3eeab0e2bbd7e74117cf4d36fa98a7d0125fc46161a1193f0b72fca297f5c8ac

Analysis

max time kernel
297s
max time network
308s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
29-07-2022 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Softonic setup manager (WeChat) _mhnxx.exe
Size

5.1MB
MD5

5347d1465f1abfbe142bee26234c2d42
SHA1

43aa39e7c91122fac3ceff37278f878eb60df870
SHA256

3eeab0e2bbd7e74117cf4d36fa98a7d0125fc46161a1193f0b72fca297f5c8ac
SHA512

afe6c2b058056813ef2f6642c5e4593c37bfc12b38f7f8990e3a923e56922a7c2647eb2e214d7da22de60648475bf59b2b3a9f4818f2861dbc37f9f8e10815bd

Score

8^/10

discovery evasion spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 5 IoCs

Processes:

Quick_Driver_Updater.exeQuick_Driver_Updater.tmpqdu.exeWeChatSetup.exeqdu.exe

pid process

1824 Quick_Driver_Updater.exe
832 Quick_Driver_Updater.tmp
1588 qdu.exe
568 WeChatSetup.exe
988 qdu.exe
Modifies Windows Firewall 1 TTPs 6 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exe

pid process

780 netsh.exe
1076 netsh.exe
904 netsh.exe
364 netsh.exe
1696 netsh.exe
1056 netsh.exe

pid	process
780	netsh.exe
1076	netsh.exe
904	netsh.exe
364	netsh.exe
1696	netsh.exe
1056	netsh.exe

Loads dropped DLL 23 IoCs

Processes:

Quick_Driver_Updater.exeQuick_Driver_Updater.tmpWeChatSetup.exeqdu.exe

pid	process
1824	Quick_Driver_Updater.exe
832	Quick_Driver_Updater.tmp
832	Quick_Driver_Updater.tmp
832	Quick_Driver_Updater.tmp
832	Quick_Driver_Updater.tmp
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
832	Quick_Driver_Updater.tmp
988	qdu.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Quick_Driver_Updater.tmpWeChatSetup.exe

description	ioc	process
File created	C:\Program Files\Quick Driver Updater\langs\is-CTAG0.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\WeChatResource.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-crt-utility-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\protobuf-lite LICENSE.txt	WeChatSetup.exe
File opened for modification	C:\Program Files\Quick Driver Updater\qdu.exe	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\is-O8HL6.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\is-6PO7J.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\msvcp140.dll	WeChatSetup.exe
File created	C:\Program Files\Quick Driver Updater\is-P2JVU.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-memory-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-timezone-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\mglibGLESv2.dll	WeChatSetup.exe
File created	C:\Program Files\Quick Driver Updater\is-GOB96.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\WeChat.exe	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\ffmpegsumo.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-synch-l1-2-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-crt-runtime-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\libFFmpeg.dll	WeChatSetup.exe
File created	C:\Program Files\Quick Driver Updater\dp\is-HVD8U.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\WeChatUpdate.bin	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-namedpipe-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-rtlsupport-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-string-l1-1-0.dll	WeChatSetup.exe
File opened for modification	C:\Program Files\Quick Driver Updater\dp\qduverif.exe	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\Quick Driver Updater\Delimon.Win32.IO.dll	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\is-8LHS9.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\msvcr120.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\plugin_info.ini	WeChatSetup.exe
File opened for modification	C:\Program Files\Quick Driver Updater\Microsoft.WindowsAPICodePack.dll	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\unins000.msg	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\AndroidAssistHelper.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-crt-locale-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files\Quick Driver Updater\unins000.dat	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\WeUIResource.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-crt-heap-l1-1-0.dll	WeChatSetup.exe
File opened for modification	C:\Program Files\Quick Driver Updater\dp\qdureppath.exe	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\tinyxml.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\duilib license.txt	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\WeChatSpt.exe	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-crt-stdio-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\dbghelp.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-console-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\vcruntime140.dll	WeChatSetup.exe
File opened for modification	C:\Program Files\Quick Driver Updater\dp\7z.dll	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\dp\is-LTATQ.tmp	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\Quick Driver Updater\unins000.dat	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\API-MS-Win-core-xstate-l2-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\sae.dat	WeChatSetup.exe
File created	C:\Program Files\Quick Driver Updater\dp\is-I8PDU.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\is-SPOC8.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\langs\is-64CJK.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\XFilesOfficeReader.bin	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-interlocked-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\WeChatWin.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-crt-private-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\wcprobe.dll	WeChatSetup.exe
File opened for modification	C:\Program Files\Quick Driver Updater\Microsoft.Win32.TaskScheduler.dll	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\is-98VHF.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\is-F1F40.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\api-ms-win-core-debug-l1-1-0.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\[3.7.5.23]\msvcp120.dll	WeChatSetup.exe
File created	C:\Program Files (x86)\Tencent\WeChat\WeChat.lnk	WeChatSetup.exe
File created	C:\Program Files\Quick Driver Updater\is-KFLMS.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\dp\is-HU0PD.tmp	Quick_Driver_Updater.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

