Malware Analysis Report

2024-09-23 12:04

Sample ID 240612-mt72wa1gqh
Target a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118
SHA256 8a439272ef0ef203b12ab97ee534bdbb0e5d181a9b37c0a2ff8de2e324837528
Tags
bootkit discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8a439272ef0ef203b12ab97ee534bdbb0e5d181a9b37c0a2ff8de2e324837528

Threat Level: Likely malicious

The file a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery persistence

Drops file in Drivers directory

Sets service image path in registry

Sets file execution options in registry

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Checks computer location settings

Drops file in Windows directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: LoadsDriver

Modifies system certificate store

Modifies data under HKEY_USERS

Checks processor information in registry

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:46

Reported

2024-06-12 10:49

Platform

win7-20231129-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\TsQBDrv.sys C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TsQBDrv\ImagePath = "\\??\\C:\\Windows\\system32\\drivers\\TsQBDrv.sys" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe\DisableExceptionChainValidation = "0" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_50D51644471C9172D5F1E80FE0CC310E C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_50D51644471C9172D5F1E80FE0CC310E C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libexif.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PrScrn.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\tsurllib.dat C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_elf.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob_.bin C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\Downloader.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\navi.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\QQBrowserConfig.dat C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\TsQBDrvDll.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\qb\en-US.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QRCode.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\video.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\manifest.json C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\app.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe.new C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\nsis_skin.gt C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\compat.xml C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\natives_blob.bin C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PepperFlash\manifest.json C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PepperFlash\pepflashplayer.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb_100_percent.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\navi.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QBSafe.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\icudtl.dat C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qbroker\qbroker.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QQBrowserLiveup.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\uninst.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\PrScrn.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sys C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libEGL.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\qb\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\i386\tsqbdrv.sys C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\resources.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.new C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\switch_core C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\1.47.163.400.manifest C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qbroker\qbroker64.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\uninst.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\BugReport.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ExportFavHtml.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\History C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qqbrowser.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QBDExtend.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob.bin C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\driver\TsQBDrvDll.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\QQBrowser Updater Task(Core).job C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
File created C:\Windows\Tasks\QQBrowser Updater Task.job C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-41-54-19-fa-1c\WpadDecision = "0" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FC485B8B-F168-49B2-94FA-9609D2448111}\WpadDecisionTime = 703b02dbb5bcda01 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-41-54-19-fa-1c\WpadDecisionTime = b0d989fcb5bcda01 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FC485B8B-F168-49B2-94FA-9609D2448111} C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-41-54-19-fa-1c\WpadDecisionTime = 306ddad4b5bcda01 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000004000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-41-54-19-fa-1c\WpadDecisionTime = 703b02dbb5bcda01 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-41-54-19-fa-1c\WpadDetectedUrl C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FC485B8B-F168-49B2-94FA-9609D2448111}\WpadDecisionTime = 306ddad4b5bcda01 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FC485B8B-F168-49B2-94FA-9609D2448111}\WpadDecision = "0" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-41-54-19-fa-1c\WpadDecisionReason = "1" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000005000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\xht\OpenWithProgIds\xhtmlfile C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\UserChoice\Hash = "MRqnJxyt1mo=" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithProgIds\mhtmlfile C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mhtml\Content Type = "message/rfc822" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\html\OpenWithProgIds C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\shtml C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\ = "open" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\ = "open" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\ = "webpdecodefilter 1.0 Type Library" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Microsoft Excel\shell\edit C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\shtml\ = "shtmlfile" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\ = "WEBPFilter CoWEBPFilter" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/webp\Image Filter CLSID = "{A981255C-6123-4487-B21A-9CF468EB3FC7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Excel.exe\shell\edit\ = "&Open" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\Microsoft Excel C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\xht C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ = "IWebpImageDecodeFilter" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\html\ = "htmlfile" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\ftp\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Microsoft Word\shell\edit\command C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\UserChoice\ProgId = "QQBrowser.File" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Excel.exe\shell\edit\command C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\progid\https\UserChoice\ProgId = "QQBrowser.Protocol" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mhtml\ = "QQBrowser.File" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\ = "QQBrowser HTML Document" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilt.1\ = "WebpImageDecodeFilter Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\ = "WebpImageDecodeFilter Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ = "IWebpImageDecodeFilter" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\MSPub.exe\shell C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\run\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter.1\ = "WEBPFilter CoWEBPFilter" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\progid\https C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\http\shell C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\PersistentHandler\ = "{eec97550-47a9-11cf-b952-00aa0051fe20}" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\WinWord.exe\shell C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID\ = "WEBPFilter.CoWEBPFilter.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mht\OpenWithList\Microsoft Word\shell\edit C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\file\mhtml C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\Software\Tencent\QQBrowser\progid\http\Hash = "2Wt0kbHDnFk=" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2152 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2152 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2152 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2152 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2152 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2152 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2152 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2152 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2988 wrote to memory of 1740 N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
PID 2988 wrote to memory of 1740 N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
PID 2988 wrote to memory of 1740 N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
PID 2988 wrote to memory of 1740 N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
PID 2152 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 2152 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll"

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-browser --silent

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-crx="C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx"; --overwrite-extension

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-scheduletask

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-driver

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-service

C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe

"C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe" -installandrun

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -make-default-browser --silent

C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe

"C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 sf.symcd.com udp
US 152.199.19.74:80 sf.symcd.com tcp
US 8.8.8.8:53 qbwup.imtt.qq.com udp
US 8.8.8.8:53 wup.imtt.qq.com udp
US 8.8.8.8:53 qbwup.imtt.qq.com udp
CN 183.47.126.106:80 qbwup.imtt.qq.com tcp
HK 43.154.240.161:8080 wup.imtt.qq.com tcp
CN 183.47.126.106:80 qbwup.imtt.qq.com tcp
HK 43.154.240.161:8080 wup.imtt.qq.com tcp
HK 43.154.240.161:8080 wup.imtt.qq.com tcp
US 8.8.8.8:53 qbwup.html5.qq.com udp
CN 14.22.9.100:80 qbwup.html5.qq.com tcp
US 8.8.8.8:53 qbwupacc.imtt.qq.com udp
CN 14.22.9.100:80 qbwup.html5.qq.com tcp
HK 43.154.240.161:8080 wup.imtt.qq.com tcp
CN 14.22.9.100:80 qbwup.html5.qq.com tcp
CN 183.47.104.158:80 qbwup.html5.qq.com tcp
CN 183.47.104.158:80 qbwup.html5.qq.com tcp
CN 183.47.104.158:80 qbwup.html5.qq.com tcp
CN 183.47.126.106:80 qbwup.html5.qq.com tcp
HK 43.154.240.161:8080 wup.imtt.qq.com tcp
CN 183.47.126.106:80 qbwup.html5.qq.com tcp

