Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 10:46
Static task
static1
Behavioral task
behavioral1
Sample
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe
-
Size
44.5MB
-
MD5
a0608ce5cd4af06a045bf5b21750f6f4
-
SHA1
4fa026e39e2398e26f10eebe9bfb8b86adeb21b5
-
SHA256
8a439272ef0ef203b12ab97ee534bdbb0e5d181a9b37c0a2ff8de2e324837528
-
SHA512
45cec17b70c88938dd67e919f0a18c1563625c99f237a8611a4ad279b904842ca2bccf091190e92031fcb1e224e2848fbf2f0262d2ef937b4d436d5cb8427f21
-
SSDEEP
786432:ODhquvbM1BKEJVpWjL9FZDWp1+jBpR5v4to/oqBsClkuH/si:eHKBK66jL9rS1mBiyKEV
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exedescription ioc process File created C:\Windows\system32\drivers\TsQBDrv.sys a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe -
Sets service image path in registry 2 TTPs 1 IoCs
Processes:
QQBrowser.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\TsQBDrv\ImagePath = "\\??\\C:\\Windows\\system32\\drivers\\TsQBDrv.sys" QQBrowser.exe -
Sets file execution options in registry 2 TTPs 2 IoCs
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe\DisableExceptionChainValidation = "0" a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
TsService.exeTsService.exea0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exedescription ioc process File opened for modification \??\PhysicalDrive0 TsService.exe File opened for modification \??\PhysicalDrive0 TsService.exe File opened for modification \??\PhysicalDrive0 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exeQQBrowser.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation QQBrowser.exe -
Drops file in System32 directory 4 IoCs
Processes:
TsService.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 TsService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE TsService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies TsService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 TsService.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exedescription ioc process File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\natives_blob_.bin a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Assistant.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PepperFlash\manifest.json a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.new a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\tsurllib.dat a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\navi.ico a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\PrScrn.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\qb\en-US.pak a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QRCode.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\resources.pak a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob.bin a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\manifest.json a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libEGL.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libGLESv2.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Tencent\QQBrowser\setup.log a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\compat.xml a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sys a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libexif.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\uninst.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PepperFlash\pepflashplayer.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QQBrowserLiveup.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\d3dcompiler_47.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\qb\zh-CN.pak a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\natives_blob.bin a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qbroker\qbroker64.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\ScreenDef a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\History a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\en-US.pak a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb_100_percent.pak a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\Downloader.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\uninst.