2024 schtasks.exe
Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

796 taskkill.exe

pid	process
2024	schtasks.exe

pid	process
796	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Softonic setup manager (WeChat) _mhnxx.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-335065374-4263250628-1829373619-1000\Software\Microsoft\Internet Explorer\Main	Softonic setup manager (WeChat) _mhnxx.exe

Modifies system certificate store 2 TTPs 24 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Softonic setup manager (WeChat) _mhnxx.exeqdu.exeqdu.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Softonic setup manager (WeChat) _mhnxx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Softonic setup manager (WeChat) _mhnxx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Softonic setup manager (WeChat) _mhnxx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Softonic setup manager (WeChat) _mhnxx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-335065374-4263250628-1829373619-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	qdu.exe
Key created	\REGISTRY\USER\S-1-5-21-335065374-4263250628-1829373619-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Softonic setup manager (WeChat) _mhnxx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Softonic setup manager (WeChat) _mhnxx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	qdu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Softonic setup manager (WeChat) _mhnxx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Softonic setup manager (WeChat) _mhnxx.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

Processes:

Softonic setup manager (WeChat) _mhnxx.exeQuick_Driver_Updater.tmpWeChatSetup.exe

pid	process
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
1112	Softonic setup manager (WeChat) _mhnxx.exe
832	Quick_Driver_Updater.tmp
832	Quick_Driver_Updater.tmp
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe
568	WeChatSetup.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

taskkill.exeqdu.exe

description	pid	process
Token: SeDebugPrivilege	796	taskkill.exe
Token: SeDebugPrivilege	988	qdu.exe
Token: 33	988	qdu.exe
Token: SeIncBasePriorityPrivilege	988	qdu.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Quick_Driver_Updater.tmpqdu.exe

pid	process
832	Quick_Driver_Updater.tmp
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

qdu.exe

pid	process
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe
988	qdu.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

Softonic setup manager (WeChat) _mhnxx.exeqdu.exe

pid process

1112 Softonic setup manager (WeChat) _mhnxx.exe
1112 Softonic setup manager (WeChat) _mhnxx.exe
988 qdu.exe
988 qdu.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Softonic setup manager (WeChat) _mhnxx.exeQuick_Driver_Updater.exeQuick_Driver_Updater.tmpWeChatSetup.execmd.execmd.exe

