b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230

Analysis

max time kernel
73s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
Size

1.7MB
MD5

36d7b01417ad4b875540ce25e299bbc5
SHA1

065065d6de36bb46d41c53dcc7c20df92a39172f
SHA256

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230
SHA512

7355cdbe93693561f82148e2aecfae2fa2fa3fcd17c4ce1937f623e1b2d67a5d71f2bdacd20aebc1506723358919e19d076c33eaf3c3b094677a805a45a79a8a
SSDEEP

49152:zenXYUvoBk3PgfuNJc3GAd9H6nZzF0JdOIs/3Bcjc:CnXlo27AdVQ0OIsf24

Score

7^/10

bootkit discovery persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

QMStartMenuPanel64.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	QMStartMenuPanel64.exe

Executes dropped EXE 4 IoCs

Processes:

QMStartMenuHost64.exeQMStartMenuPanel64.exeAutoUpdate.exe

pid process

3696 QMStartMenuHost64.exe
3172
4136 QMStartMenuPanel64.exe
3332 AutoUpdate.exe

Loads dropped DLL 48 IoCs

Processes:

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exeregsvr32.exeQMStartMenuHost64.exeregsvr32.exeQMStartMenuPanel64.exeAutoUpdate.exe

pid	process
4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
2336	regsvr32.exe
3696	QMStartMenuHost64.exe
4048	regsvr32.exe
4136	QMStartMenuPanel64.exe
3332	AutoUpdate.exe
3332	AutoUpdate.exe
4136	QMStartMenuPanel64.exe
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172
3172

Registers COM server for autorun 1 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

QMStartMenuHost64.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\InProcServer32	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMShell64.dll"	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\InProcServer32\ThreadingModel = "Apartment"	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\InProcServer32	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMShell64.dll"	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\InProcServer32\ThreadingModel = "Apartment"	QMStartMenuHost64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMStartShellExt64.dll"	regsvr32.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4644-153-0x0000000000400000-0x0000000000549000-memory.dmp	upx
behavioral2/memory/4644-266-0x0000000000400000-0x0000000000549000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QMStart = "\"C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMStartMenuHost64.exe\" /StartFrom=AutoRun"	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exeQMStartMenuPanel64.exeAutoUpdate.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File opened for modification	\??\PhysicalDrive0	QMStartMenuPanel64.exe
File opened for modification	\??\PhysicalDrive0	AutoUpdate.exe

Drops file in Program Files directory 41 IoCs

Processes:

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exeAutoUpdate.exeQMStartMenuPanel64.exe

description	ioc	process
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_CF_hover.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\windows.emf	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_CF_click.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\icontime.emf	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\AutoUpdate.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\bugreport.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\bugreport64.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuPanel.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_box_hover.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_box_normal.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\dr.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMNetWorkMgr.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\more.emf	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMNetworkMgr.ini	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuHost.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuPanel64.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartShellExt.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartShellExt64.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_CF_normal.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_QQdance_normal.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File opened for modification	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMNetworkMgr.ini	AutoUpdate.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\powerarrow.emf	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\dr64.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_box_click.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_QQdance_hover.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\search.emf	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMNetWorkMgr64.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStart.lnk	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\circle.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\QMStartMenu.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\return.emf	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuDll.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuDll64.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_QQdance_click.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\search.png	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\Uninst.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\config	QMStartMenuPanel64.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\search_result.emf	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
File created	C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuHost64.exe	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeQMStartMenuHost64.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\TypeLib\ = "{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\InProcServer32	QMStartMenuHost64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtension\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMStartShellExt64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\TypeLib	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\ShellFolder\Attributes = "672137216"	QMStartMenuHost64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{557BE1B9-8CF3-48FC-BE50-29E099236D40}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtension\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\TypeLib\ = "{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtensio.1\ = "CQMStartShellExtension Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtensio.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMShell64.dll"	QMStartMenuHost64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\ShellFolder	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\ = "ICQMStartShellExtension"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}	QMStartMenuHost64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QMStartShellExt.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0\0\win64\ = "C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMStartShellExt64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\TypeLib\ = "{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\InProcServer32\ThreadingModel = "Apartment"	QMStartMenuHost64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtension	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0\HELPDIR\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtensio.1\CLSID\ = "{07451604-FBE4-4475-9DD6-261B7B619417}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\ = "ICQMStartShellExtension"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\ShellFolder\Attributes = "672137216"	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\ = "CQMStartShellExtension Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CQMStartShellExtension	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\ = "QMShell"	QMStartMenuHost64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C62C01E-8F66-477A-BA84-7D47116E17CE}\InProcServer32	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtension\CurVer\ = "QMStartShellExt.CQMStartShellExtensio.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\VersionIndependentProgID\ = "QMStartShellExt.CQMStartShellExtension"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\ShellFolder	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtension\CLSID\ = "{07451604-FBE4-4475-9DD6-261B7B619417}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QMStartShellExt.DLL\AppID = "{557BE1B9-8CF3-48FC-BE50-29E099236D40}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtension\ = "CQMStartShellExtension Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0\ = "QMStartShellExt 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\InProcServer32\ThreadingModel = "Apartment"	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F911094-D591-493A-9F47-0E060643B186}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QMStart\\2.0.68.130\\QMShell64.dll"	QMStartMenuHost64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\ProgID\ = "QMStartShellExt.CQMStartShellExtensio.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMStartShellExt.CQMStartShellExtensio.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FADC2574-ABB3-4DDF-ADB2-916BC4AD137A}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\AppID = "{557BE1B9-8CF3-48FC-BE50-29E099236D40}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CQMStartShellExtension\ = "{07451604-FBE4-4475-9DD6-261B7B619417}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA16BB91-BC3B-4CAB-9681-51D3B27C934D}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{557BE1B9-8CF3-48FC-BE50-29E099236D40}\ = "QMStartShellExt"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07451604-FBE4-4475-9DD6-261B7B619417}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