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\video.ico a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\icudtl.dat a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\tssafeedit.dat a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QBDExtend.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\switch_core a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QBSafe.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\navi.ico a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_elf.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\nsis_skin.gt a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qqbrowser.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\app.ico a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe.new a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\i386\tsqbdrv.sys a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ExportFavHtml.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb_200_percent.pak a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PrScrn.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob_.bin a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\BugReport.exe a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\zh-CN.pak a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe File created C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe -
Drops file in Windows directory 2 IoCs
Processes:
QQBrowser.exedescription ioc process File created C:\Windows\Tasks\QQBrowser Updater Task.job QQBrowser.exe File created C:\Windows\Tasks\QQBrowser Updater Task(Core).job QQBrowser.exe -
Executes dropped EXE 8 IoCs
Processes:
QQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeTsService.exeTsService.exeQQBrowser.exepid process 3216 QQBrowser.exe 4584 QQBrowser.exe 996 QQBrowser.exe 4268 QQBrowser.exe 860 QQBrowser.exe 4484 TsService.exe 1204 TsService.exe 1380 QQBrowser.exe -
Loads dropped DLL 9 IoCs
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exeQQBrowser.exeQQBrowser.exeregsvr32.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exepid process 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe 3216 QQBrowser.exe 4584 QQBrowser.exe 2296 regsvr32.exe 996 QQBrowser.exe 4268 QQBrowser.exe 860 QQBrowser.exe 1380 QQBrowser.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 16 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeQQBrowser.exeTsService.exeQQBrowser.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 QQBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz QQBrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 QQBrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 QQBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz QQBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 QQBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz QQBrowser.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TsService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TsService.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 QQBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz QQBrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 QQBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz QQBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz QQBrowser.exe -
Modifies data under HKEY_USERS 8 IoCs
Processes:
TsService.exedescription ioc process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" TsService.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix TsService.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" TsService.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" TsService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ TsService.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" TsService.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" TsService.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" TsService.exe -
Modifies registry class 64 IoCs
Processes:
QQBrowser.exeregsvr32.exea0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exeQQBrowser.exeQQBrowser.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\ = "xhtmlfile" QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CLSID\ = "{A981255C-6123-4487-B21A-9CF468EB3FC7}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\PerceivedType = "text" QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\shtml\OpenWithProgids\ChromeHTML QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*" a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID\ = "WebpDecodeFilter.WebpImageDecodeFilter" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\UserChoice\Hash = "MRqnJxyt1mo=" QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\shtml\UserChoice\Hash = "evcNM68HiKk=" QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\ = "QQBrowser HTML Document" a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\ = "QQBrowser Protocol" QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID\ = "WEBPFilter.CoWEBPFilter.1" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\ = "htmlfile" QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\ = "QQBrowser.File" QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ = "WebpImageDecodeFilter Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID\ = "WebpDecodeFilter.WebpImageDecodeFilt.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithList\notepad.exe\ QQBrowser.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xht\UserChoice QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\UserChoice\Hash = "dctCQK95cmM=" QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\Content Type = "application/xhtml+xml" QQBrowser.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\progid\ftp QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\URL Protocol QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\AppUserModelID = "Tencent.QQBrowser.Default" QQBrowser.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithList\notepad.exe QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\OpenWithProgids\ChromeHTML QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mhtml\UserChoice\ProgId = "QQBrowser.File" QQBrowser.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\ = "htmlfile" QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\OpenWithProgIds\MSEdgeHTM QQBrowser.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mhtml\UserChoice QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\PersistentHandler QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\OpenWithProgIds\ChromeHTML QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\WebpDecodeFilter.DLL\AppID = "{A629F59C-66C9-4775-901A-A017530E3958}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\PersistentHandler\ = "{5645C8C1-E277-11CF-8FDA-00AA00A14F93}" QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\"" a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\9.3.7080.400\\webp" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\OpenWithProgIds\MSEdgeMHT QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\progid\https\Hash = "xsLOy1tlz4o=" QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CLSID\ = "{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}" regsvr32.exe Key created \REGISTRY\MACHINE\Software\Classes\Tencent.QQBrowser.Default\.exe QQBrowser.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithProgids\AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 = "0" QQBrowser.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\"" a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0" QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\shtml\ = "shtmlfile" QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\progid\ftp\UserChoice\ProgId = "QQBrowser.Protocol" QQBrowser.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0" QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithProgids\ChromeHTML QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\OpenWithProgIds\mhtmlfile QQBrowser.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithProgids QQBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\ = "QQBrowser.File" QQBrowser.exe -
Processes:
QQBrowser.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 QQBrowser.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a QQBrowser.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a QQBrowser.exe -