description	pid	process	target process
PID 1112 wrote to memory of 1824	1112	Softonic setup manager (WeChat) _mhnxx.exe	Quick_Driver_Updater.exe
PID 1112 wrote to memory of 1824	1112	Softonic setup manager (WeChat) _mhnxx.exe	Quick_Driver_Updater.exe
PID 1112 wrote to memory of 1824	1112	Softonic setup manager (WeChat) _mhnxx.exe	Quick_Driver_Updater.exe
PID 1112 wrote to memory of 1824	1112	Softonic setup manager (WeChat) _mhnxx.exe	Quick_Driver_Updater.exe
PID 1112 wrote to memory of 1824	1112	Softonic setup manager (WeChat) _mhnxx.exe	Quick_Driver_Updater.exe
PID 1112 wrote to memory of 1824	1112	Softonic setup manager (WeChat) _mhnxx.exe	Quick_Driver_Updater.exe
PID 1112 wrote to memory of 1824	1112	Softonic setup manager (WeChat) _mhnxx.exe	Quick_Driver_Updater.exe
PID 1824 wrote to memory of 832	1824	Quick_Driver_Updater.exe	Quick_Driver_Updater.tmp
PID 1824 wrote to memory of 832	1824	Quick_Driver_Updater.exe	Quick_Driver_Updater.tmp
PID 1824 wrote to memory of 832	1824	Quick_Driver_Updater.exe	Quick_Driver_Updater.tmp
PID 1824 wrote to memory of 832	1824	Quick_Driver_Updater.exe	Quick_Driver_Updater.tmp
PID 1824 wrote to memory of 832	1824	Quick_Driver_Updater.exe	Quick_Driver_Updater.tmp
PID 1824 wrote to memory of 832	1824	Quick_Driver_Updater.exe	Quick_Driver_Updater.tmp
PID 1824 wrote to memory of 832	1824	Quick_Driver_Updater.exe	Quick_Driver_Updater.tmp
PID 832 wrote to memory of 628	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 628	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 628	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 628	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 796	832	Quick_Driver_Updater.tmp	taskkill.exe
PID 832 wrote to memory of 796	832	Quick_Driver_Updater.tmp	taskkill.exe
PID 832 wrote to memory of 796	832	Quick_Driver_Updater.tmp	taskkill.exe
PID 832 wrote to memory of 796	832	Quick_Driver_Updater.tmp	taskkill.exe
PID 832 wrote to memory of 2024	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 2024	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 2024	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 2024	832	Quick_Driver_Updater.tmp	schtasks.exe
PID 832 wrote to memory of 1588	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 1588	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 1588	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 1588	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 1588	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 1588	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 1588	832	Quick_Driver_Updater.tmp	qdu.exe
PID 1112 wrote to memory of 568	1112	Softonic setup manager (WeChat) _mhnxx.exe	WeChatSetup.exe
PID 1112 wrote to memory of 568	1112	Softonic setup manager (WeChat) _mhnxx.exe	WeChatSetup.exe
PID 1112 wrote to memory of 568	1112	Softonic setup manager (WeChat) _mhnxx.exe	WeChatSetup.exe
PID 1112 wrote to memory of 568	1112	Softonic setup manager (WeChat) _mhnxx.exe	WeChatSetup.exe
PID 1112 wrote to memory of 568	1112	Softonic setup manager (WeChat) _mhnxx.exe	WeChatSetup.exe
PID 1112 wrote to memory of 568	1112	Softonic setup manager (WeChat) _mhnxx.exe	WeChatSetup.exe
PID 1112 wrote to memory of 568	1112	Softonic setup manager (WeChat) _mhnxx.exe	WeChatSetup.exe
PID 832 wrote to memory of 988	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 988	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 988	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 988	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 988	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 988	832	Quick_Driver_Updater.tmp	qdu.exe
PID 832 wrote to memory of 988	832	Quick_Driver_Updater.tmp	qdu.exe
PID 568 wrote to memory of 632	568	WeChatSetup.exe	cmd.exe
PID 568 wrote to memory of 632	568	WeChatSetup.exe	cmd.exe
PID 568 wrote to memory of 632	568	WeChatSetup.exe	cmd.exe
PID 568 wrote to memory of 632	568	WeChatSetup.exe	cmd.exe
PID 632 wrote to memory of 780	632	cmd.exe	netsh.exe
PID 632 wrote to memory of 780	632	cmd.exe	netsh.exe
PID 632 wrote to memory of 780	632	cmd.exe	netsh.exe
PID 632 wrote to memory of 780	632	cmd.exe	netsh.exe
PID 568 wrote to memory of 692	568	WeChatSetup.exe	cmd.exe
PID 568 wrote to memory of 692	568	WeChatSetup.exe	cmd.exe
PID 568 wrote to memory of 692	568	WeChatSetup.exe	cmd.exe
PID 568 wrote to memory of 692	568	WeChatSetup.exe	cmd.exe
PID 692 wrote to memory of 1076	692	cmd.exe	netsh.exe
PID 692 wrote to memory of 1076	692	cmd.exe	netsh.exe
PID 692 wrote to memory of 1076	692	cmd.exe	netsh.exe
PID 692 wrote to memory of 1076	692	cmd.exe	netsh.exe
