051a80a2a82dd18faa9d0738c5403f3f0dbd0926e0525a445596cc6ef2d7d754

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$_2_/QQVipDownloader.exe
Size

1023KB
MD5

65dbfaf76be7baf0369e1a202f8499cc
SHA1

542dca77ea0f20b91b8ebac80e326686dd507c55
SHA256

e997d69e9649210f79167f2a8501196ac2a62a23944b5d0d39b1e9bd7e3b774f
SHA512

0880bc2a3182708e3ac620f4028a85eb1683bda96f0246ea5751c9ad20c3ea2c1e9879751b4f57fea0ee16b41347a93be88ef0f87661583971204179b917b608
SSDEEP

12288:pDfAIZBLC7KNkg2BirPUTYLzD3zk2U5LZE+KGngCRyEi1QOCXSSY9p8s96+9AUys:pDfAIZBZkg2B4UsKKLEiGi9X0cAUSK6

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

1776 netsh.exe
3688 netsh.exe

pid	process
1776	netsh.exe
3688	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

QQVipDownloader.exetencentdl.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	QQVipDownloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	tencentdl.exe

Executes dropped EXE 1 IoCs

Processes:

tencentdl.exe

pid process

1668 tencentdl.exe
Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

788 regsvr32.exe

pid	process
1668	tencentdl.exe

pid	process
788	regsvr32.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

QQVipDownloader.exetencentdl.exetencentdl.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	QQVipDownloader.exe
File opened for modification	\??\PhysicalDrive0	tencentdl.exe
File opened for modification	\??\PhysicalDrive0	tencentdl.exe

Drops file in Program Files directory 9 IoCs

Processes:

tencentdl.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\dlcore.dll	tencentdl.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\Tencentdl.exe	tencentdl.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\extract.dll	tencentdl.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\tinyxml.dll	tencentdl.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\InstallInfo.xml	tencentdl.exe
File opened for modification	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\dlcore.dll	tencentdl.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\tnproxy.dll	tencentdl.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\DownloadProxyPS.dll	tencentdl.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\bugreport_xf.exe	tencentdl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

QQVipDownloader.exeregsvr32.exetencentdl.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\metnsd	QQVipDownloader.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28D341BF-13DD-457E-BAFB-D3FC0C442CA4}\ProxyStubClsid32\ = "{B9E49847-9822-4139-BC55-7173ED1ADA11}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\LocalServer32\ = "\"C:\\program files (x86)\\common files\\tencent\\qqdownload\\127\\tencentdl.exe\""	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32\ = "{B9E49847-9822-4139-BC55-7173ED1ADA11}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\metnsd\clsid	QQVipDownloader.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadProxy.Downloader.1\CLSID\ = "{70DE12EA-79F4-46bc-9812-86DB50A2FD64}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\ = "DownloadProxy 1.0 Type Library"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS\ = "0"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib\ = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ = "IDownloader"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib\Version = "1.0"	tencentdl.exe
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\WOW6432Node\Interface	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}\ProxyStubClsid32\ = "{B9E49847-9822-4139-BC55-7173ED1ADA11}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}\ = "IDownloader_3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR\	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28D341BF-13DD-457E-BAFB-D3FC0C442CA4}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadProxy.Downloader	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32\ = "C:\\program files (x86)\\common files\\tencent\\qqdownload\\127\\tencentdl.exe"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ = "_IDownloaderEvents"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods\ = "15"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\Programmable	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28D341BF-13DD-457E-BAFB-D3FC0C442CA4}\NumMethods	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\metnsd\clsid\SequenceID = 8471bc81a2aedf4ea87ca65d678c86b3	QQVipDownloader.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\ = "Downloader Class"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib\ = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\TypeLib\ = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib\Version = "1.0"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32\ = "{B9E49847-9822-4139-BC55-7173ED1ADA11}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\ProgID	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib\ = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadProxy.Downloader\CurVer\ = "DownloadProxy.Downloader.1"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods\ = "6"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib\ = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadProxy.Downloader.1	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\DownloadProxy.EXE\AppID = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}\InProcServer32\ = "C:\\program files (x86)\\common files\\tencent\\qqdownload\\127\\DownloadProxyPS.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadProxy.Downloader\CLSID	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}\ = "DownloadProxy"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\TypeLib	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\VersionIndependentProgID\ = "DownloadProxy.Downloader"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}\ = "PSFactoryBuffer"	regsvr32.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

QQVipDownloader.exe

pid process

3028 QQVipDownloader.exe
3028 QQVipDownloader.exe
3028 QQVipDownloader.exe
3028 QQVipDownloader.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

QQVipDownloader.exe

pid process

3028 QQVipDownloader.exe
3028 QQVipDownloader.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

QQVipDownloader.exe

pid process

3028 QQVipDownloader.exe
3028 QQVipDownloader.exe

pid	process
3028	QQVipDownloader.exe
3028	QQVipDownloader.exe
3028	QQVipDownloader.exe
3028	QQVipDownloader.exe

pid	process
3028	QQVipDownloader.exe
3028	QQVipDownloader.exe

pid	process
3028	QQVipDownloader.exe
3028	QQVipDownloader.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