Processes:

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exeQMStartMenuPanel64.exeAutoUpdate.exetaskmgr.exe

pid	process
4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
3332	AutoUpdate.exe
3332	AutoUpdate.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
Token: SeDebugPrivilege	3852	taskmgr.exe
Token: SeSystemProfilePrivilege	3852	taskmgr.exe
Token: SeCreateGlobalPrivilege	3852	taskmgr.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

QMStartMenuHost64.exeQMStartMenuPanel64.exetaskmgr.exe

pid	process
3696	QMStartMenuHost64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe

Suspicious use of SendNotifyMessage 47 IoCs

Processes:

QMStartMenuPanel64.exetaskmgr.exe

pid	process
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
4136	QMStartMenuPanel64.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe
3852	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

QMStartMenuHost64.exe

pid process

3696 QMStartMenuHost64.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exeregsvr32.exeQMStartMenuPanel64.exe

description	pid	process	target process
PID 4644 wrote to memory of 4604	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	cacls.exe
PID 4644 wrote to memory of 4604	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	cacls.exe
PID 4644 wrote to memory of 4604	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	cacls.exe
PID 4644 wrote to memory of 2336	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	regsvr32.exe
PID 4644 wrote to memory of 2336	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	regsvr32.exe
PID 4644 wrote to memory of 2336	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	regsvr32.exe
PID 4644 wrote to memory of 3696	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	QMStartMenuHost64.exe
PID 4644 wrote to memory of 3696	4644	b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe	QMStartMenuHost64.exe
PID 2336 wrote to memory of 4048	2336	regsvr32.exe	regsvr32.exe
PID 2336 wrote to memory of 4048	2336	regsvr32.exe	regsvr32.exe
PID 4136 wrote to memory of 3332	4136	QMStartMenuPanel64.exe	AutoUpdate.exe
PID 4136 wrote to memory of 3332	4136	QMStartMenuPanel64.exe	AutoUpdate.exe
PID 4136 wrote to memory of 3332	4136	QMStartMenuPanel64.exe	AutoUpdate.exe

C:\Users\Admin\AppData\Local\Temp\b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
"C:\Users\Admin\AppData\Local\Temp\b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4644

C:\Windows\SysWOW64\cacls.exe
"cacls" "C:\Program Files (x86)\Tencent\QMStart\2.0.68.130" /t /e /c /g SYSTEM:f
2⤵
PID:4604

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartShellExt64.dll"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartShellExt64.dll"
3⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4048

C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuHost64.exe
"C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuHost64.exe" /StartFrom=Setup
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3696

C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuPanel64.exe
"C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuPanel64.exe" 131218
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136

C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\AutoUpdate.exe
"C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\AutoUpdate.exe" /from=0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:3332

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3852

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\AutoUpdate.exe
Filesize
173KB

MD5
7a5d62a26527668ee5cf19cf2eb03c1a

SHA1
6ec1a1e2c079da24dc8218e9ba4b4f6970650dd6

SHA256
5a827640193bac1850a63d563949e673d0f76c720233c9545f4d12fe330896c4

SHA512
295c3f1d3ce98a21edefcc482dc3ea6222b82029270f0146e0f209fe328a7f064f3be55adda2513384706636ecca62eb60aeb7d259a5b98274182c60766925e9

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\AutoUpdate.exe
Filesize
173KB

