHA256

      44353e1a7e8aaa564e53daa0285c5784b4707636c34da28e0c8d8a219279b529

      SHA512

      e0d2ee6cd34bcce44c30cae9fdda9ef962179449fb68a12a49caed92c97a7ea075517bbc2d91ddf81121bbed08e1e614adc67e0ae925923261eadf8d8907888c

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sys
      Filesize

      87KB

      MD5

      b532e6c5bd4ed4932cf4eee3723d01d5

      SHA1

      475f5f098ed9df549d59185faa33c91f0c351fb0

      SHA256

      8b7cd3bb7c7c57dfe35a4f01a7007198439b6dc81a3b081e77e675fb53cd7c86

      SHA512

      34da35d6798a59ba2d0dd0b8e42aff25012f18102a5bbda77ac67cd75de3ea50dd98d75d2713ae6ad35b4985f34d2274bad40b2583e6fb20aede0534d1941e9d

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx
      Filesize

      953KB

      MD5

      8fa18bac4d634e866db77b20567cfb94

      SHA1

      76b7a7fef39133eb9b7c1c7291308c2411e143c2

      SHA256

      ef8176f0291a9568142503f70bb27dbd44a0c887218b5cbc2f79f1ad8add2eaf

      SHA512

      facfa6dd453ca9bdbaf71db46977474fc581e18e5268c08c9d5eaca319e4e56b1ffa1713244da342b2d894d20a1ea44415ce0ca1d2cd7b72b54cb788134153a0

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb.exe
      Filesize

      371KB

      MD5

      32cebf22bf1b0a89b4e81b917e5c7683

      SHA1

      6f05de39211a271a31b07d9fea8f3874b20c3e7d

      SHA256

      46fd7ef6d1c2c4e82d4df3218b55dae2e6ca2cdd04bdc009d19f38dd6337b54e

      SHA512

      8a846fbf8b552bc8db72a435a7a32f3563d1cba3e1799969e049c521f1e073b69c87a3135ae9349777f32d2ac10c5999285645ce68fe3705768c0aa80299145f

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qqbrowser.exe
      Filesize

      681KB

      MD5

      5725b85d3ba9e4f59bbad8cf47c023df

      SHA1

      471e9b2e6bfa5407f7feb128841b19068d5130fa

      SHA256

      4a589d4fd00050d4876a93b2c3fa4c8d20f8f04e8a6f44ecd3c5bde5a2c950b4

      SHA512

      8337c3cfbff7109e640b18cc03cafec8d2460d44d731daa9a1b2db49b83d0429073d7d0d1b0ab95014df9253f24a026a2a712d590ba180de4d1f4c1e7c9e631f

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.new
      Filesize

      979KB

      MD5

      cdacc4c6291e558d3a8f2da158e9c3c5

      SHA1

      82a70615b901cdc0f8e75888c741875da4855bee

      SHA256

      9eeee667becc54cc67c2f96631e4abe88e582795a5a361c327e67b5ad665bf0a

      SHA512

      72b1700b55009b20491a831ad6fba059ab07da95fc7078b1618590a82d483c24d42595a6bc061144267b4ca6406fdd81f857d8434ecb41220bca4eb6771fe9cd

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\uninst.exe
      Filesize

      328KB

      MD5

      6692f41cd02e839a491996b43a312d5f

      SHA1

      ba746167cb1a67b6e77aaedcbb5a29b225113ff7

      SHA256

      223e5b801f347022d9aa42010a36961e10e7440ed99d7712661841e64e2323ed

      SHA512

      21bde796bfdf8e6df91290631f9ee7d63b37f179fe24a11178475cccf89d1d9604a8515afc7825757cfb8bec3f0607508d30efc4dd2f0936599306e39108cfbd

    • C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll
      Filesize

      185KB

      MD5

      6f069180da502b676d0b5c3cb0f5d09d

      SHA1

      5e8219473af1347a2a7c756fa5641d1f57f7262c

      SHA256

      cf3232a4e7fee0279ee7b6a6086393282cb7ec9ed3088832777336bcac380bd0

      SHA512

      07a8e8e84b9954b5e6241bdb42d7cacd6101c9b1a0b9dfd505b2e2dd80b234132d59bd8841bbf0ae003cefb19fccb0f4978dd4c269751a974841c2ebfd1216f3