Files

memory/2152-2-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2152-1-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2152-0-0x000000006FFF0000-0x0000000070000000-memory.dmp

\Users\Admin\AppData\Local\Temp\12auf7611cc\QBInstaller.dll

MD5 10682bc530feb4b73955233e5fb1acd3
SHA1 3aca6f9337af75f4e57e12e088deaf34b85282bf
SHA256 950d2a8194c71fa5cf629499c2a53ddcc981546a0aad4e73e301b37c31f4fc35
SHA512 6663a0c0faa306df1a3810846e629a8f58d46a45eb51fb3faf9c21a9e2bfdf505946d266b6c4e303562e886be70ab5dc26785ddd0218b38ddab5b469c7ec875f

\Users\Admin\AppData\Local\Temp\Tencent\QQBrowser\F1Assistant.dll

MD5 63f70e1c2aa0b6cf8767806e92a6e048
SHA1 22e48e4e64fa386bb728f43bcd3d9b4210e63516
SHA256 aac837c6189cba6a77d0e6902786c70761d112f97d9c367412cc22b0fad94011
SHA512 d0eed6608ef9f6ca4c58d6f657f9edc554cada84efa283cc0ccff00a1a493a060092a91328a01a8c75bace977f60c0a7f842631ec1f846e3a59b3495cd25c9bb

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\BugReport.exe

MD5 5eab02dbe532a55e0b8917c56ce2e362
SHA1 091cc3a7c45a4ac0b884154b780442b0460e7ca8
SHA256 5be5f2f1d16d1473e9c096f4063ff01797a80e6f533b258c96a373584584eafd
SHA512 8fef3a03fd755c59005962a1461c43da63543ed474602f48b8458a9cf9fbd1a36b36a947dac71330844faf5d0e0235bcb379a44bdd8fa4f70cd2bfd167b965bd

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\natives_blob_.bin

MD5 d0645f36f5d0fdf9e8502908cb7096aa
SHA1 d2442b26c40e45a00c1c3f5a88e9798606aad71e
SHA256 bb6a54a7414519312130fc364128d9464c3d0763e42b018ed29db22a2e389dd8
SHA512 73d14a588d9fed22e6109a0043cdb1cb75c665ac802555e8903679274e505d36d5d1e3e032e890311c88053a30029ce76eefd97b09211faaad6834fafb677e98

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob_.bin

MD5 af2242ad79aae7cd9922d4e6f634f5fb
SHA1 12be71aea2a9c043d01e87bf8fc52d02f3c8ec3c
SHA256 e2712545a56e648005f0945579472a6ac8ea14959503e9199cf1ee0e7fabdede
SHA512 f17bce35378071c85bc0b986c22e2f606307603ea8f6b0c313632e84be931cd0aa5ec764b9c9a2c4021ff0b0a97628c210f30cadd0970d7d358bb56d69728f3c

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

MD5 32cebf22bf1b0a89b4e81b917e5c7683
SHA1 6f05de39211a271a31b07d9fea8f3874b20c3e7d
SHA256 46fd7ef6d1c2c4e82d4df3218b55dae2e6ca2cdd04bdc009d19f38dd6337b54e
SHA512 8a846fbf8b552bc8db72a435a7a32f3563d1cba3e1799969e049c521f1e073b69c87a3135ae9349777f32d2ac10c5999285645ce68fe3705768c0aa80299145f

C:\Program Files (x86)\Tencent\QQBrowser\uninst.exe

MD5 6692f41cd02e839a491996b43a312d5f
SHA1 ba746167cb1a67b6e77aaedcbb5a29b225113ff7
SHA256 223e5b801f347022d9aa42010a36961e10e7440ed99d7712661841e64e2323ed
SHA512 21bde796bfdf8e6df91290631f9ee7d63b37f179fe24a11178475cccf89d1d9604a8515afc7825757cfb8bec3f0607508d30efc4dd2f0936599306e39108cfbd

C:\Program Files (x86)\Tencent\QQBrowser\navi.ico

MD5 9a20e850981bb21d880808137f3eb010
SHA1 87f8b703f49aa85d4e09e0ec622cc474bf6d1659
SHA256 2066385679089ac2483795e73a4e492b5d875232bc971bb22f0951866b56de00
SHA512 570179ae9859ecc49096f10a42b22e66909126afbdccfa0112a76db11abfa2654ed6b500e8ce21a465f404d03c76122ebfda11d78f6f5acafda6194ce233b946

C:\Program Files (x86)\Tencent\QQBrowser\PrScrn.dll

MD5 5b32ab8b61c19ba40d1cb93ab3c31917
SHA1 d05f572399d4ba0606db705207656cbe549a9f68
SHA256 e64d6ac64cfb1dcc2cf062bd2fa4cef1e01f6f9ef5d7534f8e95e195a48dca50
SHA512 f5b07ee841043a9c7100e206cfeb57dd316bdfc5f1fcbeb9dece1e2badf6d59b27fde7353096e2a8cc159df7ff156d09a625659513694a87cb701b869816c0cb

C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe

MD5 615878bb4b3e98caf6b3e25c199573fb
SHA1 d88bb05e57ec805c3837ca2bec4b238a0d92847b
SHA256 fa2212f08b4232252024cb3430fd82373cb1f8a95b3f0eb1133714125ded367f
SHA512 3fc479974026001090efd2498066636a4fff9200f0210af4c9bbde82e8d3ed2a61db14ba187f7c21214106a6d9c8fd623521c14e73d38bb6a5edff529cd6227a

memory/600-260-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/600-259-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/600-258-0x000000006FFF0000-0x0000000070000000-memory.dmp

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx

MD5 bc35dd8db0134a9a4d72b6b641d4c3d2
SHA1 daa4adcbbe450edd3feeddde617a99ceef7abe01
SHA256 69652a0d072eeab53df690c901672741ac47e5177b3db097be60946ebb19706f
SHA512 b65b7432ba08a1e39052a1b58d4a4cddf212012dd2877a65118baeba527134bca4305600af86dc35a4679a263444cce5f7f77dfaa48445cf78f131ae8e0f0fd7