MD5
7a5d62a26527668ee5cf19cf2eb03c1a

SHA1
6ec1a1e2c079da24dc8218e9ba4b4f6970650dd6

SHA256
5a827640193bac1850a63d563949e673d0f76c720233c9545f4d12fe330896c4

SHA512
295c3f1d3ce98a21edefcc482dc3ea6222b82029270f0146e0f209fe328a7f064f3be55adda2513384706636ecca62eb60aeb7d259a5b98274182c60766925e9

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMNetWorkMgr.dll
Filesize
205KB

MD5
8b8492f395c6ddd2a7fbeaeed9f751d8

SHA1
83b6c227e957201a23b09dac8907411f070e7cb1

SHA256
20ed089430c5075ffa74224424d572d4cf64636e8a2b5e82f71418b1d1ead79a

SHA512
6dfca73450f94e9a010026129fccb8829ef21deca8903a88a309198cd8402be687c03f4175a833ffb74eae0ba80ef45579c14845cbd5c41edcb2ee8003e67540

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMNetworkMgr.dll
Filesize
205KB

MD5
8b8492f395c6ddd2a7fbeaeed9f751d8

SHA1
83b6c227e957201a23b09dac8907411f070e7cb1

SHA256
20ed089430c5075ffa74224424d572d4cf64636e8a2b5e82f71418b1d1ead79a

SHA512
6dfca73450f94e9a010026129fccb8829ef21deca8903a88a309198cd8402be687c03f4175a833ffb74eae0ba80ef45579c14845cbd5c41edcb2ee8003e67540

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMNetworkMgr.ini
Filesize
66B

MD5
443d98cd7a3bfa1c43b469e7341742c7

SHA1
5c7b0d91b1c0cba967590ab77d8824fa3da23908

SHA256
bf5d2f297f61c71a92f4878682c035636abc41b90cbb6c1def5516c8b68f9a6a

SHA512
237b8b47649f93211d545855c488c766c0e4ea4aa0426029aa204cd08c30b1090266d9b2ca45f2e6637f583ce0797ca4048088809dacc098daaf8bf24e22c03a

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMShell64.dll
Filesize
57KB

MD5
dd1171e5e238122171350fc85a52e2dd

SHA1
fd77bc5dacc5123672b03143710033c4dfbb62e5

SHA256
65d175e0d3bb163db27ccd6f48db48f9660da38558102d1b476b5b005a1650e5

SHA512
cc08e4d987babbbff589b650474dcc804e00d22d5502db38c9562f4827d24e0dfef4694bdd58a5e8fbb25235bd988a2eed6df14c0ac0e6cff10e5bba16023c28

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuDll64.dll
Filesize
299KB

MD5
88708a0bc2736231d15d9458133d6266

SHA1
89a9d509784c8aacc5a28796fd1c74fde6a5a900

SHA256
32b9eb00d0f9d396cafec0c051e37cc92b34694cb35a05a0a406cf963e7fb2d3

SHA512
03a33ef697557c8fc97d8ee3d01407c6a3ce36d4e5c048847bd83d353377b162e00d6cb43db8ae191528b3cf0e851383d2d820d0df72bb5a3f8b73cb61b0aaa0

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuDll64.dll
Filesize
299KB

MD5
88708a0bc2736231d15d9458133d6266

SHA1
89a9d509784c8aacc5a28796fd1c74fde6a5a900

SHA256
32b9eb00d0f9d396cafec0c051e37cc92b34694cb35a05a0a406cf963e7fb2d3

SHA512
03a33ef697557c8fc97d8ee3d01407c6a3ce36d4e5c048847bd83d353377b162e00d6cb43db8ae191528b3cf0e851383d2d820d0df72bb5a3f8b73cb61b0aaa0

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuDll64.dll
Filesize
299KB

MD5
88708a0bc2736231d15d9458133d6266

SHA1
89a9d509784c8aacc5a28796fd1c74fde6a5a900

SHA256
32b9eb00d0f9d396cafec0c051e37cc92b34694cb35a05a0a406cf963e7fb2d3

SHA512
03a33ef697557c8fc97d8ee3d01407c6a3ce36d4e5c048847bd83d353377b162e00d6cb43db8ae191528b3cf0e851383d2d820d0df72bb5a3f8b73cb61b0aaa0

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuHost.exe
Filesize
50KB

MD5
53848647e252b5171e701b2cfc566bdc

SHA1
e97ac563ebc7cb24bcef08f5fc09a75995266318

SHA256
7fca2bce90d91494c01501687290c07ac0077e24910ff25cc287b41a390829c5

SHA512
5ea341270803e2742aa683c3f81ea2c460b3eb7cf3c5e010767c212d47928c39de02b067b5b6d948ba93a94402982713a69df1305af38dcad48a9e3bb810b206