PID 568 wrote to memory of 1768	568	WeChatSetup.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Softonic setup manager (WeChat) _mhnxx.exe
"C:\Users\Admin\AppData\Local\Temp\Softonic setup manager (WeChat) _mhnxx.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_47292022326594282662664\Quick_Driver_Updater.exe
  "C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_47292022326594282662664\Quick_Driver_Updater.exe" /verysilent /ppi=1 /ppinag=1 /ddtime=500 /delay=5 /source=sftqdu1 /pixel=SFT5696_SFT5567_RUNT
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\is-MH6RD.tmp\Quick_Driver_Updater.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-MH6RD.tmp\Quick_Driver_Updater.tmp" /SL5="$201A8,5773230,1034240,C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_47292022326594282662664\Quick_Driver_Updater.exe" /verysilent /ppi=1 /ppinag=1 /ddtime=500 /delay=5 /source=sftqdu1 /pixel=SFT5696_SFT5567_RUNT
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:832
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /delete /tn "Quick Driver Updater_launcher" /f
      4⤵
      PID:628
  - - C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im "qdu.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:796
  - - C:\Windows\system32\schtasks.exe
      "schtasks" /Create /F /RL Highest /SC ONCE /st 00:00 /TN "Quick Driver Updater skipuac" /TR "'C:\Program Files\Quick Driver Updater\qdu.exe'"
      4⤵
      Creates scheduled task(s)
      PID:2024
  - - C:\Program Files\Quick Driver Updater\qdu.exe
      "C:\Program Files\Quick Driver Updater\qdu.exe" cntryphnno
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      PID:1588
  - - C:\Program Files\Quick Driver Updater\qdu.exe
      "C:\Program Files\Quick Driver Updater\qdu.exe" silentlnch
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:988
- C:\Users\Admin\AppData\Local\Temp\WeChatSetup_exe_57292022326442062607610\WeChatSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\WeChatSetup_exe_57292022326442062607610\WeChatSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:568
- - C:\Windows\SysWOW64\cmd.exe
    /c netsh advfirewall firewall delete rule name="WeChat" program="C:\Program Files (x86)\Tencent\WeChat\WeChat.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:632
  - - C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall delete rule name="WeChat" program="C:\Program Files (x86)\Tencent\WeChat\WeChat.exe"
      4⤵
      Modifies Windows Firewall
      PID:780
- - C:\Windows\SysWOW64\cmd.exe
    /c netsh advfirewall firewall add rule name="WeChat" dir=in action=allow program="C:\Program Files (x86)\Tencent\WeChat\WeChat.exe" enable=yes
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:692
  - - C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall add rule name="WeChat" dir=in action=allow program="C:\Program Files (x86)\Tencent\WeChat\WeChat.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:1076
- - C:\Windows\SysWOW64\cmd.exe
    /c netsh advfirewall firewall delete rule name="WeChat" program="C:\Program Files (x86)\Tencent\WeChat\WeChatBrowser.exe"
    3⤵
    PID:1768
  - - C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall delete rule name="WeChat" program="C:\Program Files (x86)\Tencent\WeChat\WeChatBrowser.exe"
      4⤵
      Modifies Windows Firewall
      PID:904
- - C:\Windows\SysWOW64\cmd.exe
    /c netsh advfirewall firewall add rule name="WeChat" dir=in action=allow program="C:\Program Files (x86)\Tencent\WeChat\WeChatBrowser.exe" enable=yes
    3⤵
    PID:2028
  - - C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall add rule name="WeChat" dir=in action=allow program="C:\Program Files (x86)\Tencent\WeChat\WeChatBrowser.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:364
- - C:\Windows\SysWOW64\cmd.exe
    /c netsh advfirewall firewall delete rule name="WeChat" program="C:\Program Files (x86)\Tencent\WeChat\WeChatPlayer.exe"
    3⤵
    PID:1180
  - - C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall delete rule name="WeChat" program="C:\Program Files (x86)\Tencent\WeChat\WeChatPlayer.exe"
      4⤵
      Modifies Windows Firewall
      PID:1696
- - C:\Windows\SysWOW64\cmd.exe
    /c netsh advfirewall firewall add rule name="WeChat" dir=in action=allow program="C:\Program Files (x86)\Tencent\WeChat\WeChatPlayer.exe" enable=yes
    3⤵
    PID:1628
  - - C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall add rule name="WeChat" dir=in action=allow program="C:\Program Files (x86)\Tencent\WeChat\WeChatPlayer.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:1056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Quick Driver Updater\Microsoft.Win32.TaskScheduler.dll