C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\manifest.json

MD5 052b4574459359dad6219da8f690243e
SHA1 776db69df5690415e566a65814d4df3cec5e838d
SHA256 bef816cf2b5611e343b490e31494168feda0e01d5abede3675c2678284445349
SHA512 1ef217e48cd7f46299a6796965e4f2e731bcc247a8dfe3c25e4344dc57fc46779e0ddbeb0b58b9b943934cafe4bc95c8e642e15d03f5fa125dab7830828441ab

C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_23147\NetService.crx

MD5 8fa18bac4d634e866db77b20567cfb94
SHA1 76b7a7fef39133eb9b7c1c7291308c2411e143c2
SHA256 ef8176f0291a9568142503f70bb27dbd44a0c887218b5cbc2f79f1ad8add2eaf
SHA512 facfa6dd453ca9bdbaf71db46977474fc581e18e5268c08c9d5eaca319e4e56b1ffa1713244da342b2d894d20a1ea44415ce0ca1d2cd7b72b54cb788134153a0

C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_16409\commenExtension.crx

MD5 ef2e23b5d3a7afcdc15f096454aff823
SHA1 1c5f567c2e37107c35f48dd3bc0e1b5ab6d5703f
SHA256 5fcb04f2c7eddfd26094c7e2ecdf4fdcf534ee534ee7419ded4a9980b7417920
SHA512 42fa87061ecdbfb3967c0594d2510d7b84dbbad46120b17e7b90cf2a4766d9aa11ab7edc4caa400156e5067ec711543287df992d221bd1f605df7586e8a19d37

\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll

MD5 6f069180da502b676d0b5c3cb0f5d09d
SHA1 5e8219473af1347a2a7c756fa5641d1f57f7262c
SHA256 cf3232a4e7fee0279ee7b6a6086393282cb7ec9ed3088832777336bcac380bd0
SHA512 07a8e8e84b9954b5e6241bdb42d7cacd6101c9b1a0b9dfd505b2e2dd80b234132d59bd8841bbf0ae003cefb19fccb0f4978dd4c269751a974841c2ebfd1216f3

C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_12296\video_box.crx

MD5 6ec058cbe9a865cb8fc39697803771b4
SHA1 e93439676848e04a6bd3987e605d08f15617fd5c
SHA256 1afba1d1746e2fb3ea0bc8ec06f78cd468085f747054944b7613787328a6213d
SHA512 8ed5a4a847356195611b9dfa438eed0099f28f511e9eef1734707f86ceec4c6350ff8199a63c9aa9092b8fb0761b3e5d2518143937b4d3d9b6666a67ffbcfe7c

C:\Users\Admin\AppData\Local\Temp\1F26.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\fpbdfpimimonlkoapobdbldphmiplmml\9.3.0_0\manifest.json

MD5 9d061a95aa0a91ceb6ea56bae71551d9
SHA1 25095f4ae70e1e3da3daecfef0a97e44582f852b
SHA256 4615c32d49123a9057199601a9c12537d1ab25d1d8ac7849bc9ba33964441389
SHA512 ff5a1a258db5aae7d9df408fae979b0ec0a46464b3502622ffed57e5ba3fe43902b399dfd15be40de1737aee02599e4db6d2f3ea57c45914d2fbbcf2f29e818b

C:\Users\Admin\AppData\Local\Temp\scoped_dir_600_22438\QBFixerPlugin.crx

MD5 3cd510e82067a5aa6fbd5bc9cc90e941
SHA1 a5e0d0a0bd646d397e73b96a9fc7c85384492d20
SHA256 d8cffdca848ebdd79e5d12128363e31c7a8982c4a97c3239c0a114aeac28533d
SHA512 0050c668347c10c2344bd3f61c1b9ce5559f24b9b7ad1ddda63063428296ca818599de2fe48812a442c2916cccb0120b606b31c3f302ba3cad03e09f4c70a26d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk

MD5 8feb5d7fe8b327a5d3033ceb9c92f512
SHA1 ef4f628f65d570bd1c2c27a4961f4cab137840ae
SHA256 f2840340dc784453c87deff9662190d3632fd1a132cd137083816c9c4fdee136
SHA512 c61821b6034dc6cc5fa0054720a4db77a7e957704372763bb9c7c1f81f70453ac45e807536b31b077db6234cfe1b3b281f0dc0f00de7f0c0ae9fab1ebc737e01

C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk

MD5 c4bf3f58dba76399923683fea855c4ab
SHA1 ce88f6a99d92066411f6e7e68f9f72b645a8a820
SHA256 07b9184edcdace4f613fb557153e2154e5982794f055e1a368c126188542df50
SHA512 6b0ce22ca03e93e8dcaa5d9685973181b7f7e0425b1f12fc16fa9fe2375462e47eed1502e2bb613edf3e9bb9ac3f86c183eed01b07743b0f81dbabaa2869192f

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk

MD5 bfe1681a2f03b3c9aa63909f6edabef0
SHA1 94475fe1695fdcf8dd855aa3ebd4013aa28178e9
SHA256 e3a4e5ca7d2cdb9e47763439221b74350dff0041e15a9025b8c7c3d74280207f
SHA512 4e17c35809146d3fd587690d9276e68b5af65f73085af778623b02197a8936499299f0b99e9e38fe41028fcd146092dbb62f6948b92d13f824c306cf367a7713

C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk

MD5 1355c7213cb39456c4c997d126fd63f9
SHA1 5cbd63044a60da8c45d01e31c609387a9fd3916f
SHA256 a1f0bb39479d0c55c641aba400b380a82a6848afde3281b1e34208581904499b
SHA512 381056143b6f9d1437d5adb5d022e5dcd89a8246ba64fa1f1777d862e8622b0046a6a473830e88aa20f2123b3076b67c01b0daa833e9978f9c34997d1d732360

C:\Users\Admin\Desktop\QQ浏览器.lnk

MD5 22520a7296b0e5f4e8f32b41945201c4
SHA1 bd5bb3b6aaacfc4d677771ce5596edd64590e5aa
SHA256 eb0ea1f38791c8f071bb7a207bc79f60229224e99c86c2328869c30099ac1872
SHA512 4e57e74e62453b8759d3b845fd558ef7ea78ae003bc21c975ac1964dc5227b0dc4f3197faa25bff3ebb9e13caf6146e53cced1d3c4b8756157b81edbf33564bf

memory/2404-625-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2404-624-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2404-623-0x000000006FFF0000-0x0000000070000000-memory.dmp