QQVipDownloader.exetencentdl.exetencentdl.exe

description	pid	process	target process
PID 3028 wrote to memory of 4844	3028	QQVipDownloader.exe	tencentdl.exe
PID 3028 wrote to memory of 4844	3028	QQVipDownloader.exe	tencentdl.exe
PID 3028 wrote to memory of 4844	3028	QQVipDownloader.exe	tencentdl.exe
PID 4844 wrote to memory of 1668	4844	tencentdl.exe	tencentdl.exe
PID 4844 wrote to memory of 1668	4844	tencentdl.exe	tencentdl.exe
PID 4844 wrote to memory of 1668	4844	tencentdl.exe	tencentdl.exe
PID 1668 wrote to memory of 1776	1668	tencentdl.exe	netsh.exe
PID 1668 wrote to memory of 1776	1668	tencentdl.exe	netsh.exe
PID 1668 wrote to memory of 1776	1668	tencentdl.exe	netsh.exe
PID 1668 wrote to memory of 3688	1668	tencentdl.exe	netsh.exe
PID 1668 wrote to memory of 3688	1668	tencentdl.exe	netsh.exe
PID 1668 wrote to memory of 3688	1668	tencentdl.exe	netsh.exe
PID 1668 wrote to memory of 788	1668	tencentdl.exe	regsvr32.exe
PID 1668 wrote to memory of 788	1668	tencentdl.exe	regsvr32.exe
PID 1668 wrote to memory of 788	1668	tencentdl.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\$_2_\QQVipDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$_2_\QQVipDownloader.exe"
1⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\appdata\local\temp\$_2_\tencentdl.exe
"C:\Users\Admin\appdata\local\temp\$_2_\tencentdl.exe" /install
2⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4844

C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe
"C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe" /RegServer
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe" description="C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe" action=allow
4⤵
- Modifies Windows Firewall
PID:1776

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件Crash上报" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\127\bugreport_xf.exe" description="C:\program files (x86)\common files\tencent\qqdownload\127\bugreport_xf.exe" action=allow
4⤵
- Modifies Windows Firewall
PID:3688

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\program files (x86)\common files\tencent\qqdownload\127\DownloadProxyPS.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\InstallInfo.xml
Filesize
1KB

MD5
0d095aab24635aa9377fafd8e86910a2

SHA1
f0909168847b010080e14e3188582696a8019ca3

SHA256
eb733c9b6bbe17ebd2bdc01b2409852a361d0e0d63683eba228de6af1a139592

SHA512
30da0f3b996928bd2ab02956be1737617b4d453fe251186f70fd958bafdcac35f2f63a8dc10a150dba4a0df68a7e1ac3876bdaf90774d6e571cbf4c1cf7496ca

Download Submit
C:\Program Files (x86)\Common Files\Tencent\QQDownload\127\Tencentdl.exe
Filesize
915KB

MD5
7e8dfc56349967d134ccdc9de4cd772f

SHA1
80f9636e5f2b7509d50e3e865b5c0d921348fff0

SHA256
fcaf44a74ec98e9780ddded45729dab1dc292c3a1bfed1c1a7ce56f1fed9b604

SHA512
b25fa86519cc23157f253ab816e8f8dfab54c5eddb72ec2092ece5b33767131f2ebdb4c791a2e28688c3bbbddc0db1e34d046f309592f95bf4665f5f12617010

Download Submit
C:\program files (x86)\common files\tencent\qqdownload\127\DownloadProxyPS.dll
Filesize
67KB

MD5
9c629978377e3edc8d0b001115f93eec

SHA1
c563aad2e04b0e69b3ceeb722f7f7e85dd3cb410

SHA256
1ce25ffc0d8671f5c44573ec190533860cc3bec823d2dcfaf4548a0bd76add50

SHA512
34cb1eafd31385094bc0f2f03da80fb94662a7a966dff7f9be974b5e850e2c588e82546edfaf244b7f20046fd63421495b7a429d50184d074b83208d86dcd619

Download Submit
\??\c:\program files (x86)\common files\tencent\qqdownload\127\dlcore.dll
Filesize
1.9MB

MD5
0ed92ed82d4d1b22fe231c177b45eac5

SHA1
d858a692e6c0a364137c4d0190816809b8c37f7f

SHA256
ad1425b8497cf8b5891adbd51371c3ceb0f977e6e417b6c3f3262e6b6f01e2fc

SHA512
8d7d60e84314ba2b5b1a9248e6ddf1f2723844ebde1953343ee5f825f1d3e30a5a9a504d028c9311f9aa82c17929c4927769b7ae6df986003b2c1aaef0be3aa1

Download Submit
\??\c:\program files (x86)\common files\tencent\qqdownload\127\extract.dll
Filesize
358KB

MD5
9da51d4506bd094fbfc7d337338fc872

SHA1
1b5799ef6b66ac9471842f17570813e7c42cdb27

SHA256
f2181e41d5950fcb762edf6b9cbb665e94004a7f1102b606c331690e6069a501

SHA512
07dfae7c04ea2815ed78af9e29313050338bfec5a8e08a8846c0f846d6d27b79b7bfe2c3b4dbf3758aa22f88342aadf5513dcbcd6a718b9dd939996d6ce9e044

Download Submit
\??\c:\program files (x86)\common files\tencent\qqdownload\127\tnproxy.dll
Filesize
707KB

MD5
3bad47f1e11387358ba090fbc2682713

SHA1
e7e7843d3fd4f45fdb65ff40936bc28a10651589

SHA256
26c906e83d280f03e021a5730908cc40551f8ef98e048b9ae001354ec83ae736

SHA512
c00f7079746cc0ab961680ca784cac036ad60c2883e032fea9d8ac4791579f5cb952a341efb0068a38f81ab84c6dc870ddd8ae5ddb66d17a812a80fc8e1486eb

Download Submit