Filesize
184KB

MD5
10b55f05ec011648f5ed0c2476c4abe3

SHA1
d40b05c4af3030232c807073ba05986482bdffe2

SHA256
05ab1bbcb2cce566b6d170011b446c5a34aeed37e73341fd4fbe348fb838930c

SHA512
ee3a2faac5af2e12aaaf288a6ac8fb18f3713395124f9e9d90616f2d546e951c12071a9c15f5411535ae936a9a18ff2d269dd16ad6fc275f6314f05acbe1128a

Download Submit
C:\Program Files\Quick Driver Updater\System.Data.SQLite.dll

Filesize
377KB

MD5
f008d53ef467ba98705ed7d178d0c578

SHA1
f4089c5c4941f8226c9889e6a6b62e63b5bacd4a

SHA256
b648f4071b4f5f89729194c55a83f8643fb8482e43896fea6854409e69d75f3a

SHA512
940bf937fa17e0f42b7f5f380e7678a211eae08d8403ed84f179729732e337033131a63276bf2220709b2388f9e137474a0a378c831b80af170ce6c6104f4892

Download Submit
C:\Program Files\Quick Driver Updater\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
C:\Program Files\Quick Driver Updater\langs\qdu_en-us.ini

Filesize
84KB

MD5
d541c142e6787ddb6a38e4f9a9363abb

SHA1
7c886aeeef554a03a9d31837805105c3eb9785d2

SHA256
6d1e04b7647987433d4d35c90f0ce7bae21170cdfebf3ea38ef8150cde5839e3

SHA512
fc36ca172bf197f6ad5ec0039f87e76c00f72ab3c1e033492c2bae16a628a27f74f329f3a3ee29b11c2c1a8c718ca90f9deb96e20a1915c8b8c95a50eb476db7

Download Submit
C:\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
C:\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
C:\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
C:\Program Files\Quick Driver Updater\qdu.exe.config

Filesize
3KB

MD5
b6cd223552358a991d62398d8a769bda

SHA1
21c4455118aabf5064f4743007ea31795f07ceac

SHA256
1d890e3d22dbd0177acb4d307b98e5ec491b8085b7ca70c08ef5bd666489b619

SHA512
a019eeefba7672e13891a3ce1c29dbe781535e7e5bb9d035c50bcc1de67c37f4dfa8a46f0972c3f88c8da8db21cc9b1fda139c31350ec9672dd5ee2d685c3b0e

Download Submit
C:\Program Files\Quick Driver Updater\x64\SQLite.Interop.dll

Filesize
1.5MB

MD5
65142ec86e7fe03453efe502a1d8ea1a

SHA1
f6731a02884073edc41ace74569a31f95ae3d8f3

SHA256
39785f30001d4a858e968d93a5e2cef0717fedc6cf668f557854b374ece54f4f

SHA512
576c95bd82dc53b73d487b94bf4e5ac0914289ae99d3696eb9f66b69b7119422d6b400d47b5a31367820494b61679ffed7c04cfd5acb24a2c13ec3cb2b4ad497

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
a9627cecd2dea81b527d31962ffa1e4c

SHA1
8f263f7b1407d814826aa52fee9134c638b11010

SHA256
01da0c0fe4fd5a9953ef7f3a3bc118826cffd3ce718f3ff2704aae3fa071e9d3

SHA512
172344d6e86d68d670bf6372002a46fe0e8c909ba6c61f47afc622f4b39c75de2c2fa4a7390d75a3ba310eb0332eba5eaf31b71dfd02483a5c84602482e0de93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_E490EA7FE9CCA5E70E3DD1BCBE4988BC

Filesize
637B

MD5
89df88cbb77cfbdbab3ec42379c84c4d

SHA1
c620eab774f956b6522bc281d4d0e0e8004cc4f1

SHA256
83391b7f1cea7d043c7f0cc18085cc38229e5d9e13cc6a010dbf7cec12214f4f

SHA512
ee04aea51b1ee943bb3a261ea4a1508a7d699b77745295cd9237281b85300ddf6599450f9317433ece83f1560fc2a32b886d104404f9e1bf4089a31464f402ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
c4e04db58e72358b1db8b6ae5d2eb867

SHA1
ed175fbd0903e436b428347743fc1e1f4b57a1d9

SHA256
cf27965ab9791da8f099d3568233b609cc3b7b6172567e7a5994c04b62a350e7

SHA512
f1915850ab0bbe92e84688fb13df3f3bb0376be6b3f09ccc6ddcf1461d8b391adcca59b380696240d18ea547229c3ee6eecab5fb91c732a942b71fafcebbf78f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
398B

MD5
179d038ea8ffa54dcb37d81ac4c2a4c5

SHA1
d59598c3bbfd60c1dff9309e6d37a8632f2cc463

SHA256
ffc7ebd2871998625f0827262577355d11e395e1d5c51aba472bad7a298cdd62

SHA512
b6942be9ec0c7cc827fa16f04eea199f98a53b018443d5d97cf9b2d86280be2f89ab8b158fdbb15d2cbdfdb649eac89b1aaf82695cbe6d2a97ff066cc7fb1066

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
a99e6bcde2d8f8470f0e4b10a25b3f8f

SHA1
dcfe59458ffb80e38950e58a1eb54ff9adb8a72d

SHA256
d6b9bbd96c8c86bcb1e22ffc8f801c231a52bfec472ea13584b2936f6a5684ba

SHA512
0dcd76fd9e9bbad535c12069ef19877c90c235d9e80d021534c21339df69ef7cb3fd09947deb42a0bfb75300be88d0fa93ea4542abfe4801c9af1e4c631345dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
ec99ccb25763abf558ca91cdff67ff07