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\TsQBDrvDll.dll

MD5 fa8c9e95d8131746021981204bb24c03
SHA1 9376312d76750816597d92c8b36e57d41937bff5
SHA256 44353e1a7e8aaa564e53daa0285c5784b4707636c34da28e0c8d8a219279b529
SHA512 e0d2ee6cd34bcce44c30cae9fdda9ef962179449fb68a12a49caed92c97a7ea075517bbc2d91ddf81121bbed08e1e614adc67e0ae925923261eadf8d8907888c

memory/2152-648-0x0000000004FE0000-0x0000000004FFA000-memory.dmp

memory/2152-649-0x0000000004FE0000-0x0000000004FFA000-memory.dmp

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sys

MD5 b532e6c5bd4ed4932cf4eee3723d01d5
SHA1 475f5f098ed9df549d59185faa33c91f0c351fb0
SHA256 8b7cd3bb7c7c57dfe35a4f01a7007198439b6dc81a3b081e77e675fb53cd7c86
SHA512 34da35d6798a59ba2d0dd0b8e42aff25012f18102a5bbda77ac67cd75de3ea50dd98d75d2713ae6ad35b4985f34d2274bad40b2583e6fb20aede0534d1941e9d

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.new

MD5 cdacc4c6291e558d3a8f2da158e9c3c5
SHA1 82a70615b901cdc0f8e75888c741875da4855bee
SHA256 9eeee667becc54cc67c2f96631e4abe88e582795a5a361c327e67b5ad665bf0a
SHA512 72b1700b55009b20491a831ad6fba059ab07da95fc7078b1618590a82d483c24d42595a6bc061144267b4ca6406fdd81f857d8434ecb41220bca4eb6771fe9cd

\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dll

MD5 a912a3a846b7f5a480a8e9d91382cd35
SHA1 f53b3631eced69da79fce1508974d49511666a3a
SHA256 ab3b482cf7f146595153b8b3b4be2820f06825e71128bb42c5f1fcbaa4b787f8
SHA512 c26e6c8054f1921391c428553edae24bfd1afea7eaf2c0dae699997165edb4b821fd0e45075c8524c838e5da5b36b7dd9a1744053a66a72b952bdab072ed4231

memory/1528-691-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/1528-690-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/1528-689-0x000000006FFF0000-0x0000000070000000-memory.dmp

C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\QBSafe.dll

MD5 cbad84f42aa44031511f8d1dff5297c9
SHA1 b7a1d30392fb29a0aef425e2afdfd6126ded4203
SHA256 4f06ecd993de1a299a52ba59388966bdad19c52c4e7c21564153be05c7381f28
SHA512 d471f4c0bb6f8b4a83f4f2c47866b7a3e342f3adbcd190b2d8cd4a6d16842fc9cf2da5d1a663c9135916f9ae48381b6ea77bb4bfe151c3e670baf266f638cd51

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dll

MD5 c6876f0faad1989ee8406b6b6edba00b
SHA1 81400b8735881643f7002fe19d816c726a28dbf0
SHA256 4b6466df99d4709513bfb7cc9e1a0419606f4d0b34ce35f502beffb1ec21c889
SHA512 540c0051807024cd5ccfed6521649950d7c4793c70998ac5c4ad51f6b89fd74333f23c7342e09e3ae8ab3c66b36ed11be32e1ba1266c09bb82090078dc897e1d

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome.dll

MD5 e72fe85d406843af9cff53044291bb14
SHA1 5512971045d88dfed1673016cbbb332821441653
SHA256 40dc8b1bd35a6f78f800f8d8fe3ce3fd40c6dd98d38a10628277d4870f757f51
SHA512 a2209d4f1841d026a7e7b828b87e0aecbb32324cbe80ed0cd00151651a8809aa7bacde0d02f4fff01e9c57c2a61050ad31cdf15ec93eaeaeb56add257c568b91

memory/2192-699-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2192-700-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/2192-698-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/1528-701-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Windows\Temp\Tar349D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/2152-840-0x0000000004FE0000-0x0000000004FFA000-memory.dmp

memory/2152-841-0x0000000004FE0000-0x0000000004FFA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 10:46

Reported

2024-06-12 10:49

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\TsQBDrv.sys C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\TsQBDrv\ImagePath = "\\??\\C:\\Windows\\system32\\drivers\\TsQBDrv.sys" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe\DisableExceptionChainValidation = "0" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\natives_blob_.bin C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Assistant.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PepperFlash\manifest.json C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.new C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\tsurllib.dat C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\navi.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\PrScrn.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\qb\en-US.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QRCode.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\resources.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob.bin C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\manifest.json C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libEGL.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Tencent\QQBrowser\setup.log C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\compat.xml C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sys C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\libexif.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\uninst.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PepperFlash\pepflashplayer.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QQBrowserLiveup.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\qb\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\natives_blob.bin C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qbroker\qbroker64.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\ScreenDef C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\History C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb_100_percent.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\Downloader.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\uninst.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\video.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\icudtl.dat C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\tssafeedit.dat C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QBDExtend.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\switch_core C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\QBSafe.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\navi.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_elf.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\nsis_skin.gt C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qqbrowser.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\app.ico C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe.new C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\i386\tsqbdrv.sys C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ExportFavHtml.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb_200_percent.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PrScrn.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\snapshot_blob_.bin C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\BugReport.exe C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Tencent\QQBrowser\QBUtils.dll C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\QQBrowser Updater Task.job C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
File created C:\Windows\Tasks\QQBrowser Updater Task(Core).job C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\ = "xhtmlfile" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter.1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CLSID\ = "{A981255C-6123-4487-B21A-9CF468EB3FC7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\PerceivedType = "text" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\shtml\OpenWithProgids\ChromeHTML C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" %*" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID\ = "WebpDecodeFilter.WebpImageDecodeFilter" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\UserChoice\Hash = "MRqnJxyt1mo=" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\shtml\UserChoice\Hash = "evcNM68HiKk=" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\ = "QQBrowser HTML Document" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\ = "QQBrowser Protocol" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID\ = "WEBPFilter.CoWEBPFilter.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\ = "htmlfile" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\ = "QQBrowser.File" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WebpDecodeFilter.WebpImageDecodeFilter\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ = "WebpImageDecodeFilter Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID\ = "WebpDecodeFilter.WebpImageDecodeFilt.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithList\notepad.exe\ C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xht\UserChoice C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\UserChoice\Hash = "dctCQK95cmM=" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\Content Type = "application/xhtml+xml" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\progid\ftp C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\URL Protocol C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\AppUserModelID = "Tencent.QQBrowser.Default" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithList\notepad.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\html\OpenWithProgids\ChromeHTML C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib\ = "{5FD70451-714E-495A-9F17-450AEF3AA35E}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mhtml\UserChoice\ProgId = "QQBrowser.File" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\ = "htmlfile" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mhtml\UserChoice C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\PersistentHandler C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\xhtml\OpenWithProgIds\ChromeHTML C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\WebpDecodeFilter.DLL\AppID = "{A629F59C-66C9-4775-901A-A017530E3958}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\PersistentHandler\ = "{5645C8C1-E277-11CF-8FDA-00AA00A14F93}" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Tencent.QQBrowser.Default\.exe\shell\open C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\9.3.7080.400\\webp" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\OpenWithProgIds\MSEdgeMHT C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\progid\https\Hash = "xsLOy1tlz4o=" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CLSID\ = "{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Tencent.QQBrowser.Default\.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithProgids\AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 = "0" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\shell\open\command\ = "\"C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.File\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\shtml\ = "shtmlfile" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\progid\ftp\UserChoice\ProgId = "QQBrowser.Protocol" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WEBPFilter.CoWEBPFilter C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QQBrowser.Protocol\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQBrowser\\QQBrowser.exe,0" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithProgids\ChromeHTML C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\OpenWithProgIds\mhtmlfile C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\htm\OpenWithProgids C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Software\Tencent\QQBrowser\file\mht\ = "QQBrowser.File" C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3500 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3500 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3500 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3500 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 860 wrote to memory of 4484 N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
PID 860 wrote to memory of 4484 N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
PID 860 wrote to memory of 4484 N/A C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
PID 3500 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
PID 3500 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a0608ce5cd4af06a045bf5b21750f6f4_JaffaCakes118.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll"