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuHost64.exe
Filesize
57KB

MD5
52028eaf6c96839337193a1d70c006ed

SHA1
c9ef6392626ab38d32342c4c845ed5b5c266765a

SHA256
ed8164a6cfd1a9d14468f468040ba91380689b67f18dd8d22a0b71103e5a6b42

SHA512
ba1b23769df56db3a92aadb0b224c05e2b62a66e42703d15a8550d63e6ae66184ce517f4fbc95b85ecea2dfa66db6ce39648601e482d4cf9bca5c7d888300e2c

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuHost64.exe
Filesize
57KB

MD5
52028eaf6c96839337193a1d70c006ed

SHA1
c9ef6392626ab38d32342c4c845ed5b5c266765a

SHA256
ed8164a6cfd1a9d14468f468040ba91380689b67f18dd8d22a0b71103e5a6b42

SHA512
ba1b23769df56db3a92aadb0b224c05e2b62a66e42703d15a8550d63e6ae66184ce517f4fbc95b85ecea2dfa66db6ce39648601e482d4cf9bca5c7d888300e2c

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuPanel.exe
Filesize
497KB

MD5
0b5ec120f8114e66c70e813fbd38559e

SHA1
2999bda8929c3d2371c2fe8951e976f1a82c06a6

SHA256
3a60e38f44a8868018c64e49cb18baa593529e6ec491a23375888990937b5bd3

SHA512
3db768544b4242affecfe4ba63947aa9a8cad89a21beeee46fe51e0df19ec8a146be1e894cc5a5adf7f14396e88dd1b88c7e202cf32959b17c5baa21ccf22050

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuPanel64.exe
Filesize
868KB

MD5
4bd49469d8d0cf1bc42b324b07c06f83

SHA1
8f88ce1f14d72aff5531ca72b4a7ca28cf6e1eda

SHA256
88d5284ef4873bedb85e63729814d170b5197b6ed2ffd952cd8822e052423eb4

SHA512
2f60171d9ff6f50b4cb38f82fb1798f99a1a6bc7bff5a955d75bee32d1da0663ce0d15dcc52c15f048d7a5a40a9d83c5fd4141c3c2ffd3ee524f3a4446b15148

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenuPanel64.exe
Filesize
868KB

MD5
4bd49469d8d0cf1bc42b324b07c06f83

SHA1
8f88ce1f14d72aff5531ca72b4a7ca28cf6e1eda

SHA256
88d5284ef4873bedb85e63729814d170b5197b6ed2ffd952cd8822e052423eb4

SHA512
2f60171d9ff6f50b4cb38f82fb1798f99a1a6bc7bff5a955d75bee32d1da0663ce0d15dcc52c15f048d7a5a40a9d83c5fd4141c3c2ffd3ee524f3a4446b15148

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\QMStartMenu.png
Filesize
859B

MD5
16f860ea78568080651f0b397e1a0a06

SHA1
b909744555e845f698bb43cb9f9688edf7e08862

SHA256
00d00b7b4ea8a016d37e0a88d7f8a4c82e3330c592b2d4d62f9eda9999187668

SHA512
81f1c3dc2a4ee3f0eff0d49e0bbed6e982e5ecfb77bdb7d615eca263e67013fa6f2b4b66f9f30fef2f7949d6edbdadfdbcb692b973b4d280543f3f1e57fbfb6f

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_CF_click.png
Filesize
1KB

MD5
12702d44f2c14e66bad6f17d65a65f85

SHA1
4b004d467444d36fb510263d2685bc491647fe5d

SHA256
953786c1b9137bdb2b62f960be8f486b400e43b02ef7426bcb69c97c915ba1d4

SHA512
7a334b262a3aaf97dd9085ea4de19189fd807e4b4e8ff1ba9484d2f812f943ab597e5d1d721632684a92743600d1edc4fb1b9dce231e90fe5b455269166ccfe4

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_CF_hover.png
Filesize
1KB

MD5
f15b730fde089ba14ab50c9e45fdf79c

SHA1
72f332d457d85043b86c9a77be1dfe3d12e6e15d

SHA256
594f6a20a6b7dd914c560e9bd5175280f50530f5ef1312c038864a3a03bf74b1

SHA512
6ef2fe421119ae34415927f4f7b53b5f4f37d3467f58b92db86bc81742ce71ef21ce4a1a00988df40b0dd5de043b46a8e852b0dec1a921d03e9c5d9357dce589