SHA1
ebb21f6db4c2127052ee3e76c60dfbdf5ee6fedc

SHA256
577ec003ceb5a7529d322f5bd8b1b877a3ac3cd16086697982e2a11983c6d80a

SHA512
f3721417ecb30082cd679ce70d88ba34129bfb3da7d5ae988e94aa19548792887e24c516b5408ecd1a73ae9c9063ca4811b0b6b8750ae514e90259d3211032e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_E490EA7FE9CCA5E70E3DD1BCBE4988BC

Filesize
402B

MD5
73f623a7103e4aa08b0c9e6a65c7dd01

SHA1
6156c0fc2e78750e2fbc3a4a4a5871ee7f021564

SHA256
4df5d9b301c20f909bf1934601b85ad0a6497fef632dc140b04db4bf0c27eabd

SHA512
e11d5ea8efecfdd41d8521196bca52bc03d31ccfcc1d323a2f124f5ef598fdd3c6ab45bb0333162b774abd8b24cd76421ec5f6b2a467e97705414578c8a1dfd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
396B

MD5
95b03e0da9b505d8beb5a9548ee9e51b

SHA1
6cce41980b3d547d2c1d49ae724dce355bb74018

SHA256
a0290492690f344238e104840322f954f489d03eb3eba9c3bb780f31a14e2437

SHA512
75ba2cedf6efca50803eb22c0e5feb00d87915316458820f00c33a8be4271c241422d7ef92fc9d991adab428f851d3a35d3768f9b93a6e8e23fadc0ac50ef1f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_47292022326594282662664\Quick_Driver_Updater.exe

Filesize
6.4MB

MD5
4aae3da061f772f90bae6902c72f7cf2

SHA1
c27cbebaa722793d0208e9908079d2caea70dace

SHA256
4df4c5e467ca99103d85bb250cda1279240bc2a7e892a0b174d32d8efe18b903

SHA512
068fa6af3e7e7ab862ae7789d7fea5a6e748f7e8a9268e43bedbb26f6fce99d97ae9915907319ae1482e67cfd0fdfddfa01c0e74070624c51369bd61316d17bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_47292022326594282662664\Quick_Driver_Updater.exe

Filesize
6.4MB

MD5
4aae3da061f772f90bae6902c72f7cf2

SHA1
c27cbebaa722793d0208e9908079d2caea70dace

SHA256
4df4c5e467ca99103d85bb250cda1279240bc2a7e892a0b174d32d8efe18b903

SHA512
068fa6af3e7e7ab862ae7789d7fea5a6e748f7e8a9268e43bedbb26f6fce99d97ae9915907319ae1482e67cfd0fdfddfa01c0e74070624c51369bd61316d17bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeChatSetup_exe_57292022326442062607610\WeChatSetup.exe

Filesize
150.9MB

MD5
86851da540577bb4e994cfc076a5776a

SHA1
d4fe443e13109487a8af887038b57a4baeee653d

SHA256
c91856d0721b09a10c7b37013ca93cabb5e618ea768e66a70141052930c0c351

SHA512
8e6c9203f965c4a93fc34ec26485660fb0057a12b2effc4ebc6be00551b9cfa5a8be7481cb2146741f875a355dd581c7efd9dab273c7b25f67135361e4483d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeChatSetup_exe_57292022326442062607610\WeChatSetup.exe

Filesize
150.9MB

MD5
86851da540577bb4e994cfc076a5776a

SHA1
d4fe443e13109487a8af887038b57a4baeee653d

SHA256
c91856d0721b09a10c7b37013ca93cabb5e618ea768e66a70141052930c0c351

SHA512
8e6c9203f965c4a93fc34ec26485660fb0057a12b2effc4ebc6be00551b9cfa5a8be7481cb2146741f875a355dd581c7efd9dab273c7b25f67135361e4483d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MH6RD.tmp\Quick_Driver_Updater.tmp

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MH6RD.tmp\Quick_Driver_Updater.tmp

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Errorlog.txt

Filesize
1KB

MD5
9af54f9aab2740782e446fa96bcfa7b9

SHA1
1578881fb2b9a3dec033a7d3e3828ecf3a5b4096

SHA256
0bc92e67852977443bc2c9e92b8707d304f17f11ab4bc0764520526db81da1f6

SHA512
4dcb8339cd6fcd8eeb3b8a305a0ae6a4e7bad6d15fefad9b0b6794f69db33e5420b60725d65f50b69c3657f1996cd9560afa1d27c8d42ebe47a43b6c51e98882