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-crx="C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\commenExtension.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\video_box.crx";"C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\QBFixerPlugin.crx"; --overwrite-extension

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-browser --silent

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-scheduletask

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-driver

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" --type=assistant --install-service

C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe

"C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe" -installandrun

C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe

"C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe"

C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

"C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe" -make-default-browser --silent

Network

Country Destination Domain Proto
US 8.8.8.8:53 wup.imtt.qq.com udp
US 8.8.8.8:53 qbwup.imtt.qq.com udp
US 8.8.8.8:53 sf.symcd.com udp
US 8.8.8.8:53 wup.imtt.qq.com udp
US 8.8.8.8:53 sf.symcb.com udp
US 8.8.8.8:53 qbwup.imtt.qq.com udp
US 8.8.8.8:53 wup.imtt.qq.com udp
US 8.8.8.8:53 wup.imtt.qq.com udp

Files

memory/3500-0-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3500-1-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3500-2-0x000000006FFF0000-0x0000000070000000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\12aue57ec73\QBInstaller.dll

MD5 10682bc530feb4b73955233e5fb1acd3
SHA1 3aca6f9337af75f4e57e12e088deaf34b85282bf
SHA256 950d2a8194c71fa5cf629499c2a53ddcc981546a0aad4e73e301b37c31f4fc35
SHA512 6663a0c0faa306df1a3810846e629a8f58d46a45eb51fb3faf9c21a9e2bfdf505946d266b6c4e303562e886be70ab5dc26785ddd0218b38ddab5b469c7ec875f

C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\F1Assistant.dll

MD5 63f70e1c2aa0b6cf8767806e92a6e048
SHA1 22e48e4e64fa386bb728f43bcd3d9b4210e63516
SHA256 aac837c6189cba6a77d0e6902786c70761d112f97d9c367412cc22b0fad94011
SHA512 d0eed6608ef9f6ca4c58d6f657f9edc554cada84efa283cc0ccff00a1a493a060092a91328a01a8c75bace977f60c0a7f842631ec1f846e3a59b3495cd25c9bb

C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\BugReport.exe

MD5 5eab02dbe532a55e0b8917c56ce2e362
SHA1 091cc3a7c45a4ac0b884154b780442b0460e7ca8
SHA256 5be5f2f1d16d1473e9c096f4063ff01797a80e6f533b258c96a373584584eafd
SHA512 8fef3a03fd755c59005962a1461c43da63543ed474602f48b8458a9cf9fbd1a36b36a947dac71330844faf5d0e0235bcb379a44bdd8fa4f70cd2bfd167b965bd

C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\snapshot_blob.bin

MD5 af2242ad79aae7cd9922d4e6f634f5fb
SHA1 12be71aea2a9c043d01e87bf8fc52d02f3c8ec3c
SHA256 e2712545a56e648005f0945579472a6ac8ea14959503e9199cf1ee0e7fabdede
SHA512 f17bce35378071c85bc0b986c22e2f606307603ea8f6b0c313632e84be931cd0aa5ec764b9c9a2c4021ff0b0a97628c210f30cadd0970d7d358bb56d69728f3c

C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\natives_blob.bin

MD5 d0645f36f5d0fdf9e8502908cb7096aa
SHA1 d2442b26c40e45a00c1c3f5a88e9798606aad71e
SHA256 bb6a54a7414519312130fc364128d9464c3d0763e42b018ed29db22a2e389dd8
SHA512 73d14a588d9fed22e6109a0043cdb1cb75c665ac802555e8903679274e505d36d5d1e3e032e890311c88053a30029ce76eefd97b09211faaad6834fafb677e98

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qb.exe

MD5 32cebf22bf1b0a89b4e81b917e5c7683
SHA1 6f05de39211a271a31b07d9fea8f3874b20c3e7d
SHA256 46fd7ef6d1c2c4e82d4df3218b55dae2e6ca2cdd04bdc009d19f38dd6337b54e
SHA512 8a846fbf8b552bc8db72a435a7a32f3563d1cba3e1799969e049c521f1e073b69c87a3135ae9349777f32d2ac10c5999285645ce68fe3705768c0aa80299145f

C:\Program Files (x86)\Tencent\QQBrowser\navi.ico

MD5 9a20e850981bb21d880808137f3eb010
SHA1 87f8b703f49aa85d4e09e0ec622cc474bf6d1659
SHA256 2066385679089ac2483795e73a4e492b5d875232bc971bb22f0951866b56de00
SHA512 570179ae9859ecc49096f10a42b22e66909126afbdccfa0112a76db11abfa2654ed6b500e8ce21a465f404d03c76122ebfda11d78f6f5acafda6194ce233b946

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\uninst.exe

MD5 6692f41cd02e839a491996b43a312d5f
SHA1 ba746167cb1a67b6e77aaedcbb5a29b225113ff7
SHA256 223e5b801f347022d9aa42010a36961e10e7440ed99d7712661841e64e2323ed
SHA512 21bde796bfdf8e6df91290631f9ee7d63b37f179fe24a11178475cccf89d1d9604a8515afc7825757cfb8bec3f0607508d30efc4dd2f0936599306e39108cfbd