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_CF_normal.png
Filesize
1KB

MD5
d236c962ee92eee10195764707b72722

SHA1
1a1e3239ab728aa727cf4f38f9d2c5ec8e22d35f

SHA256
11c404ac3af2c08e2e1673a2642c7df092ae0343cdb44bdf0f21add2751abe3a

SHA512
9a6dfede8f001d6c325a60932ab84c692e2b7002a278c0e63294b9f5b26d0f164d77625df7b910f08367afccdde337a023702d8ab0cb991bc81b7d0a2dfc8462

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_QQdance_click.png
Filesize
1KB

MD5
aef4dbe2ac5745c66b6212f59e92053a

SHA1
1edc346d86076e36f08ee4015c211da7a1bc6a88

SHA256
eae1c9fec62e2645faa45699395a22f652adbbfd1873fec1fb83643909728cd1

SHA512
4f2449c5dad14cff6206a79516a91d34b3f8b4a4417db14b96f88d8b0f7d2e2eecb921da7e1257dc81062253a1a7a33959e5b977aa457069cc9a4fce399d26c1

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_QQdance_hover.png
Filesize
1KB

MD5
af9f8cdd7593abbf5d8103438ff9edd2

SHA1
bc1d218763e3aabeb85008ce5026293a597522ee

SHA256
aa152183121f8137225ae2959c854d62465373f81081cac12ffa426a15541d35

SHA512
0d2c90ce3ef8713b5df79e64a7928b9b9def0842ad1daf9a980522844571d067ebee6e45a04b8b3406b6b5850eefd6f0dcac081db18c2599fe1c55b7a4079c55

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_QQdance_normal.png
Filesize
1KB

MD5
a58af4fa587bcdfeb76f5dff1e67eef8

SHA1
eae5e1e30d1e256c57e517a7c8b496957e34c490

SHA256
e2ad4f6e4d9d94d50335fa5cca569a17dd90a6e2141874238176fe149d3168ef

SHA512
516c3c0d6f111ed359840e851730fe8cd47b71f9576ea8ddd3956c9b2ab8ad65936731532706a2fcba4bfe84921a9379dc2f446314bdf9cf6fefafa972f87e3b

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_box_click.png
Filesize
1KB

MD5
e48f9f9cc705d42bac19151089cc4c28

SHA1
e8bbd4bdadfcc1cc4c20186ea9102de71b13f0fa

SHA256
0ef8f7174411130cc11cd26d1caa75fe43e73da85f5bc39e74555c24da68fcad

SHA512
0f3015c6e46414676b826b9e7e0d1e3b4d0fa1487c4f37d20f7cbe5c0ded04fa6380b2b57b55f86a263842c5b00dfa9fdbc445058c42ef246ef7d281ec562451

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_box_hover.png
Filesize
1KB

MD5
ca1c26841f16c31dd9901eae30b276b7

SHA1
14160f0332ae07bada6fecf260155a2de7e0710b

SHA256
62a7a67e50e44bfd290fd4a73c2310c0ff7a11a022ead2c0258d38fabb1fdcf2

SHA512
1c83b61267fe74579729a674f8e8f0a210027902de3dad63b061266c8c222dc765fcf11758a13520b2bcb20ba009913e95313b0246adfc745ff10f788b14e525

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\btn_box_normal.png
Filesize
1KB

MD5
f32d00784b3ee419f13dda700dab7532

SHA1
dc2fb1a55f7213d850d2d74d503bf6589f1a7a24

SHA256
3752e1dac1987a814906d74203fc2dd4b9e1a7878ceae6a79ac82a39ee1ac962

SHA512
c721568a8b2902152c1cb54528a39274ba4bb95eecfaaea0296a1af4e954f245961c091342b10e6b5dfbc13ebf7af74aa1d4cc0e0d3a08f7b91912ad512e3ee0

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\circle.png
Filesize
1KB

MD5
7ea1ebe28d7cef034a182680deb40f1d

SHA1
215f4ecc6202652e2d5c35c06bb3c7956b8aa127

SHA256
410cc3200cfdd08eeaaefb67ccdddf4b69f1afe00a751a24a50c82b2f7d98ae7

SHA512
c378f4e7ef060111a5f7e4e1eb6f0bcbca8f2159a73027f956e8f23d91250eebd488a49022719b9b3fde88e5da54ab503871af80ebf443d3cff8d24354e64eb7