    • C:\Program Files (x86)\Tencent\QQBrowser\navi.ico
      Filesize

      101KB

      MD5

      9a20e850981bb21d880808137f3eb010

      SHA1

      87f8b703f49aa85d4e09e0ec622cc474bf6d1659

      SHA256

      2066385679089ac2483795e73a4e492b5d875232bc971bb22f0951866b56de00

      SHA512

      570179ae9859ecc49096f10a42b22e66909126afbdccfa0112a76db11abfa2654ed6b500e8ce21a465f404d03c76122ebfda11d78f6f5acafda6194ce233b946

    • C:\Users\Admin\AppData\Local\Temp\12aue57ec73\QBInstaller.dll
      Filesize

      847KB

      MD5

      10682bc530feb4b73955233e5fb1acd3

      SHA1

      3aca6f9337af75f4e57e12e088deaf34b85282bf

      SHA256

      950d2a8194c71fa5cf629499c2a53ddcc981546a0aad4e73e301b37c31f4fc35

      SHA512

      6663a0c0faa306df1a3810846e629a8f58d46a45eb51fb3faf9c21a9e2bfdf505946d266b6c4e303562e886be70ab5dc26785ddd0218b38ddab5b469c7ec875f

    • C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\BugReport.exe
      Filesize

      435KB

      MD5

      5eab02dbe532a55e0b8917c56ce2e362

      SHA1

      091cc3a7c45a4ac0b884154b780442b0460e7ca8

      SHA256

      5be5f2f1d16d1473e9c096f4063ff01797a80e6f533b258c96a373584584eafd

      SHA512

      8fef3a03fd755c59005962a1461c43da63543ed474602f48b8458a9cf9fbd1a36b36a947dac71330844faf5d0e0235bcb379a44bdd8fa4f70cd2bfd167b965bd

    • C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\F1Assistant.dll
      Filesize

      2.6MB

      MD5

      63f70e1c2aa0b6cf8767806e92a6e048

      SHA1

      22e48e4e64fa386bb728f43bcd3d9b4210e63516

      SHA256

      aac837c6189cba6a77d0e6902786c70761d112f97d9c367412cc22b0fad94011

      SHA512

      d0eed6608ef9f6ca4c58d6f657f9edc554cada84efa283cc0ccff00a1a493a060092a91328a01a8c75bace977f60c0a7f842631ec1f846e3a59b3495cd25c9bb

    • C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\QQBrowserLiveup.exe
      Filesize

      762KB

      MD5

      615878bb4b3e98caf6b3e25c199573fb

      SHA1

      d88bb05e57ec805c3837ca2bec4b238a0d92847b

      SHA256

      fa2212f08b4232252024cb3430fd82373cb1f8a95b3f0eb1133714125ded367f

      SHA512

      3fc479974026001090efd2498066636a4fff9200f0210af4c9bbde82e8d3ed2a61db14ba187f7c21214106a6d9c8fd623521c14e73d38bb6a5edff529cd6227a

    • C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\natives_blob.bin
      Filesize

      429KB

      MD5

      d0645f36f5d0fdf9e8502908cb7096aa

      SHA1

      d2442b26c40e45a00c1c3f5a88e9798606aad71e

      SHA256

      bb6a54a7414519312130fc364128d9464c3d0763e42b018ed29db22a2e389dd8

      SHA512

      73d14a588d9fed22e6109a0043cdb1cb75c665ac802555e8903679274e505d36d5d1e3e032e890311c88053a30029ce76eefd97b09211faaad6834fafb677e98

    • C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\snapshot_blob.bin
      Filesize

      502KB

      MD5

      af2242ad79aae7cd9922d4e6f634f5fb

      SHA1

      12be71aea2a9c043d01e87bf8fc52d02f3c8ec3c

      SHA256

      e2712545a56e648005f0945579472a6ac8ea14959503e9199cf1ee0e7fabdede

      SHA512

      f17bce35378071c85bc0b986c22e2f606307603ea8f6b0c313632e84be931cd0aa5ec764b9c9a2c4021ff0b0a97628c210f30cadd0970d7d358bb56d69728f3c

    • C:\Users\Admin\AppData\Local\Temp\FC73.tmp
      Filesize

      1B

      MD5

      5058f1af8388633f609cadb75a75dc9d

      SHA1

      3a52ce780950d4d969792a2559cd519d7ee8c727

      SHA256

      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

      SHA512

      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

    • C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk
      Filesize

      2KB

      MD5

      b4ae37e88d051616413ff908850dab63

      SHA1

      8f046b2e2c6adbd5d9d7fe03754ba4e77c0871e7

      SHA256

      6653ce03af23c22197e4433a818c728f4eb30565a171527d0d80fb47df49460c

      SHA512

      2adc207db3f1ff24dcd86ce224f4ba2bb02bc77e43fe8607204ef0ceebf43cbdef67dfb86a493a301404366bcf4831104b5f8e1895ebb2189cb63dcf461a18a4