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\PrScrn.dll

MD5 5b32ab8b61c19ba40d1cb93ab3c31917
SHA1 d05f572399d4ba0606db705207656cbe549a9f68
SHA256 e64d6ac64cfb1dcc2cf062bd2fa4cef1e01f6f9ef5d7534f8e95e195a48dca50
SHA512 f5b07ee841043a9c7100e206cfeb57dd316bdfc5f1fcbeb9dece1e2badf6d59b27fde7353096e2a8cc159df7ff156d09a625659513694a87cb701b869816c0cb

C:\Users\Admin\AppData\Local\Temp\12aue57ec73\bin\QQBrowserLiveup.exe

MD5 615878bb4b3e98caf6b3e25c199573fb
SHA1 d88bb05e57ec805c3837ca2bec4b238a0d92847b
SHA256 fa2212f08b4232252024cb3430fd82373cb1f8a95b3f0eb1133714125ded367f
SHA512 3fc479974026001090efd2498066636a4fff9200f0210af4c9bbde82e8d3ed2a61db14ba187f7c21214106a6d9c8fd623521c14e73d38bb6a5edff529cd6227a

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx

MD5 bc35dd8db0134a9a4d72b6b641d4c3d2
SHA1 daa4adcbbe450edd3feeddde617a99ceef7abe01
SHA256 69652a0d072eeab53df690c901672741ac47e5177b3db097be60946ebb19706f
SHA512 b65b7432ba08a1e39052a1b58d4a4cddf212012dd2877a65118baeba527134bca4305600af86dc35a4679a263444cce5f7f77dfaa48445cf78f131ae8e0f0fd7

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\extensions\NetService.crx

MD5 8fa18bac4d634e866db77b20567cfb94
SHA1 76b7a7fef39133eb9b7c1c7291308c2411e143c2
SHA256 ef8176f0291a9568142503f70bb27dbd44a0c887218b5cbc2f79f1ad8add2eaf
SHA512 facfa6dd453ca9bdbaf71db46977474fc581e18e5268c08c9d5eaca319e4e56b1ffa1713244da342b2d894d20a1ea44415ce0ca1d2cd7b72b54cb788134153a0

memory/3216-340-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3216-339-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/3216-338-0x000000006FFF0000-0x0000000070000000-memory.dmp

C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\manifest.json

MD5 052b4574459359dad6219da8f690243e
SHA1 776db69df5690415e566a65814d4df3cec5e838d
SHA256 bef816cf2b5611e343b490e31494168feda0e01d5abede3675c2678284445349
SHA512 1ef217e48cd7f46299a6796965e4f2e731bcc247a8dfe3c25e4344dc57fc46779e0ddbeb0b58b9b943934cafe4bc95c8e642e15d03f5fa125dab7830828441ab

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll

MD5 6f069180da502b676d0b5c3cb0f5d09d
SHA1 5e8219473af1347a2a7c756fa5641d1f57f7262c
SHA256 cf3232a4e7fee0279ee7b6a6086393282cb7ec9ed3088832777336bcac380bd0
SHA512 07a8e8e84b9954b5e6241bdb42d7cacd6101c9b1a0b9dfd505b2e2dd80b234132d59bd8841bbf0ae003cefb19fccb0f4978dd4c269751a974841c2ebfd1216f3

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\QQPCDetector.dll

MD5 59cab61b1351cbea3ffeeba2e823a657
SHA1 173521dee8ee034007aecf618218602ae70d7cf6
SHA256 4f5a5d9f012f5e5a8a814fe47542d0e533a530fbf319bee8b737d02414a37b04
SHA512 3c0d694481a153d158690225f648f592284eeb654188f4eeb39a714d834d4f31244f2ca4f19606f3fd2df9ee48477c302eb1af06eb5c171e66b8bd7520b03466

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\NetService.dll

MD5 56a16e60343ecb6b3f41e8fa8141453b
SHA1 b924cb860c664b0159a6b3623951ed6af697b35a
SHA256 db7203efd83d0f4a3e30b4395c3f0767d88b354453732cff7d49bd84723d77c2
SHA512 dc10c17d20bfb5edb4e951778d2cae7835134fd6c06bdcccdd1cc82dfed6f494bc40087894f1df91dbaf39316a4bba3f6fbf0c795060aeab9254735ce3921b87

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_28815\CRX_INSTALL\manifest.json

MD5 600d6e7973cbc4349bdcc7f5802f84eb
SHA1 913dc308e8f130776d0fef922514d29b40cdfcf2
SHA256 03ef642412c281ab2164d9337d55f8cd6f754b7363c22cbb0209e41cadf02d9f
SHA512 60c579fa1675ae4b6b1973742c090c38eae1f40651b44752b5cf24ede0654ff71aa078a0a9f5593013720d8b5f9322da417f262e3acca0e0db3f62cb6a01bddd

memory/3216-390-0x0000000075A30000-0x0000000075C45000-memory.dmp

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\qqbrowser.exe

MD5 5725b85d3ba9e4f59bbad8cf47c023df
SHA1 471e9b2e6bfa5407f7feb128841b19068d5130fa
SHA256 4a589d4fd00050d4876a93b2c3fa4c8d20f8f04e8a6f44ecd3c5bde5a2c950b4
SHA512 8337c3cfbff7109e640b18cc03cafec8d2460d44d731daa9a1b2db49b83d0429073d7d0d1b0ab95014df9253f24a026a2a712d590ba180de4d1f4c1e7c9e631f

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\commenExtension.crx

MD5 ef2e23b5d3a7afcdc15f096454aff823
SHA1 1c5f567c2e37107c35f48dd3bc0e1b5ab6d5703f
SHA256 5fcb04f2c7eddfd26094c7e2ecdf4fdcf534ee534ee7419ded4a9980b7417920
SHA512 42fa87061ecdbfb3967c0594d2510d7b84dbbad46120b17e7b90cf2a4766d9aa11ab7edc4caa400156e5067ec711543287df992d221bd1f605df7586e8a19d37

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\s5-iframe.js

MD5 f18e722574afa2aa1ab3f40038cda1ee
SHA1 cf0a5e1b4d65ecb4c8c8f0a2b462934e92761057
SHA256 8973611a1b1139b0cdd56d3063ae097fb3650486459443c7d7fb92c3ff5b47da
SHA512 c77cdd1a18ae8ca6c0bc786624e84d476590a2851fc9795a35e12000417d9a972d647ba1cadfc198fc3816461834093c4054548c82d676e8755971ae8012cc3e