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\icontime.emf
Filesize
732B

MD5
395e5162b5c34227dbbc5ecc32ba2b9c

SHA1
29da279e6e2e7282e85884d0b3ea64bd5b455e60

SHA256
064fa1b617bc82b8fe023f0497f7fa78eaf893ae006f97a0afecb9e60cafc9ca

SHA512
9c4047d755baf0ea75e5decc70ec9e3523d11a3212b3bbbdbfb22a85520c916db27f141220fb8cd5eae421c8f0cc12f59a968aa50c882413cbb21aeda72fdbda

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\more.emf
Filesize
412B

MD5
809d807942490cfe48fd7d421e495ba7

SHA1
372e197abf3906f2f8d70c0d727155cfe9404767

SHA256
5f251d33bd5b26ea980464860209a636ef5cb68309b018bbcfe08d1d44ecacb4

SHA512
b374db528919d665bf3b73c0695dea97c598db02613a59bf1389326fa5fcac146ea7a3061a64299d5f3bd4959bd2e1fab53b25e6fac4fae5f449d042d3e6c924

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\powerarrow.emf
Filesize
680B

MD5
ff5f5f1c86e8c288230bec775c81ada8

SHA1
0c240225150a9a45a1ff1771b04009d4ff3297a6

SHA256
e4f9aadc60935249f4ad7e2a0f7f8a496f539c78f7054785303db7fe175032d4

SHA512
b3f08bdefdf64a53dc180ff4ab57d37b0de37d8cc5493777fce453c1760c144221867925fe636e366a8de0b06a9224357a678dd468ad7c58f8da86636be45d04

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\return.emf
Filesize
608B

MD5
d75c591763b59e082e9465d49be84766

SHA1
a4ca3ec96fb1a3e0c0fb90cd540058fd41ee4a87

SHA256
6c25caf7e12b56b25874d1bef91f7b6f22491b0bc5bf904e99714eb9b2f1298d

SHA512
3b6a19b47e1110916ddc671a276c70fb5da7ac0374cebac7329eb598c5f740ab00de3f1c7a4f1cae8e6c5dbc48b0cbd7b448a34827973884eda1d34091848f20

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\search.emf
Filesize
660B

MD5
4ad754d52ae17c9fc6ff27bbfb18d9a5

SHA1
54f811a27adeff174829c8a5238e3c7fe6187664

SHA256
6d19d4584dedc7ad3fc477229b16b07b92e0aae4981f0a0ffd95039977c17f61

SHA512
e56ba2bee6962a4628852918ed79fa3adadb4214ca15d4985d1d7c82f66da5e079865ce470b55a079f1e94c58df8cc69ce7a15a0b42138a4702102530b450e70

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\search.png
Filesize
1KB

MD5
4648adfa7bffe6c272419790d772ab98

SHA1
d69854929469d2450b2498dbaa8eda345f28f7c3

SHA256
f49b54e69932e4db7dc225ae039d4e60dc3f21590469a915d547fe1d59c944de

SHA512
72409ee9ee823eb91c731a40895bd11de001ea27c4fe01deaefe4a0180d7f8b034c2d9f857b7cfc5593832b687994e06112cdfd7ff964fd1beeb2272255982c1

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\search_result.emf
Filesize
856B

MD5
fa5eec3db82775d563fac20308f23e48

SHA1
7e7bef49fea8025fc2eb89a3054f7e86033bf6fa

SHA256
996daea24512667747856ea6b355218cb70ab02592efd3bd6e5d703097d1d1f6

SHA512
026b2c2c7852c2b0ac85f77fd9a06d28539a8a711e037c729cd26cb8e774e6be15efa84f0fbc71218955af541b4aa7e3c9aa2010a2c257a41ab808bfb8181f1c

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartMenu_res\windows.emf
Filesize
620B

MD5
496b9796bb4d6dee0e0f2fcc7b816ffc

SHA1
ff2866e92fa27058766de4d1220934efa5f1588c

SHA256
1bbd85f159e41f7b1c6c7af4077814c6ca7cf58a2fc989a21bc63d66dbc52768

SHA512
7518c7936fbea3a7bab1c328878e90a56e1e6f9f39ab1481f556ebc0ec720dd56c1a737346ec31d83b1bbacbf17bea0a40b053fa278197aa4a91610b1e8ef380

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartShellExt64.dll
Filesize
86KB

MD5
a68830b750452eb5404c7968b2d9b8cb

SHA1
45ac0381e79f05dd0f24602679bb33240dda7e3b

SHA256
e02c7000ca565f65beaea97cf74718faed5e77387c973e2a676011ba79eeb9fc

SHA512
fa06f7797785c703d5b280907827c187dcff4d270374bc669e01458ae1dfa2db0d68e34c5010e8937b9fac5c333100ffc78ca84c5b6e1f374b912c23a7b4bfdc

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartShellExt64.dll
Filesize
86KB