Suspicious behavior: EnumeratesProcesses 23 IoCs
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exeQQBrowser.exeTsService.exepid process 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe 860 QQBrowser.exe 860 QQBrowser.exe 860 QQBrowser.exe 860 QQBrowser.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe 1204 TsService.exe -
Suspicious behavior: LoadsDriver 1 IoCs
Processes:
pid process 660 -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
QQBrowser.exepid process 1380 QQBrowser.exe -
Suspicious use of WriteProcessMemory 24 IoCs
Processes:
a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exeQQBrowser.exedescription pid process target process PID 3500 wrote to memory of 2296 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe regsvr32.exe PID 3500 wrote to memory of 2296 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe regsvr32.exe PID 3500 wrote to memory of 2296 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe regsvr32.exe PID 3500 wrote to memory of 3216 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 3216 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 3216 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 4584 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 4584 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 4584 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 996 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 996 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 996 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 4268 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 4268 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 4268 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 860 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 860 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 860 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 860 wrote to memory of 4484 860 QQBrowser.exe TsService.exe PID 860 wrote to memory of 4484 860 QQBrowser.exe TsService.exe PID 860 wrote to memory of 4484 860 QQBrowser.exe TsService.exe PID 3500 wrote to memory of 1380 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 1380 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe PID 3500 wrote to memory of 1380 3500 a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe QQBrowser.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Sets file execution options in registry
- Writes to the Master Boot Record (MBR)
- Checks computer location settings
- Drops file in Program Files directory
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll"2⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-crx="C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx"; --overwrite-extension2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
-
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-browser --silent2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
-
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-scheduletask2⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
-
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-driver2⤵
- Sets service image path in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
-
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-service2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe"C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe" -installandrun3⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
-
C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -make-default-browser --silent2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:81⤵
-
C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe"C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dllFilesize
4.0MB
MD5a912a3a846b7f5a480a8e9d91382cd35
SHA1f53b3631eced69da79fce1508974d49511666a3a
SHA256ab3b482cf7f146595153b8b3b4be2820f06825e71128bb42c5f1fcbaa4b787f8
SHA512c26e6c8054f1921391c428553edae24bfd1afea7eaf2c0dae699997165edb4b821fd0e45075c8524c838e5da5b36b7dd9a1744053a66a72b952bdab072ed4231
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrxFilesize
195KB
MD5bc35dd8db0134a9a4d72b6b641d4c3d2
SHA1daa4adcbbe450edd3feeddde617a99ceef7abe01
SHA25669652a0d072eeab53df690c901672741ac47e5177b3db097be60946ebb19706f
SHA512b65b7432ba08a1e39052a1b58d4a4cddf212012dd2877a65118baeba527134bca4305600af86dc35a4679a263444cce5f7f77dfaa48445cf78f131ae8e0f0fd7
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PrScrn.dllFilesize
911KB
MD55b32ab8b61c19ba40d1cb93ab3c31917
SHA1d05f572399d4ba0606db705207656cbe549a9f68
SHA256e64d6ac64cfb1dcc2cf062bd2fa4cef1e01f6f9ef5d7534f8e95e195a48dca50
SHA512f5b07ee841043a9c7100e206cfeb57dd316bdfc5f1fcbeb9dece1e2badf6d59b27fde7353096e2a8cc159df7ff156d09a625659513694a87cb701b869816c0cb
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome.dllFilesize
30.7MB
MD5e72fe85d406843af9cff53044291bb14
SHA15512971045d88dfed1673016cbbb332821441653
SHA25640dc8b1bd35a6f78f800f8d8fe3ce3fd40c6dd98d38a10628277d4870f757f51
SHA512a2209d4f1841d026a7e7b828b87e0aecbb32324cbe80ed0cd00151651a8809aa7bacde0d02f4fff01e9c57c2a61050ad31cdf15ec93eaeaeb56add257c568b91
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dllFilesize
36.4MB
MD5c6876f0faad1989ee8406b6b6edba00b
SHA181400b8735881643f7002fe19d816c726a28dbf0
SHA2564b6466df99d4709513bfb7cc9e1a0419606f4d0b34ce35f502beffb1ec21c889
SHA512540c0051807024cd5ccfed6521649950d7c4793c70998ac5c4ad51f6b89fd74333f23c7342e09e3ae8ab3c66b36ed11be32e1ba1266c09bb82090078dc897e1d
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\TsQBDrvDll.dllFilesize
107KB
MD5fa8c9e95d8131746021981204bb24c03
SHA19376312d76750816597d92c8b36e57d41937bff5
SHA25644353e1a7e8aaa564e53daa0285c5784b4707636c34da28e0c8d8a219279b529
SHA512e0d2ee6cd34bcce44c30cae9fdda9ef962179449fb68a12a49caed92c97a7ea075517bbc2d91ddf81121bbed08e1e614adc67e0ae925923261eadf8d8907888c
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sysFilesize
87KB
MD5b532e6c5bd4ed4932cf4eee3723d01d5
SHA1475f5f098ed9df549d59185faa33c91f0c351fb0
SHA2568b7cd3bb7c7c57dfe35a4f01a7007198439b6dc81a3b081e77e675fb53cd7c86
SHA51234da35d6798a59ba2d0dd0b8e42aff25012f18102a5bbda77ac67cd75de3ea50dd98d75d2713ae6ad35b4985f34d2274bad40b2583e6fb20aede0534d1941e9d
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crxFilesize
953KB
MD58fa18bac4d634e866db77b20567cfb94
SHA176b7a7fef39133eb9b7c1c7291308c2411e143c2
SHA256ef8176f0291a9568142503f70bb27dbd44a0c887218b5cbc2f79f1ad8add2eaf
SHA512facfa6dd453ca9bdbaf71db46977474fc581e18e5268c08c9d5eaca319e4e56b1ffa1713244da342b2d894d20a1ea44415ce0ca1d2cd7b72b54cb788134153a0
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb.exeFilesize
371KB
MD532cebf22bf1b0a89b4e81b917e5c7683
SHA16f05de39211a271a31b07d9fea8f3874b20c3e7d
SHA25646fd7ef6d1c2c4e82d4df3218b55dae2e6ca2cdd04bdc009d19f38dd6337b54e
SHA5128a846fbf8b552bc8db72a435a7a32f3563d1cba3e1799969e049c521f1e073b69c87a3135ae9349777f32d2ac10c5999285645ce68fe3705768c0aa80299145f
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qqbrowser.exeFilesize
681KB
MD55725b85d3ba9e4f59bbad8cf47c023df
SHA1471e9b2e6bfa5407f7feb128841b19068d5130fa
SHA2564a589d4fd00050d4876a93b2c3fa4c8d20f8f04e8a6f44ecd3c5bde5a2c950b4
SHA5128337c3cfbff7109e640b18cc03cafec8d2460d44d731daa9a1b2db49b83d0429073d7d0d1b0ab95014df9253f24a026a2a712d590ba180de4d1f4c1e7c9e631f
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.newFilesize
979KB
MD5cdacc4c6291e558d3a8f2da158e9c3c5
SHA182a70615b901cdc0f8e75888c741875da4855bee
SHA2569eeee667becc54cc67c2f96631e4abe88e582795a5a361c327e67b5ad665bf0a
SHA51272b1700b55009b20491a831ad6fba059ab07da95fc7078b1618590a82d483c24d42595a6bc061144267b4ca6406fdd81f857d8434ecb41220bca4eb6771fe9cd
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\uninst.exeFilesize
328KB
MD56692f41cd02e839a491996b43a312d5f
SHA1ba746167cb1a67b6e77aaedcbb5a29b225113ff7
SHA256223e5b801f347022d9aa42010a36961e10e7440ed99d7712661841e64e2323ed
SHA51221bde796bfdf8e6df91290631f9ee7d63b37f179fe24a11178475cccf89d1d9604a8515afc7825757cfb8bec3f0607508d30efc4dd2f0936599306e39108cfbd
-
C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dllFilesize
185KB
MD56f069180da502b676d0b5c3cb0f5d09d
SHA15e8219473af1347a2a7c756fa5641d1f57f7262c