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\manifest.json

MD5 f89a7d8de54e0d2bcb8e51949ebffb7f
SHA1 271b636640cdcaffb568f8b0a0a5ef48e30108f5
SHA256 fd2183fd4500ff8e7c21e71355dbdf4b25825b5924da463a4cb3bc2b66950ab4
SHA512 074c3d1407246f8114374d5c9a9aee9e9a2d96de6dae52c4cde987f615012896e07fec77e35eccbe21c8143fb8b41703fb0fada9838a92f57c630e71013725f6

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\background.js

MD5 d503e0f5c5212c4fa41f6f449ca6a431
SHA1 dd858ee3273cbbb76a7a6c004d94c6ec093e2d21
SHA256 1648061fecea0109745e76356c483f4bd6ed4bab5dd91bc1577c922e2e66ec24
SHA512 827d061b354b6af1856ee933e45fbd2ce9a13a32c162aa889c02aaf7cb9cd7686b30d31676d0b091c5dcf63c970be47038ebc1d95b7f4a16fae50cb54cf67a16

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_13303\CRX_INSTALL\background.html

MD5 e47a0afeb88b3a08052ca652dc371b7b
SHA1 bf54c142aeea010f509e777a2b2b5ac6dd363a73
SHA256 f97b49e5ef5b501158639553054da4bc1b4e1489914f6b15b27a4aac440959b0
SHA512 6c6fb2541daef529089d9161d4a9b91e0c27181d572448b4a023f5cefbd1233f58a632151872450301b129927c4f223b0eaaae7fcc45210fa245ffbc3e480056

C:\Users\Admin\AppData\Local\Temp\FC73.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_12363\video_box.crx

MD5 6ec058cbe9a865cb8fc39697803771b4
SHA1 e93439676848e04a6bd3987e605d08f15617fd5c
SHA256 1afba1d1746e2fb3ea0bc8ec06f78cd468085f747054944b7613787328a6213d
SHA512 8ed5a4a847356195611b9dfa438eed0099f28f511e9eef1734707f86ceec4c6350ff8199a63c9aa9092b8fb0761b3e5d2518143937b4d3d9b6666a67ffbcfe7c

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4584_22484\QBFixerPlugin.crx

MD5 3cd510e82067a5aa6fbd5bc9cc90e941
SHA1 a5e0d0a0bd646d397e73b96a9fc7c85384492d20
SHA256 d8cffdca848ebdd79e5d12128363e31c7a8982c4a97c3239c0a114aeac28533d
SHA512 0050c668347c10c2344bd3f61c1b9ce5559f24b9b7ad1ddda63063428296ca818599de2fe48812a442c2916cccb0120b606b31c3f302ba3cad03e09f4c70a26d

memory/3500-538-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

memory/4584-535-0x0000000075A30000-0x0000000075C45000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk~RFe57ff20.TMP

MD5 8364741c8d2db613988b0b7b2a2e7dd5
SHA1 1616cf4fc5a8327b2a0ab4a1bb994b4b312e2f29
SHA256 8829d4719507518885827faab574b25d622cbb883f571185bb6b8d3ca2d37ae2
SHA512 ad6f57cd06ecaf68189351a4f832b7bb60cd4bc7537d75376417853673b605240354129d7efead31b3803f3592b17317cfbfa8f5a92c4f41d9336c492890c341

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk

MD5 9364a4c79a3be45be5bf4adf5b8d03a0
SHA1 0408b5f56f0643aef2b74af353c8fec6bd8d808b
SHA256 3b7cd1b768ff69202e51b718f4b2a77b3f58954e0a3702f958b1f2fbc3896632
SHA512 96a0e8ba403a588b7c1f9b458a7a556a732034c27b2be248448a76f7e4a4cb79108fac9daf47565e65b60b567f5c8abdb5cbf444ee8af62fa1fe3a89c46c4ed6

C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk~RFe57ff7e.TMP

MD5 8da392c07513d57fb0f6104a376e3dd8
SHA1 5faf9d99cdb29f7a7a000a146358e9454ee9232c
SHA256 c9aac45a2877f6b59665be956a054471f70b7f7812147aeab2852ce36a686bfd
SHA512 6f265502527a5b6a86bd568751330819cf7b2046b7393dcae2439ad99721921195f400403d61a0baa9460f22cac29bc1a78691305dbb99443d64ed3a421bf1a6

C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk

MD5 b4ae37e88d051616413ff908850dab63
SHA1 8f046b2e2c6adbd5d9d7fe03754ba4e77c0871e7
SHA256 6653ce03af23c22197e4433a818c728f4eb30565a171527d0d80fb47df49460c
SHA512 2adc207db3f1ff24dcd86ce224f4ba2bb02bc77e43fe8607204ef0ceebf43cbdef67dfb86a493a301404366bcf4831104b5f8e1895ebb2189cb63dcf461a18a4

C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk

MD5 7d87276fba417049b294c8c17e0586ba
SHA1 b35d54a9a5068092bac68662d3c9054f73e0497b
SHA256 02a32cf60d625ded86483410023ef8c358e1209841e5742ad9c0427c09c8d75a
SHA512 0b35e1c5cf90bb6baadff4728147d83a4d3749436e5279af6d2aeedc4c5560edefc0950d94b9ed382488995638b01162ea885cf1eb5b31aae3f39cf0105db0ac

C:\Users\Admin\AppData\Local\Temp\UserPinnedTemp\QQ浏览器.lnk~RFe58020e.TMP

MD5 240aeecadac15e6247581763c8bfc78b
SHA1 8d379d7ccc1e3abb31145fdff1ac5819d9e3ce05
SHA256 8bd63ea1cda6b98f18cf1f6dd5f5410fdaeda28882bffa3916dc2559377abcfa
SHA512 6554466210efbdce0bda6d94334e04aac7b41d6ec93a1f776769b4f63a9d41a2be375f72e87ac94f6f0756b39c865aa97cbe41c852ad96699114167336855463

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk

MD5 c9b47b582c96867c1ad7b95878f230f6
SHA1 c9e95f3d2d8cfa59ed31b3218d0a1a6f38f00d14
SHA256 f7fb8c98b2322c1721c3b5a2c3942c9ff06c0d975d55131b3515329f0efcb4c3
SHA512 d15ca5bf9c2b01cfa68798ae8a343a5b651c31c19282df9cd2a7db457bd9d70c61e33c5de5c6351af15d41fe8b1981abb034425a3c8bdf04f7680c05f3417df8