MD5
a68830b750452eb5404c7968b2d9b8cb

SHA1
45ac0381e79f05dd0f24602679bb33240dda7e3b

SHA256
e02c7000ca565f65beaea97cf74718faed5e77387c973e2a676011ba79eeb9fc

SHA512
fa06f7797785c703d5b280907827c187dcff4d270374bc669e01458ae1dfa2db0d68e34c5010e8937b9fac5c333100ffc78ca84c5b6e1f374b912c23a7b4bfdc

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\QMStartShellExt64.dll
Filesize
86KB

MD5
a68830b750452eb5404c7968b2d9b8cb

SHA1
45ac0381e79f05dd0f24602679bb33240dda7e3b

SHA256
e02c7000ca565f65beaea97cf74718faed5e77387c973e2a676011ba79eeb9fc

SHA512
fa06f7797785c703d5b280907827c187dcff4d270374bc669e01458ae1dfa2db0d68e34c5010e8937b9fac5c333100ffc78ca84c5b6e1f374b912c23a7b4bfdc

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\Uninst.exe
Filesize
793KB

MD5
1b1cdc2e402a7bf40bc5b59c18dcc67b

SHA1
3d27aa5ade164702642d0ea300012f409043ebe7

SHA256
a4ae1fa15fc6e723d5aa598180101818afc5a186a48161aaa6d606eb734609dd

SHA512
f2583a847368460df342aab3e63854e2cb2d904f6aa1bbaae6e4e6c6dcc59f0b6b24307f256bd38eb8f51c141ef5e6322da9cbdc0fe568308e5a974ba259bb12

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\bugreport.exe
Filesize
753KB

MD5
4515918f7df1191e33d8ebc57ef79124

SHA1
2c0e030120b243812d3cacb5529f827eee513564

SHA256
a3be26f0b1bd192e88e95817104b8af428bd1b68ce06927c32e6be3497b6971a

SHA512
4b0e72e545200f19463020afd916b6ea3d4b5a8b8bbc04fa63c0ce4b7a50e6812c9f1a6df7a673b22c773acb9e9eeee56a9c0b6329691d6e856c18e61caa4589

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\bugreport64.exe
Filesize
944KB

MD5
e20f68ee536103f0f337baeb31f1c09a

SHA1
8e0a7bcb26e0256798957e8952069a436f62a237

SHA256
64d412d47d20065a06a9ab88c5f83892d1c9ad42597af1a6d36df2384a5c754b

SHA512
98d682715fdc0345da5ec1ee1fea2bceb8f5dc00d53e0ba2793287d81b3a692552409e6343e837e24c9fd19332d3a5429b42eb975db89140f7d8fc5045288972

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\dr.dll
Filesize
365KB

MD5
a5e165acae43740eface6c1a08b20fea

SHA1
a23d68e461bd3b8b965b410ca47522768a53c08d

SHA256
468ae93c61b80e6b2ea075aa4b7fa9b815b3687dcdb3df90329f46ab76641136

SHA512
e7d0e896633f48e5a8ef6463caa3f22427af69c02cd6c54b50fa43af33daff8fe65ba830080f78948f5c2901acb1af8c47e6652d757c8b28a4df5fa30d77bd53

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\dr.dll
Filesize
365KB

MD5
a5e165acae43740eface6c1a08b20fea

SHA1
a23d68e461bd3b8b965b410ca47522768a53c08d

SHA256
468ae93c61b80e6b2ea075aa4b7fa9b815b3687dcdb3df90329f46ab76641136

SHA512
e7d0e896633f48e5a8ef6463caa3f22427af69c02cd6c54b50fa43af33daff8fe65ba830080f78948f5c2901acb1af8c47e6652d757c8b28a4df5fa30d77bd53

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\dr64.dll
Filesize
457KB

MD5
980444b483205cb9f33cc75dfe10e4e2

SHA1
9c07487fb73dc89c205464e433c58cf53f9aeb7b

SHA256
0a2f4a78e4f38e05b418ebf659109268ba4e42852e2319f1d0c8e8ff72137e89

SHA512
8171bbb9e27fbd7e91052ede9cd5315b16f7b2f6094f850303fc1cfafd0213cb75126a5b881887547014991a028e31f01a87aab1c03ae519f2087c526cee4c73

Download Submit
C:\Program Files (x86)\Tencent\QMStart\2.0.68.130\dr64.dll
Filesize
457KB