SHA256cf3232a4e7fee0279ee7b6a6086393282cb7ec9ed3088832777336bcac380bd0
SHA51207a8e8e84b9954b5e6241bdb42d7cacd6101c9b1a0b9dfd505b2e2dd80b234132d59bd8841bbf0ae003cefb19fccb0f4978dd4c269751a974841c2ebfd1216f3
-
C:\Program Files (x86)\Tencent\QQBrowser\navi.icoFilesize
101KB
MD59a20e850981bb21d880808137f3eb010
SHA187f8b703f49aa85d4e09e0ec622cc474bf6d1659
SHA2562066385679089ac2483795e73a4e492b5d875232bc971bb22f0951866b56de00
SHA512570179ae9859ecc49096f10a42b22e66909126afbdccfa0112a76db11abfa2654ed6b500e8ce21a465f404d03c76122ebfda11d78f6f5acafda6194ce233b946
-
C:\Users\Admin\AppData\Local\Temp\12aue57ec73\QBInstaller.dllFilesize
847KB
MD510682bc530feb4b73955233e5fb1acd3
SHA13aca6f9337af75f4e57e12e088deaf34b85282bf
SHA256950d2a8194c71fa5cf629499c2a53ddcc981546a0aad4e73e301b37c31f4fc35
SHA5126663a0c0faa306df1a3810846e629a8f58d46a45eb51fb3faf9c21a9e2bfdf505946d266b6c4e303562e886be70ab5dc26785ddd0218b38ddab5b469c7ec875f
-
C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\BugReport.exeFilesize
435KB
MD55eab02dbe532a55e0b8917c56ce2e362
SHA1091cc3a7c45a4ac0b884154b780442b0460e7ca8
SHA2565be5f2f1d16d1473e9c096f4063ff01797a80e6f533b258c96a373584584eafd
SHA5128fef3a03fd755c59005962a1461c43da63543ed474602f48b8458a9cf9fbd1a36b36a947dac71330844faf5d0e0235bcb379a44bdd8fa4f70cd2bfd167b965bd
-
C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\F1Assistant.dllFilesize
2.6MB
MD563f70e1c2aa0b6cf8767806e92a6e048
SHA122e48e4e64fa386bb728f43bcd3d9b4210e63516
SHA256aac837c6189cba6a77d0e6902786c70761d112f97d9c367412cc22b0fad94011
SHA512d0eed6608ef9f6ca4c58d6f657f9edc554cada84efa283cc0ccff00a1a493a060092a91328a01a8c75bace977f60c0a7f842631ec1f846e3a59b3495cd25c9bb
-
C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\QQBrowserLiveup.exeFilesize
762KB
MD5615878bb4b3e98caf6b3e25c199573fb
SHA1d88bb05e57ec805c3837ca2bec4b238a0d92847b
SHA256fa2212f08b4232252024cb3430fd82373cb1f8a95b3f0eb1133714125ded367f
SHA5123fc479974026001090efd2498066636a4fff9200f0210af4c9bbde82e8d3ed2a61db14ba187f7c21214106a6d9c8fd623521c14e73d38bb6a5edff529cd6227a
-
C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\natives_blob.binFilesize
429KB
MD5d0645f36f5d0fdf9e8502908cb7096aa
SHA1d2442b26c40e45a00c1c3f5a88e9798606aad71e
SHA256bb6a54a7414519312130fc364128d9464c3d0763e42b018ed29db22a2e389dd8
SHA51273d14a588d9fed22e6109a0043cdb1cb75c665ac802555e8903679274e505d36d5d1e3e032e890311c88053a30029ce76eefd97b09211faaad6834fafb677e98
-
C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\snapshot_blob.binFilesize
502KB
MD5af2242ad79aae7cd9922d4e6f634f5fb
SHA112be71aea2a9c043d01e87bf8fc52d02f3c8ec3c
SHA256e2712545a56e648005f0945579472a6ac8ea14959503e9199cf1ee0e7fabdede
SHA512f17bce35378071c85bc0b986c22e2f606307603ea8f6b0c313632e84be931cd0aa5ec764b9c9a2c4021ff0b0a97628c210f30cadd0970d7d358bb56d69728f3c
-
C:\Users\Admin\AppData\Local\Temp\FC73.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnkFilesize
2KB
MD5b4ae37e88d051616413ff908850dab63
SHA18f046b2e2c6adbd5d9d7fe03754ba4e77c0871e7
SHA2566653ce03af23c22197e4433a818c728f4eb30565a171527d0d80fb47df49460c
SHA5122adc207db3f1ff24dcd86ce224f4ba2bb02bc77e43fe8607204ef0ceebf43cbdef67dfb86a493a301404366bcf4831104b5f8e1895ebb2189cb63dcf461a18a4
-
C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnkFilesize
2KB
MD57d87276fba417049b294c8c17e0586ba
SHA1b35d54a9a5068092bac68662d3c9054f73e0497b
SHA25602a32cf60d625ded86483410023ef8c358e1209841e5742ad9c0427c09c8d75a
SHA5120b35e1c5cf90bb6baadff4728147d83a4d3749436e5279af6d2aeedc4c5560edefc0950d94b9ed382488995638b01162ea885cf1eb5b31aae3f39cf0105db0ac
-
C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk~RFe57ff7e.TMPFilesize
2KB
MD58da392c07513d57fb0f6104a376e3dd8
SHA15faf9d99cdb29f7a7a000a146358e9454ee9232c
SHA256c9aac45a2877f6b59665be956a054471f70b7f7812147aeab2852ce36a686bfd
SHA5126f265502527a5b6a86bd568751330819cf7b2046b7393dcae2439ad99721921195f400403d61a0baa9460f22cac29bc1a78691305dbb99443d64ed3a421bf1a6
-
C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk~RFe58020e.TMPFilesize
2KB
MD5240aeecadac15e6247581763c8bfc78b
SHA18d379d7ccc1e3abb31145fdff1ac5819d9e3ce05