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk~RFe58020e.TMP

MD5 9527d545cb6a97c4138045f654b58ded
SHA1 88fecc86153ded60c92788b8f1d921449b1b0a7b
SHA256 bbf539bc785896792b3c4f60c67484dbbc9e77bc4358ed372226650bd5e65f09
SHA512 5bcde58c92cad502c3ef7441f9afd239c6ed0da80a91475debc9344e6116dd08c0f04dbe5da5a17365fb505b2648801e4c1f47386ee50e79384cd6e02ad419b0

C:\Users\Admin\Desktop\QQ浏览器.lnk~RFe58027c.TMP

MD5 18a1167aa445ce475fe6ce81a0af7296
SHA1 de4220523390fa1bf811cce8e82038a3d7eb6a3a
SHA256 39231dac9dbb825a4c99844e10b0d2e187c999e185dd646a9f69e89814f28358
SHA512 215a578fa6526fe86de68b8793577d09005b0d06ccee3c95210d39979bfbd92259341b1411a8ef39fdb66b0b9acd254aba7778fc91d70cb776b2154d6997eea9

C:\Users\Admin\Desktop\QQ浏览器.lnk

MD5 61c8228d8f9a387dec09fdb23f67f180
SHA1 6f9644a40ee4e6a774f61cd5f18255995e865d57
SHA256 77478d9e531558c6b270a852a5bf30869195b1c1c66f1172677021e7e8faffe7
SHA512 3c8d26c99f01398226eedc0a857e89338be5084378ebe6493f6a8b5351752b537db3e2956cb4d3924ef47672ce69771e9346c8e82388a3889288f34a4a1e2e13

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\amd64\tsqbdrv.sys

MD5 b532e6c5bd4ed4932cf4eee3723d01d5
SHA1 475f5f098ed9df549d59185faa33c91f0c351fb0
SHA256 8b7cd3bb7c7c57dfe35a4f01a7007198439b6dc81a3b081e77e675fb53cd7c86
SHA512 34da35d6798a59ba2d0dd0b8e42aff25012f18102a5bbda77ac67cd75de3ea50dd98d75d2713ae6ad35b4985f34d2274bad40b2583e6fb20aede0534d1941e9d

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\driver\TsQBDrvDll.dll

MD5 fa8c9e95d8131746021981204bb24c03
SHA1 9376312d76750816597d92c8b36e57d41937bff5
SHA256 44353e1a7e8aaa564e53daa0285c5784b4707636c34da28e0c8d8a219279b529
SHA512 e0d2ee6cd34bcce44c30cae9fdda9ef962179449fb68a12a49caed92c97a7ea075517bbc2d91ddf81121bbed08e1e614adc67e0ae925923261eadf8d8907888c

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\service\TsService.exe.new

MD5 cdacc4c6291e558d3a8f2da158e9c3c5
SHA1 82a70615b901cdc0f8e75888c741875da4855bee
SHA256 9eeee667becc54cc67c2f96631e4abe88e582795a5a361c327e67b5ad665bf0a
SHA512 72b1700b55009b20491a831ad6fba059ab07da95fc7078b1618590a82d483c24d42595a6bc061144267b4ca6406fdd81f857d8434ecb41220bca4eb6771fe9cd

memory/996-708-0x0000000075A30000-0x0000000075C45000-memory.dmp

memory/4268-701-0x0000000075A30000-0x0000000075C45000-memory.dmp

memory/860-722-0x0000000075A30000-0x0000000075C45000-memory.dmp

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome.dll

MD5 e72fe85d406843af9cff53044291bb14
SHA1 5512971045d88dfed1673016cbbb332821441653
SHA256 40dc8b1bd35a6f78f800f8d8fe3ce3fd40c6dd98d38a10628277d4870f757f51
SHA512 a2209d4f1841d026a7e7b828b87e0aecbb32324cbe80ed0cd00151651a8809aa7bacde0d02f4fff01e9c57c2a61050ad31cdf15ec93eaeaeb56add257c568b91

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\chrome_child.dll

MD5 c6876f0faad1989ee8406b6b6edba00b
SHA1 81400b8735881643f7002fe19d816c726a28dbf0
SHA256 4b6466df99d4709513bfb7cc9e1a0419606f4d0b34ce35f502beffb1ec21c889
SHA512 540c0051807024cd5ccfed6521649950d7c4793c70998ac5c4ad51f6b89fd74333f23c7342e09e3ae8ab3c66b36ed11be32e1ba1266c09bb82090078dc897e1d

memory/1204-730-0x000000006FFF0000-0x0000000070000000-memory.dmp

C:\Program Files (x86)\Tencent\QQBrowser\9.3.7080.400\F1Frame.dll

MD5 a912a3a846b7f5a480a8e9d91382cd35
SHA1 f53b3631eced69da79fce1508974d49511666a3a
SHA256 ab3b482cf7f146595153b8b3b4be2820f06825e71128bb42c5f1fcbaa4b787f8
SHA512 c26e6c8054f1921391c428553edae24bfd1afea7eaf2c0dae699997165edb4b821fd0e45075c8524c838e5da5b36b7dd9a1744053a66a72b952bdab072ed4231

C:\Users\Admin\AppData\Local\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.103\QBSafe.dll

MD5 cbad84f42aa44031511f8d1dff5297c9
SHA1 b7a1d30392fb29a0aef425e2afdfd6126ded4203
SHA256 4f06ecd993de1a299a52ba59388966bdad19c52c4e7c21564153be05c7381f28
SHA512 d471f4c0bb6f8b4a83f4f2c47866b7a3e342f3adbcd190b2d8cd4a6d16842fc9cf2da5d1a663c9135916f9ae48381b6ea77bb4bfe151c3e670baf266f638cd51

memory/1204-729-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/1204-728-0x000000006FFF0000-0x0000000070000000-memory.dmp

memory/1380-741-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

memory/3500-744-0x0000000075A30000-0x0000000075C45000-memory.dmp

memory/1204-746-0x0000000075A30000-0x0000000075C45000-memory.dmp

memory/1380-748-0x0000000075A30000-0x0000000075C45000-memory.dmp

memory/1204-752-0x0000000075A30000-0x0000000075C45000-memory.dmp

memory/1380-760-0x0000000075A30000-0x0000000075C45000-memory.dmp

memory/1380-766-0x0000000075A30000-0x0000000075C45000-memory.dmp