MD5
980444b483205cb9f33cc75dfe10e4e2

SHA1
9c07487fb73dc89c205464e433c58cf53f9aeb7b

SHA256
0a2f4a78e4f38e05b418ebf659109268ba4e42852e2319f1d0c8e8ff72137e89

SHA512
8171bbb9e27fbd7e91052ede9cd5315b16f7b2f6094f850303fc1cfafd0213cb75126a5b881887547014991a028e31f01a87aab1c03ae519f2087c526cee4c73

Download Submit
C:\ProgramData\Application Data\Tencent\QQPCMgr\dr.ini
Filesize
37B

MD5
2568241c65608f70fa17a6f2186315fd

SHA1
4af2167c0eccd41a1c5a29c4dcea668cae473cce

SHA256
9f1e52aa85c3a463f7759b11e5b76f02a1dc3068bff3b1bab106beac1f240092

SHA512
9cd6617f56faa17f811e9474bdba9ed1bb44e6884d0c3690c6e200b24e309d49d27fbb795a22e19a0cba663bc7c82effa16db06dc226415d5e65342c0edae99f

Download Submit
C:\ProgramData\Application Data\Tencent\QQPCMgr\dr_packet.dat
Filesize
234B

MD5
fdd1899f28cbcea016ec63c0fe4692c1

SHA1
698bc949cd7ff7d4c7a45bfa5345e0a5626a0972

SHA256
834bc1a6951980ae378639b4afadac7e6e403618ae8dc4711ddb5557f31ae009

SHA512
3aa8f3c1ff57b1c5bd34adeb8c37a850fe864287d89f11092e583c30f957f01a2c3d6fcaa27771aa7a1c4677bd18196f1dd6dbf3244f191be92eca5057321549

Download Submit
C:\ProgramData\Tencent\QMStart\QMStartInstall_20230322224415.Log
Filesize
4KB

MD5
c66b7b27cc373f6fa30c1e59ee11ff15

SHA1
d0c948103fee58d5d82471c50d8f970018a3f713

SHA256
e943129afd5df8f1d09b4b1c0a35cb4128cbde34fa13e03cf141f9c24413fc83

SHA512
7bbad88628adfdb202e793938e02c25b4b46c1e7095bd53ee7d29ddbfeb21bd65c60974c03fed6c66c2fa58dba992b8a77e38e45d992b2278a3c44c889c8d701

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin.bmp
Filesize
588KB

MD5
908fa2dfb385771ecf5f8b2b3e7bff16

SHA1
1255fa1edbd2dbbcab6d9eb9f74b7d6783697a58

SHA256
60ff5131dba68a8ffe7ba0475bf3e192b432e1969e5ac52d7f217f6935f4035d

SHA512
573c9fde441fb8debaa44b6fa2d3763c3dc4714497089b82bedc8ef0720eea4a907f75cffb1c0ec4a77ac89cfecbef8e6182a2a8fea5b51a2e91920ceaad5f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QMStart\~e5683ac\dr.dll
Filesize
427KB

MD5
68a34245c650829c613e9068bdc6f79d

SHA1
f877ad637c2097915ba894fdccb1a596a52a726e

SHA256
c72cc19b9ee4546378d22483d5cbe612805be585658df9d28677174b19c2b3bf

SHA512
1c9181c1693f3fb4c3044f57f9113f1858cb709c56ea7beec1d41026c4a64070e221dcb61669fbdab63fc0669df24f4a126ea517a157a738b9a35d784cef9afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QMStart\~e5683ac\dr.dll
Filesize
427KB

MD5
68a34245c650829c613e9068bdc6f79d

SHA1
f877ad637c2097915ba894fdccb1a596a52a726e

SHA256
c72cc19b9ee4546378d22483d5cbe612805be585658df9d28677174b19c2b3bf

SHA512
1c9181c1693f3fb4c3044f57f9113f1858cb709c56ea7beec1d41026c4a64070e221dcb61669fbdab63fc0669df24f4a126ea517a157a738b9a35d784cef9afe

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
Filesize
190B

MD5
cabab3957de3e31c2c9ac3c3938571a8

SHA1
8278fda9e96ee0769c57defa4227c6b8e368fbc5

SHA256
012653a2a3679bf4fbf6475122cb4939d5b85309a5e3071f3f4bf60db9d962e8

SHA512
896d5ee955d9d668fa41074fabdeb488dba9dcf3f3222df6dff196eb6fc503660b58ad4dc0f81e6e790691658c6d1b328000fb492fe4c96afff0642bff831a31

Download Submit
memory/3852-329-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-338-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-341-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-340-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-339-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-330-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-331-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-335-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-336-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/3852-337-0x000001E5D2B70000-0x000001E5D2B71000-memory.dmp

Filesize
4KB

Download
memory/4136-297-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/4136-289-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/4644-153-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/4644-266-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download