Download Submit
\Program Files (x86)\Tencent\WeChat\WeChat.exe

Filesize
596KB

MD5
7c91c6aebac27f55b8c4352b0c13a221

SHA1
61d45e0f2e505f17317fc8c2b37b1e585964faf2

SHA256
80ee3a2b195e001b2f4b52e57fa43a56d5758271c56335fd216da26ce37f2aa3

SHA512
eb79b9956fd12d1550a266ea377b033e248a3724e1c8c097323cc66531047ebde55d8acd602ef25a4bd2d5846e786e72e39264e04347133d434b8283809d729b

Download Submit
\Program Files (x86)\Tencent\WeChat\WeChat.exe

Filesize
596KB

MD5
7c91c6aebac27f55b8c4352b0c13a221

SHA1
61d45e0f2e505f17317fc8c2b37b1e585964faf2

SHA256
80ee3a2b195e001b2f4b52e57fa43a56d5758271c56335fd216da26ce37f2aa3

SHA512
eb79b9956fd12d1550a266ea377b033e248a3724e1c8c097323cc66531047ebde55d8acd602ef25a4bd2d5846e786e72e39264e04347133d434b8283809d729b

Download Submit
\Program Files (x86)\Tencent\WeChat\WeChat.exe

Filesize
596KB

MD5
7c91c6aebac27f55b8c4352b0c13a221

SHA1
61d45e0f2e505f17317fc8c2b37b1e585964faf2

SHA256
80ee3a2b195e001b2f4b52e57fa43a56d5758271c56335fd216da26ce37f2aa3

SHA512
eb79b9956fd12d1550a266ea377b033e248a3724e1c8c097323cc66531047ebde55d8acd602ef25a4bd2d5846e786e72e39264e04347133d434b8283809d729b

Download Submit
\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
\Program Files\Quick Driver Updater\unins000.exe

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
\Program Files\Quick Driver Updater\x64\SQLite.Interop.dll

Filesize
1.5MB

MD5
65142ec86e7fe03453efe502a1d8ea1a

SHA1
f6731a02884073edc41ace74569a31f95ae3d8f3

SHA256
39785f30001d4a858e968d93a5e2cef0717fedc6cf668f557854b374ece54f4f

SHA512
576c95bd82dc53b73d487b94bf4e5ac0914289ae99d3696eb9f66b69b7119422d6b400d47b5a31367820494b61679ffed7c04cfd5acb24a2c13ec3cb2b4ad497

Download Submit
\Users\Admin\AppData\Local\Temp\is-MH6RD.tmp\Quick_Driver_Updater.tmp

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
\Users\Admin\AppData\Local\Temp\nseD8A6.tmp\WeChatSetup\WeChatWin.dll

Filesize
40.3MB

MD5
eb6b43cfd37f3c6f5a4ba00e43f7814a

SHA1
ebf83be0f7ff762648bdd1766a82d8cb1eb0a51d

SHA256
764c9a281326cdf5d36dae324ff39cb3003011e206c7b95c0bdcdc9ee071f236

SHA512
d367601856b669fd612970b12e933b2e16fb93c252c58d2f505a31fd8da8529de886e5f0bcf71ed5b7f5f14a01775973379afdd1e1f068ad6b0f8807979e27f2

Download Submit
\Users\Admin\AppData\Local\Temp\nseD8A6.tmp\WeChatSetup\WeChatWin.dll

Filesize
40.3MB

MD5
eb6b43cfd37f3c6f5a4ba00e43f7814a

SHA1
ebf83be0f7ff762648bdd1766a82d8cb1eb0a51d

SHA256
764c9a281326cdf5d36dae324ff39cb3003011e206c7b95c0bdcdc9ee071f236

SHA512
d367601856b669fd612970b12e933b2e16fb93c252c58d2f505a31fd8da8529de886e5f0bcf71ed5b7f5f14a01775973379afdd1e1f068ad6b0f8807979e27f2

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\FindProcDLL.dll

Filesize
492KB

MD5
633625aa3be670a515fa87ff3a566d90

SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4

SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\WeChatInstallDll.dll

Filesize
1.2MB

MD5
b29f8224755c1c413b9c4b623a5550aa

SHA1
9484443b080b9216e6026e5b5c30fba186940a5c

SHA256
a627c347dc7f5a1e6208f67e0a662d13ad2a6bae85637d1556764464ecfbfb3e

SHA512
51557726070e5f8d4a40194531b1ffe530574f6ba5a2854cd2fd498e2ac0da8159fed8c96ccd9aae2fade1b21d698c090dbc97d42d01bc245aac82e96cceef4a