    • C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk
      Filesize

      2KB

      MD5

      7d87276fba417049b294c8c17e0586ba

      SHA1

      b35d54a9a5068092bac68662d3c9054f73e0497b

      SHA256

      02a32cf60d625ded86483410023ef8c358e1209841e5742ad9c0427c09c8d75a

      SHA512

      0b35e1c5cf90bb6baadff4728147d83a4d3749436e5279af6d2aeedc4c5560edefc0950d94b9ed382488995638b01162ea885cf1eb5b31aae3f39cf0105db0ac

    • C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk~RFe57ff7e.TMP
      Filesize

      2KB

      MD5

      8da392c07513d57fb0f6104a376e3dd8

      SHA1

      5faf9d99cdb29f7a7a000a146358e9454ee9232c

      SHA256

      c9aac45a2877f6b59665be956a054471f70b7f7812147aeab2852ce36a686bfd

      SHA512

      6f265502527a5b6a86bd568751330819cf7b2046b7393dcae2439ad99721921195f400403d61a0baa9460f22cac29bc1a78691305dbb99443d64ed3a421bf1a6

    • C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk~RFe58020e.TMP
      Filesize

      2KB

      MD5

      240aeecadac15e6247581763c8bfc78b

      SHA1

      8d379d7ccc1e3abb31145fdff1ac5819d9e3ce05

      SHA256

      8bd63ea1cda6b98f18cf1f6dd5f5410fdaeda28882bffa3916dc2559377abcfa

      SHA512

      6554466210efbdce0bda6d94334e04aac7b41d6ec93a1f776769b4f63a9d41a2be375f72e87ac94f6f0756b39c865aa97cbe41c852ad96699114167336855463

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_12363\video_box.crx
      Filesize

      65KB

      MD5

      6ec058cbe9a865cb8fc39697803771b4

      SHA1

      e93439676848e04a6bd3987e605d08f15617fd5c

      SHA256

      1afba1d1746e2fb3ea0bc8ec06f78cd468085f747054944b7613787328a6213d

      SHA512

      8ed5a4a847356195611b9dfa438eed0099f28f511e9eef1734707f86ceec4c6350ff8199a63c9aa9092b8fb0761b3e5d2518143937b4d3d9b6666a67ffbcfe7c

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\background.html
      Filesize

      91B

      MD5

      e47a0afeb88b3a08052ca652dc371b7b

      SHA1

      bf54c142aeea010f509e777a2b2b5ac6dd363a73

      SHA256

      f97b49e5ef5b501158639553054da4bc1b4e1489914f6b15b27a4aac440959b0

      SHA512

      6c6fb2541daef529089d9161d4a9b91e0c27181d572448b4a023f5cefbd1233f58a632151872450301b129927c4f223b0eaaae7fcc45210fa245ffbc3e480056

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\background.js
      Filesize

      91KB

      MD5

      d503e0f5c5212c4fa41f6f449ca6a431

      SHA1

      dd858ee3273cbbb76a7a6c004d94c6ec093e2d21

      SHA256

      1648061fecea0109745e76356c483f4bd6ed4bab5dd91bc1577c922e2e66ec24

      SHA512

      827d061b354b6af1856ee933e45fbd2ce9a13a32c162aa889c02aaf7cb9cd7686b30d31676d0b091c5dcf63c970be47038ebc1d95b7f4a16fae50cb54cf67a16

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\manifest.json
      Filesize

      775B

      MD5

      f89a7d8de54e0d2bcb8e51949ebffb7f

      SHA1

      271b636640cdcaffb568f8b0a0a5ef48e30108f5

      SHA256

      fd2183fd4500ff8e7c21e71355dbdf4b25825b5924da463a4cb3bc2b66950ab4

      SHA512

      074c3d1407246f8114374d5c9a9aee9e9a2d96de6dae52c4cde987f615012896e07fec77e35eccbe21c8143fb8b41703fb0fada9838a92f57c630e71013725f6

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\s5-iframe.js
      Filesize