SHA2568bd63ea1cda6b98f18cf1f6dd5f5410fdaeda28882bffa3916dc2559377abcfa
SHA5126554466210efbdce0bda6d94334e04aac7b41d6ec93a1f776769b4f63a9d41a2be375f72e87ac94f6f0756b39c865aa97cbe41c852ad96699114167336855463
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_12363\video_box.crxFilesize
65KB
MD56ec058cbe9a865cb8fc39697803771b4
SHA1e93439676848e04a6bd3987e605d08f15617fd5c
SHA2561afba1d1746e2fb3ea0bc8ec06f78cd468085f747054944b7613787328a6213d
SHA5128ed5a4a847356195611b9dfa438eed0099f28f511e9eef1734707f86ceec4c6350ff8199a63c9aa9092b8fb0761b3e5d2518143937b4d3d9b6666a67ffbcfe7c
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\background.htmlFilesize
91B
MD5e47a0afeb88b3a08052ca652dc371b7b
SHA1bf54c142aeea010f509e777a2b2b5ac6dd363a73
SHA256f97b49e5ef5b501158639553054da4bc1b4e1489914f6b15b27a4aac440959b0
SHA5126c6fb2541daef529089d9161d4a9b91e0c27181d572448b4a023f5cefbd1233f58a632151872450301b129927c4f223b0eaaae7fcc45210fa245ffbc3e480056
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\background.jsFilesize
91KB
MD5d503e0f5c5212c4fa41f6f449ca6a431
SHA1dd858ee3273cbbb76a7a6c004d94c6ec093e2d21
SHA2561648061fecea0109745e76356c483f4bd6ed4bab5dd91bc1577c922e2e66ec24
SHA512827d061b354b6af1856ee933e45fbd2ce9a13a32c162aa889c02aaf7cb9cd7686b30d31676d0b091c5dcf63c970be47038ebc1d95b7f4a16fae50cb54cf67a16
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\manifest.jsonFilesize
775B
MD5f89a7d8de54e0d2bcb8e51949ebffb7f
SHA1271b636640cdcaffb568f8b0a0a5ef48e30108f5
SHA256fd2183fd4500ff8e7c21e71355dbdf4b25825b5924da463a4cb3bc2b66950ab4
SHA512074c3d1407246f8114374d5c9a9aee9e9a2d96de6dae52c4cde987f615012896e07fec77e35eccbe21c8143fb8b41703fb0fada9838a92f57c630e71013725f6
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\s5-iframe.jsFilesize
1KB
MD5f18e722574afa2aa1ab3f40038cda1ee
SHA1cf0a5e1b4d65ecb4c8c8f0a2b462934e92761057
SHA2568973611a1b1139b0cdd56d3063ae097fb3650486459443c7d7fb92c3ff5b47da
SHA512c77cdd1a18ae8ca6c0bc786624e84d476590a2851fc9795a35e12000417d9a972d647ba1cadfc198fc3816461834093c4054548c82d676e8755971ae8012cc3e
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\commenExtension.crxFilesize
23KB
MD5ef2e23b5d3a7afcdc15f096454aff823
SHA11c5f567c2e37107c35f48dd3bc0e1b5ab6d5703f
SHA2565fcb04f2c7eddfd26094c7e2ecdf4fdcf534ee534ee7419ded4a9980b7417920
SHA51242fa87061ecdbfb3967c0594d2510d7b84dbbad46120b17e7b90cf2a4766d9aa11ab7edc4caa400156e5067ec711543287df992d221bd1f605df7586e8a19d37
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_22484\QBFixerPlugin.crxFilesize
352KB
MD53cd510e82067a5aa6fbd5bc9cc90e941
SHA1a5e0d0a0bd646d397e73b96a9fc7c85384492d20
SHA256d8cffdca848ebdd79e5d12128363e31c7a8982c4a97c3239c0a114aeac28533d
SHA5120050c668347c10c2344bd3f61c1b9ce5559f24b9b7ad1ddda63063428296ca818599de2fe48812a442c2916cccb0120b606b31c3f302ba3cad03e09f4c70a26d
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\NetService.dllFilesize
1.4MB
MD556a16e60343ecb6b3f41e8fa8141453b
SHA1b924cb860c664b0159a6b3623951ed6af697b35a
SHA256db7203efd83d0f4a3e30b4395c3f0767d88b354453732cff7d49bd84723d77c2
SHA512dc10c17d20bfb5edb4e951778d2cae7835134fd6c06bdcccdd1cc82dfed6f494bc40087894f1df91dbaf39316a4bba3f6fbf0c795060aeab9254735ce3921b87
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\QQPCDetector.dllFilesize
565KB
MD559cab61b1351cbea3ffeeba2e823a657
SHA1173521dee8ee034007aecf618218602ae70d7cf6
SHA2564f5a5d9f012f5e5a8a814fe47542d0e533a530fbf319bee8b737d02414a37b04
SHA5123c0d694481a153d158690225f648f592284eeb654188f4eeb39a714d834d4f31244f2ca4f19606f3fd2df9ee48477c302eb1af06eb5c171e66b8bd7520b03466
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\manifest.jsonFilesize
763B
MD5600d6e7973cbc4349bdcc7f5802f84eb
SHA1913dc308e8f130776d0fef922514d29b40cdfcf2
SHA25603ef642412c281ab2164d9337d55f8cd6f754b7363c22cbb0209e41cadf02d9f
SHA51260c579fa1675ae4b6b1973742c090c38eae1f40651b44752b5cf24ede0654ff71aa078a0a9f5593013720d8b5f9322da417f262e3acca0e0db3f62cb6a01bddd
-
C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\QBSafe.dllFilesize
368KB
MD5cbad84f42aa44031511f8d1dff5297c9
SHA1b7a1d30392fb29a0aef425e2afdfd6126ded4203
SHA2564f06ecd993de1a299a52ba59388966bdad19c52c4e7c21564153be05c7381f28