Download Submit
\Users\Admin\AppData\Local\Temp\nsuD8B7.tmp\nsInstallAssist.dll

Filesize
192KB

MD5
28b411f3793dbcb81d6f3d3b0527cdba

SHA1
7614310be1231850e811a818f58ee8b54ae9ceaf

SHA256
0281e384c94cad29fd8279c1855f671c2dd1f7772cf5645f573dd1df2b3bd127

SHA512
e5c9f21e9838eca54a8ededb1bf279453e116b6cde629a75ad057b6438deec6bcacf6e27a81c8aa0fc732f26dc28cee7a006ba6d68c08846b92937e388349d78

Download Submit
memory/364-154-0x0000000000000000-mapping.dmp

Download
memory/568-141-0x00000000022D0000-0x0000000002302000-memory.dmp

Filesize
200KB

Download
memory/568-91-0x0000000000000000-mapping.dmp

Download
memory/628-71-0x0000000000000000-mapping.dmp

Download
memory/632-144-0x0000000000000000-mapping.dmp

Download
memory/692-147-0x0000000000000000-mapping.dmp

Download
memory/780-145-0x0000000000000000-mapping.dmp

Download
memory/796-72-0x0000000000000000-mapping.dmp

Download
memory/832-68-0x0000000000000000-mapping.dmp

Download
memory/832-73-0x0000000074A71000-0x0000000074A73000-memory.dmp

Filesize
8KB

Download
memory/904-151-0x0000000000000000-mapping.dmp

Download
memory/988-131-0x000007FEEBEC0000-0x000007FEED113000-memory.dmp

Filesize
18.3MB

Download
memory/988-143-0x000007FEE8600000-0x000007FEE9CD3000-memory.dmp

Filesize
22.8MB

Download
memory/988-130-0x000007FEED120000-0x000007FEEE0EA000-memory.dmp

Filesize
15.8MB

Download
memory/988-129-0x000007FEEF9F0000-0x000007FEEFEB0000-memory.dmp

Filesize
4.8MB

Download
memory/988-133-0x000007FEEABE0000-0x000007FEEBC76000-memory.dmp

Filesize
16.6MB

Download
memory/988-166-0x000007FEE74D0000-0x000007FEE835F000-memory.dmp

Filesize
14.6MB

Download
memory/988-136-0x000000001CF21000-0x000000001D1F4000-memory.dmp

Filesize
2.8MB

Download
memory/988-118-0x0000000000000000-mapping.dmp

Download
memory/988-165-0x000000001B5D0000-0x000000001B5E9000-memory.dmp

Filesize
100KB

Download
memory/1056-160-0x0000000000000000-mapping.dmp

Download
memory/1076-148-0x0000000000000000-mapping.dmp

Download
memory/1112-54-0x000007FEFC001000-0x000007FEFC003000-memory.dmp

Filesize
8KB

Download
memory/1180-156-0x0000000000000000-mapping.dmp

Download
memory/1588-80-0x0000000000000000-mapping.dmp

Download
memory/1588-88-0x000007FEEC370000-0x000007FEED5C3000-memory.dmp

Filesize
18.3MB

Download
memory/1588-87-0x000007FEED5D0000-0x000007FEEE59A000-memory.dmp

Filesize
15.8MB

Download
memory/1588-86-0x000007FEF29B0000-0x000007FEF2E70000-memory.dmp

Filesize
4.8MB

Download
memory/1588-85-0x000007FEEE5A0000-0x000007FEEEFC3000-memory.dmp

Filesize
10.1MB

Download
memory/1588-90-0x000007FEEAC20000-0x000007FEEBCB6000-memory.dmp

Filesize
16.6MB

Download
memory/1588-96-0x00000000022A8000-0x00000000022C7000-memory.dmp

Filesize
124KB

Download
memory/1628-159-0x0000000000000000-mapping.dmp

Download
memory/1696-157-0x0000000000000000-mapping.dmp

Download
memory/1768-150-0x0000000000000000-mapping.dmp

Download
memory/1824-120-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1824-63-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1824-62-0x00000000753E1000-0x00000000753E3000-memory.dmp

Filesize
8KB

Download
memory/1824-60-0x0000000000000000-mapping.dmp

Download
memory/1824-89-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1824-66-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2024-78-0x0000000000000000-mapping.dmp

Download
memory/2028-153-0x0000000000000000-mapping.dmp

Download