GridinSoft Threat Intelligence

858Jp63y9.log file report

Under review File reputation report

» File
File Details
Overview
Analysis

Status Under review

Identity 2814acbd607ba47bdbcdf6ac3076ee95

Source GridinSoft ThreatInfo

MD5 2814acbd607ba47bdbcdf6ac3076ee95

Latest seen 2022-12-04 23:24:38 (3 years ago)

First seen 2017-05-21 04:03:28 (9 years ago)

Size 74 KB

Publisher Tencent

Product QQ电脑管家

Signed by Tencent Technology(Shenzhen) Company Limited

Analyst brief

What this report says

ThreatInfo has not assigned a final verdict to 858Jp63y9.log. The metadata below can still help compare the file identity, origin, and observed behavior against a copy found on a device.

This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.

Why it matters

Evidence available for this file

Detection

No final classification is available yet.

Timeline

First seen 2017-05-21 04:03:28 (9 years ago); latest analysis 2022-12-04 23:24:38 (3 years ago).

Publisher context

Company metadata: Tencent. Product metadata: QQ电脑管家.

Digital signature

Signed by Tencent Technology(Shenzhen) Company Limited. The signature is reported as valid, but signed files can still be bundled or abused.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

Use the hash and metadata below to verify the exact file identity.
Review publisher, signature, paths, and PE details for inconsistencies.
Run a local scan if the file appears unexpectedly or starts with Windows.

File context

858Jp63y9.log is a Windows file recorded in the ThreatInfo database. It is associated with QQ电脑管家. The reported company name is Tencent. The current detection status is Undefined, based on the latest analysis from 2022-12-04 23:24:38 (3 years ago).

ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.

File Details

Main Info:

Product Name:	QQ电脑管家
Company Name:	Tencent
MD5:	2814acbd607ba47bdbcdf6ac3076ee95
Size:	74 KB
First Published:	2017-05-21 04:03:28 (9 years ago)
Latest Published:	2022-12-04 23:24:38 (3 years ago)

Analysis:

Status:	Undefined (on last analysis)
Analysis Date:	2022-12-04 23:24:38 (3 years ago)

Overview

Digital Signature

Signed By:	Tencent Technology(Shenzhen) Company Limited
Status:	Valid

The signature on 858Jp63y9.log is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%commonappdata%\tencent\qq\report

%system%\config\systemprofile\appdata\roaming\tencent\common

%commonappdata%\tencent\qq\qmdr

%localappdata%\temp

%appdata%\tencent\common

%sysdrive%\adwcleaner\quarantine\files\cdjdkflrsbzkfeeevfyfxufroanuymfp\common

%sysdrive%\adwcleaner\quarantine\files\terszcqqfscukrqnirpgyzhpkswxhflt\qq\qmdr

%sysdrive%\adwcleaner\quarantine\files\terszcqqfscukrqnirpgyzhpkswxhflt\qq\report

%programfiles%\tencent\qq\bin

%sysdrive%\$hardlinkbackup\programdata\tencent\qq\qmdr

ThreatInfo has observed 858Jp63y9.log in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