SHA512d471f4c0bb6f8b4a83f4f2c47866b7a3e342f3adbcd190b2d8cd4a6d16842fc9cf2da5d1a663c9135916f9ae48381b6ea77bb4bfe151c3e670baf266f638cd51
-
C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\manifest.jsonFilesize
270B
MD5052b4574459359dad6219da8f690243e
SHA1776db69df5690415e566a65814d4df3cec5e838d
SHA256bef816cf2b5611e343b490e31494168feda0e01d5abede3675c2678284445349
SHA5121ef217e48cd7f46299a6796965e4f2e731bcc247a8dfe3c25e4344dc57fc46779e0ddbeb0b58b9b943934cafe4bc95c8e642e15d03f5fa125dab7830828441ab
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnkFilesize
2KB
MD5c9b47b582c96867c1ad7b95878f230f6
SHA1c9e95f3d2d8cfa59ed31b3218d0a1a6f38f00d14
SHA256f7fb8c98b2322c1721c3b5a2c3942c9ff06c0d975d55131b3515329f0efcb4c3
SHA512d15ca5bf9c2b01cfa68798ae8a343a5b651c31c19282df9cd2a7db457bd9d70c61e33c5de5c6351af15d41fe8b1981abb034425a3c8bdf04f7680c05f3417df8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk~RFe58020e.TMPFilesize
2KB
MD59527d545cb6a97c4138045f654b58ded
SHA188fecc86153ded60c92788b8f1d921449b1b0a7b
SHA256bbf539bc785896792b3c4f60c67484dbbc9e77bc4358ed372226650bd5e65f09
SHA5125bcde58c92cad502c3ef7441f9afd239c6ed0da80a91475debc9344e6116dd08c0f04dbe5da5a17365fb505b2648801e4c1f47386ee50e79384cd6e02ad419b0
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnkFilesize
2KB
MD59364a4c79a3be45be5bf4adf5b8d03a0
SHA10408b5f56f0643aef2b74af353c8fec6bd8d808b
SHA2563b7cd1b768ff69202e51b718f4b2a77b3f58954e0a3702f958b1f2fbc3896632
SHA51296a0e8ba403a588b7c1f9b458a7a556a732034c27b2be248448a76f7e4a4cb79108fac9daf47565e65b60b567f5c8abdb5cbf444ee8af62fa1fe3a89c46c4ed6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk~RFe57ff20.TMPFilesize
2KB
MD58364741c8d2db613988b0b7b2a2e7dd5
SHA11616cf4fc5a8327b2a0ab4a1bb994b4b312e2f29
SHA2568829d4719507518885827faab574b25d622cbb883f571185bb6b8d3ca2d37ae2
SHA512ad6f57cd06ecaf68189351a4f832b7bb60cd4bc7537d75376417853673b605240354129d7efead31b3803f3592b17317cfbfa8f5a92c4f41d9336c492890c341
-
C:\Users\Admin\Desktop\QQ浏览器.lnkFilesize
2KB
MD561c8228d8f9a387dec09fdb23f67f180
SHA16f9644a40ee4e6a774f61cd5f18255995e865d57
SHA25677478d9e531558c6b270a852a5bf30869195b1c1c66f1172677021e7e8faffe7
SHA5123c8d26c99f01398226eedc0a857e89338be5084378ebe6493f6a8b5351752b537db3e2956cb4d3924ef47672ce69771e9346c8e82388a3889288f34a4a1e2e13
-
C:\Users\Admin\Desktop\QQ浏览器.lnk~RFe58027c.TMPFilesize
2KB
MD518a1167aa445ce475fe6ce81a0af7296
SHA1de4220523390fa1bf811cce8e82038a3d7eb6a3a
SHA25639231dac9dbb825a4c99844e10b0d2e187c999e185dd646a9f69e89814f28358
SHA512215a578fa6526fe86de68b8793577d09005b0d06ccee3c95210d39979bfbd92259341b1411a8ef39fdb66b0b9acd254aba7778fc91d70cb776b2154d6997eea9
-
memory/860-722-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/996-708-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/1204-729-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/1204-752-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/1204-746-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/1204-728-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/1204-730-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/1380-766-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/1380-760-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/1380-748-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/1380-741-0x000000006FFE0000-0x000000006FFF0000-memory.dmpFilesize
64KB
-
memory/3216-338-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/3216-340-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/3216-339-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/3216-390-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/3500-1-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/3500-2-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/3500-744-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/3500-0-0x000000006FFF0000-0x0000000070000000-memory.dmpFilesize
64KB
-
memory/3500-538-0x000000006FFE0000-0x000000006FFF0000-memory.dmpFilesize
64KB
-
memory/4268-701-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB
-
memory/4584-535-0x0000000075A30000-0x0000000075C45000-memory.dmpFilesize
2.1MB