      1KB

      MD5

      f18e722574afa2aa1ab3f40038cda1ee

      SHA1

      cf0a5e1b4d65ecb4c8c8f0a2b462934e92761057

      SHA256

      8973611a1b1139b0cdd56d3063ae097fb3650486459443c7d7fb92c3ff5b47da

      SHA512

      c77cdd1a18ae8ca6c0bc786624e84d476590a2851fc9795a35e12000417d9a972d647ba1cadfc198fc3816461834093c4054548c82d676e8755971ae8012cc3e

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\commenExtension.crx
      Filesize

      23KB

      MD5

      ef2e23b5d3a7afcdc15f096454aff823

      SHA1

      1c5f567c2e37107c35f48dd3bc0e1b5ab6d5703f

      SHA256

      5fcb04f2c7eddfd26094c7e2ecdf4fdcf534ee534ee7419ded4a9980b7417920

      SHA512

      42fa87061ecdbfb3967c0594d2510d7b84dbbad46120b17e7b90cf2a4766d9aa11ab7edc4caa400156e5067ec711543287df992d221bd1f605df7586e8a19d37

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_22484\QBFixerPlugin.crx
      Filesize

      352KB

      MD5

      3cd510e82067a5aa6fbd5bc9cc90e941

      SHA1

      a5e0d0a0bd646d397e73b96a9fc7c85384492d20

      SHA256

      d8cffdca848ebdd79e5d12128363e31c7a8982c4a97c3239c0a114aeac28533d

      SHA512

      0050c668347c10c2344bd3f61c1b9ce5559f24b9b7ad1ddda63063428296ca818599de2fe48812a442c2916cccb0120b606b31c3f302ba3cad03e09f4c70a26d

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\NetService.dll
      Filesize

      1.4MB

      MD5

      56a16e60343ecb6b3f41e8fa8141453b

      SHA1

      b924cb860c664b0159a6b3623951ed6af697b35a

      SHA256

      db7203efd83d0f4a3e30b4395c3f0767d88b354453732cff7d49bd84723d77c2

      SHA512

      dc10c17d20bfb5edb4e951778d2cae7835134fd6c06bdcccdd1cc82dfed6f494bc40087894f1df91dbaf39316a4bba3f6fbf0c795060aeab9254735ce3921b87

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\QQPCDetector.dll
      Filesize

      565KB

      MD5

      59cab61b1351cbea3ffeeba2e823a657

      SHA1

      173521dee8ee034007aecf618218602ae70d7cf6

      SHA256

      4f5a5d9f012f5e5a8a814fe47542d0e533a530fbf319bee8b737d02414a37b04

      SHA512

      3c0d694481a153d158690225f648f592284eeb654188f4eeb39a714d834d4f31244f2ca4f19606f3fd2df9ee48477c302eb1af06eb5c171e66b8bd7520b03466

    • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\manifest.json
      Filesize

      763B

      MD5

      600d6e7973cbc4349bdcc7f5802f84eb

      SHA1

      913dc308e8f130776d0fef922514d29b40cdfcf2

      SHA256

      03ef642412c281ab2164d9337d55f8cd6f754b7363c22cbb0209e41cadf02d9f

      SHA512

      60c579fa1675ae4b6b1973742c090c38eae1f40651b44752b5cf24ede0654ff71aa078a0a9f5593013720d8b5f9322da417f262e3acca0e0db3f62cb6a01bddd

    • C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\QBSafe.dll
      Filesize

      368KB

      MD5

      cbad84f42aa44031511f8d1dff5297c9

      SHA1

      b7a1d30392fb29a0aef425e2afdfd6126ded4203

      SHA256

      4f06ecd993de1a299a52ba59388966bdad19c52c4e7c21564153be05c7381f28

      SHA512

      d471f4c0bb6f8b4a83f4f2c47866b7a3e342f3adbcd190b2d8cd4a6d16842fc9cf2da5d1a663c9135916f9ae48381b6ea77bb4bfe151c3e670baf266f638cd51

    • C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\manifest.json
      Filesize

      270B

      MD5

      052b4574459359dad6219da8f690243e

      SHA1

      776db69df5690415e566a65814d4df3cec5e838d

      SHA256

      bef816cf2b5611e343b490e31494168feda0e01d5abede3675c2678284445349

      SHA512

      1ef217e48cd7f46299a6796965e4f2e731bcc247a8dfe3c25e4344dc57fc46779e0ddbeb0b58b9b943934cafe4bc95c8e642e15d03f5fa125dab7830828441ab

    • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk
      Filesize

      2KB

      MD5

      c9b47b582c96867c1ad7b95878f230f6

      SHA1

      c9e95f3d2d8cfa59ed31b3218d0a1a6f38f00d14

      SHA256

      f7fb8c98b2322c1721c3b5a2c3942c9ff06c0d975d55131b3515329f0efcb4c3

      SHA512

      d15ca5bf9c2b01cfa68798ae8a343a5b651c31c19282df9cd2a7db457bd9d70c61e33c5de5c6351af15d41fe8b1981abb034425a3c8bdf04f7680c05f3417df8

    • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk~RFe58020e.TMP
      Filesize

      2KB

      MD5

      9527d545cb6a97c4138045f654b58ded

      SHA1

      88fecc86153ded60c92788b8f1d921449b1b0a7b

      SHA256

      bbf539bc785896792b3c4f60c67484dbbc9e77bc4358ed372226650bd5e65f09

      SHA512

      5bcde58c92cad502c3ef7441f9afd239c6ed0da80a91475debc9344e6116dd08c0f04dbe5da5a17365fb505b2648801e4c1f47386ee50e79384cd6e02ad419b0

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk
      Filesize

      2KB

      MD5

      9364a4c79a3be45be5bf4adf5b8d03a0

      SHA1

      0408b5f56f0643aef2b74af353c8fec6bd8d808b

      SHA256

      3b7cd1b768ff69202e51b718f4b2a77b3f58954e0a3702f958b1f2fbc3896632

      SHA512

      96a0e8ba403a588b7c1f9b458a7a556a732034c27b2be248448a76f7e4a4cb79108fac9daf47565e65b60b567f5c8abdb5cbf444ee8af62fa1fe3a89c46c4ed6

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk~RFe57ff20.TMP
      Filesize

      2KB

      MD5

      8364741c8d2db613988b0b7b2a2e7dd5

      SHA1

      1616cf4fc5a8327b2a0ab4a1bb994b4b312e2f29

      SHA256

      8829d4719507518885827faab574b25d622cbb883f571185bb6b8d3ca2d37ae2

      SHA512

      ad6f57cd06ecaf68189351a4f832b7bb60cd4bc7537d75376417853673b605240354129d7efead31b3803f3592b17317cfbfa8f5a92c4f41d9336c492890c341

    • C:\Users\Admin\Desktop\QQ浏览器.lnk
      Filesize

      2KB

      MD5

      61c8228d8f9a387dec09fdb23f67f180

      SHA1

      6f9644a40ee4e6a774f61cd5f18255995e865d57

      SHA256

      77478d9e531558c6b270a852a5bf30869195b1c1c66f1172677021e7e8faffe7

      SHA512

      3c8d26c99f01398226eedc0a857e89338be5084378ebe6493f6a8b5351752b537db3e2956cb4d3924ef47672ce69771e9346c8e82388a3889288f34a4a1e2e13

    • C:\Users\Admin\Desktop\QQ浏览器.lnk~RFe58027c.TMP
      Filesize

      2KB

      MD5

      18a1167aa445ce475fe6ce81a0af7296

      SHA1

      de4220523390fa1bf811cce8e82038a3d7eb6a3a

      SHA256

      39231dac9dbb825a4c99844e10b0d2e187c999e185dd646a9f69e89814f28358

      SHA512

      215a578fa6526fe86de68b8793577d09005b0d06ccee3c95210d39979bfbd92259341b1411a8ef39fdb66b0b9acd254aba7778fc91d70cb776b2154d6997eea9

    • memory/860-722-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/996-708-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/1204-729-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/1204-752-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/1204-746-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/1204-728-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/1204-730-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/1380-766-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/1380-760-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/1380-748-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/1380-741-0x000000006FFE0000-0x000000006FFF0000-memory.dmp
      Filesize

      64KB

    • memory/3216-338-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/3216-340-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/3216-339-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/3216-390-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/3500-1-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/3500-2-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/3500-744-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/3500-0-0x000000006FFF0000-0x0000000070000000-memory.dmp
      Filesize

      64KB

    • memory/3500-538-0x000000006FFE0000-0x000000006FFF0000-memory.dmp
      Filesize

      64KB

    • memory/4268-701-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB

    • memory/4584-535-0x0000000075A30000-0x0000000075C45000-memory.dmp
      Filesize

      2.1MB