232 observed names

report.dll gjdatareport.dll dr.dll N34cJcl329T ine69w.tmp 1ikv97b2o8.xml btDn7q5EK6.H1H M4zUCXuw.dat ksm2GYkfAj9dLM.tmp 9254O6tv.jm1 1TPsqjZTq6Lb.xml r3eTedpc51kI.18c 7rVqdEfEU14y5.2c7 gEiOWa6seA.9fX 3rv2G1.ZAm 9411RT.txt 11I4ITCK536M.39S 52d6r.PYY Ap578RZ.zS9 vlBZwW3.xml hq843amDVnF62.cNL HnGRrj29jnIRZ.log S85492q51Ts5.tmp F9OX7c1.txt gjdatareport.dll.quarantined xzPvrpt8o41NQ3.txt J369gMP1wT2pbm.EQi 5787n7.log 42O1E94SWb.t7M aNbB2v.r19 lZjm3VcR8Xjk.xml 2Ooa9Q58Cv5.57R lxl15a.log 7z5tdv.xml P6G1K6C1JDW5CL.xml S37Rtp.xml d2DHJowHB43z.txt FU9f39K5Nn35HXp.log t1CA7H.lvg ei3R7XO.txt G879nB.oPC 9J9pMlDl.log 524bR2Z7PE9.D78 76StIsX6N.qjb EdZSg.9tL eA1ccxTRF26v.log T6w1ytpheO756s.9el tVZ3w6cV5XN3.log 87fBE.A2L bZHiih8wq7qN.4Jo 2F7eu2DS.xml 7g7RUMc2.rw2 9KTVtXJ1P3.txt 3PS61X4pDM.IOS 4I62ffh14cLPx18.tmp 8PZfPk83s9M.xml KLbqWrsDyXb5T9m.dat Rres2uU8x5T87LE.txt yT2m9U8jRlP.AA2 KN62tg628.519 D8GF4HSjmRYuH8.9vB x1UtgW9J7.log dw5135xn39P8322.xml qw63277559 qCUl1.1v9 S4vamK8jI2fm.tmp e7Du89oQPSf.xml 7F7TULZ4C535.1Pt 85ZHUa92koX.txt 77Fmr5ajO448.xml vM6O752887246AW.txt F1u3rlh.472 45WUr.Oft wl39pYiDS48Z.N4D 4Ute7KQn8597n1p emBfPem3g5.8aM xudxnGKY27179.QZX 2816eWsp 7P9IM89Y6ONe5NR.dat 2l97Pp15yzaHhA.xml xYVTqBtvx9k2t.tmp BKFlM9LS.W4w toRxa.ZzU L4Ir3jEHI.Lqd 1zI46Pt.log rUVc1L5.tmp zayrGKFl.2QT 2KC7kG6 3E9qJXwB9Fu7.xml M7MnI133138.txt 6IQ73GgP9U49Q.log 342V4EA6j7.358 FenF88D5.xml uMwA3Tv.Ij7 yEHHdJtMl.PFq 1bml1.7Lv lC1Y9GnXUQ.T6x 8VNw23Pyz6t.3Ww 4Yf5HobNJpE.LEy Tc9PQlH48W.dat 741TUNw4GKTwG.tmp DYReZb6.tmp 6ij334u8HMQ2.KY1 2jCOx7QbT3.dat AnG78y.xml Tn66xl262yMA8v.kH8 5Rv8a3mqgO68u 986Dm2zTKuatE5.xml zFrc3i6OT719y3.xml 733Of.txt 81eJFCDq3.log 779z4.txt 2C72.tmp 13CA.tmp 36AE.tmp 1965.tmp 5F5.tmp B69E.tmp C1E4.tmp 353F.tmp 3968.tmp 848B.tmp ABB.tmp 295ON6SMV2G.txt V5Gus7W1sKRh.GA2 M34XRF6S7bnF.UL7 NHp23R4.dat D7wQEL7V.U43 PLM7P74aumb.xml A4Hb398.nhh h1fVnSLY2XS9hMp.txt AQBh1.LHU 686Nio3e.dat D29D.tmp CDD7.tmp 11AE.tmp 83E.tmp D528.tmp 851F.tmp D6C3.tmp AD6.tmp D9C7.tmp 28E1.tmp 2F69.tmp EB3D.tmp C8BC.tmp F73E.tmp 2709.tmp DB4.tmp E66A.tmp DDF9.tmp DC97.tmp 99D1.tmp A76D.tmp B1E8.tmp E1E6.tmp 1BDD.tmp 3AD2.tmp 1D83.tmp 4D1E.tmp 44E2.tmp 5227.tmp 11B4.tmp A05E.tmp BAD2.tmp 2BA1.tmp D4C7.tmp BD0.tmp C5E9.tmp E35A.tmp DDDC.tmp 111C.tmp C221.tmp BD83.tmp 6F4A.tmp 200.tmp 111E.tmp 3710.tmp A224.tmp 9723.tmp 5B2A.tmp 91E9.tmp D03.tmp DB64.tmp 76.tmp 24EB.tmp 3F80.tmp F9BC.tmp 6AD5.tmp 83EB.tmp 2E89.tmp 69DD.tmp DC3.tmp B94B.tmp 2CEE.tmp FC5F.tmp 820.tmp FFBE.tmp 80E6.tmp 1CCD.tmp 3C0A.tmp DB86.tmp 2F33.tmp 2313.tmp 1702.tmp 487D.tmp 8435.tmp 2DDC.tmp 264E.tmp 3A17.tmp gjdatareport (1).dll l3b6h1.tmp R7gsx228j64SSH.xml C786hAV 5TriTYDl6x.xml gxY74l7pN92w.2J8 4o92wd53351.87C 4T449KY3VIRfOh5.dat 85RLJ.9eC WOQ6MW7L2T8nwS.xml VH21g.dat B812.tmp C0C4.tmp 3E77.tmp E8D0.tmp FDFD.tmp 5BB8.tmp 17E4.tmp 5342.tmp 2B05.tmp 5DFC.tmp 858Jp63y9.log

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen 858Jp63y9.log across 99 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country India

Share 10.4%

Low High activity

Top observed countries

10.4%

8.8%

8.1%

5.6%

5.3%

The strongest geographic signal for this file is India with 10.4% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 73.4%

Windows 7 20.6%

Windows 8.1 4.5%

Windows 8 0.9%

Windows XP 0.4%

Windows Vista 0.1%

Windows Server 2008 R2 0.1%

The most common operating system signal for 858Jp63y9.log is Windows 10 with 73.4% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

PE Info:

858Jp63y9.log is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe

Architecture 32-bit

Subsystem Windows GUI

Entry point 0x0000a22a

Image base 0x10000000

PE Sections:

Sections 5

Raw data 65536

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

.text 40960 bytes · 62.5% of section data

MD5 281b9b463b1027fdfdad53d8d7dd162f

.rdata 12288 bytes · 18.8% of section data

MD5 3aebad4c0d3c47b62636d29b738d2234

.data 4096 bytes · 6.3% of section data

MD5 eb4e959b40af92b81efe918515a58ddd

.rsrc 4096 bytes · 6.3% of section data

MD5 865d92341f6b058e49614f1402313e83

.reloc 4096 bytes · 6.3% of section data

MD5 da831e48a1a2bd891f413eb835dd39a3

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

This file is still under review

ThreatInfo has not assigned a final verdict yet. Compare the file hash, location, signature, and publisher before trusting the file on a production system.

Scan with GridinSoft Anti-Malware Use a local scan if the file origin or behavior is unclear. Check this hash on VirusTotal

Recommended next steps

Compare the local file MD5 with 2814acbd607ba47bdbcdf6ac3076ee95.
Check the file path, publisher, and signature against the details in this report.
Run a GridinSoft scan if the source, path, or behavior looks unusual.