6785a415c6fd541e86043ac3f3a0ea73f006e0eec6ab1df125eeca4578678c8e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a6a8bcf2861af81a6a553d1be91c639_JaffaCakes118.exe
Size

49.6MB
MD5

6a6a8bcf2861af81a6a553d1be91c639
SHA1

4fefc2d3b49f7ec83b58c857aec2c3d02e7b347d
SHA256

6785a415c6fd541e86043ac3f3a0ea73f006e0eec6ab1df125eeca4578678c8e
SHA512

b47cd0ce79b026c8747612787551b2b5f13969d906c7835c68a6603830d84136a440aeb8fd5756077b734ea9005e9f21ab1e9378cd991d63ac70ac835611435d
SSDEEP

1572864:tC/Q7oNmOMyJ0bp19NhNHrIcnlb0w9pwbwc+fAVgAZ:tC/QnOvKrHIk5F9pwb3+fML

Score

9^/10

bootkit discovery evasion persistence

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

QQPCMgr_Setup.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ QQPCMgr_Setup.exe
Drops file in Drivers directory 1 IoCs

Processes:

QQPCMgr_Setup.exe

description ioc process

File created C:\Windows\system32\Drivers\TFsFltX64.sys QQPCMgr_Setup.exe
Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

1348 netsh.exe
1420 netsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	QQPCMgr_Setup.exe

description	ioc	process
File created	C:\Windows\system32\Drivers\TFsFltX64.sys	QQPCMgr_Setup.exe

pid	process
1348	netsh.exe
1420	netsh.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

QQPCMgr_Setup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QQPCRTP\ImagePath = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QQPCRtp.exe\" -r"	QQPCMgr_Setup.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Tencentdl.exetencentdl.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	Tencentdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	tencentdl.exe

Executes dropped EXE 12 IoCs

Processes:

QQPCMgr_Setup.exeTestMSVCR.exeTestMSVCR_64.exeInstAsm.exePluginInstaller.exeTencentdl.exeQQPCRTP.exetencentdl.exeQMSuperScan.exeQMCheckNetwork.exeQMCheckNetwork.exeTestMSVCR.exe

pid	process
2948	QQPCMgr_Setup.exe
228	TestMSVCR.exe
4364	TestMSVCR_64.exe
2284	InstAsm.exe
5512	PluginInstaller.exe
5688	Tencentdl.exe
4864	QQPCRTP.exe
5080	tencentdl.exe
544	QMSuperScan.exe
3724	QMCheckNetwork.exe
1772	QMCheckNetwork.exe
4388	TestMSVCR.exe

Loads dropped DLL 38 IoCs

Processes:

QQPCMgr_Setup.exeregsvr32.exeregsvr32.exePluginInstaller.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeQQPCRTP.exeQMSuperScan.exeQMCheckNetwork.exeQMCheckNetwork.exe

pid	process
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
5260	regsvr32.exe
5276	regsvr32.exe
3480
5512	PluginInstaller.exe
5644	regsvr32.exe
5656	regsvr32.exe
5664	regsvr32.exe
5636	regsvr32.exe
5672	regsvr32.exe
5760	regsvr32.exe
5748	regsvr32.exe
5792	regsvr32.exe
4864	QQPCRTP.exe
4864	QQPCRTP.exe
4864	QQPCRTP.exe
4864	QQPCRTP.exe
4864	QQPCRTP.exe
4864	QQPCRTP.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
544	QMSuperScan.exe
3724	QMCheckNetwork.exe
3724	QMCheckNetwork.exe
1772	QMCheckNetwork.exe
1772	QMCheckNetwork.exe
1772	QMCheckNetwork.exe
3724	QMCheckNetwork.exe
3724	QMCheckNetwork.exe
544	QMSuperScan.exe

Modifies system executable filetype association 2 TTPs 7 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe

Registers COM server for autorun 1 TTPs 16 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMContextUninstall64.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMContextUninstall64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMGCShellExt64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMContextScan64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMContextScan64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

QQPCMgr_Setup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ QQPCTray = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QQPCTray.exe\" /regrun"	QQPCMgr_Setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

Tencentdl.exeQMSuperScan.exetencentdl.exeQQPCMgr_Setup.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Tencentdl.exe
File opened for modification	\??\PhysicalDrive0	QMSuperScan.exe
File opened for modification	\??\PhysicalDrive0	tencentdl.exe
File opened for modification	\??\PhysicalDrive0	QQPCMgr_Setup.exe

Drops file in Program Files directory 64 IoCs

Processes:

QQPCMgr_Setup.exeTencentdl.exe

description	ioc	process
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCSysOptimize.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\GameUpgradeTrayPlugin\GameUpgradeTrayPlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSFSEngine.DAT	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TAO\BNSConfig.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMFeedBack.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCGameUpShow.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMDeskTopGC.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\script\pb_1088.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.tpc	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCUpdateAVLib.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\SoftAAL.sys	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMFeedBack.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\script\pb_1408.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMAutoClean.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\oDayProtect.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlp.sys	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\Win10Tips.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\IEStartPage\searchlist.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\SpeedupNetflowLimit.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCClinic.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\SysHomePage\syshomepage.tpc	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\GameSpeedupAppPlugins\QMGamePackagePlugin\QMGamePackagePlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMPerfCtrl\QMPerfCtrl.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\SysHomePage\HomePageRecommendItems.xml	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\config\DNSHookDomainList2.0.xml	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\script\pb_1220.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\script\pb_1223.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMArpMgr\libexpatw.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMDnsMonitor\QMDnsMonitor.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMLDPatch.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\malware\logo\plugin_1436.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSClinicWebFix.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\QQPCUpdate.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TAO\CF.pref	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\FileSmash\Common.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMSccTrayPlugin\QMSccTrayPlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCClinicHelper64.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\RtpPage\RtpPage.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\tpk\1.0.0.1\def\virscr02.def	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMSSO\I18N\2052\PGFStringBundle.xml	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\Common.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\QQPCUpdate.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\qmavtrayplugin\QMShield256.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMCommon.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\qmpredownload\QMPreDownload.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCClinicNet\QQPCClinicNet.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\bugreport.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\FileSmash\libjpegturbo.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMPerfCtrl\QMPerf.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\SoftUninstall\SoftUninstall.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\dlcore.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\QMDataUpdate.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\script\pb_1023.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TAVDescr.ipt	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQBrowserWebInstaller.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCClinic.exe	QQPCMgr_Setup.exe
File opened for modification	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\xGraphic32.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\dlcore.dll	Tencentdl.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCConfigCatalog.xml	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMPersonalCenter.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMAutoTaskPlugin\SubRdbs\speedupmsg.rdb	QQPCMgr_Setup.exe

Drops file in Windows directory 1 IoCs

Processes:

QQPCMgr_Setup.exe

description ioc process

File created C:\Windows\Fonts\FZLTCXHJW.TTF QQPCMgr_Setup.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\Fonts\FZLTCXHJW.TTF	QQPCMgr_Setup.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

Processes:

QQPCMgr_Setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\AppPath = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\AppName = "QQPCClinic.exe"	QQPCMgr_Setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\Policy = "3"	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\PCMgrRepairIEExtensions	QQPCMgr_Setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\PCMgrRepairIEExtensions\WarnOnOpen = "0"	QQPCMgr_Setup.exe

Modifies data under HKEY_USERS 54 IoCs

Processes:

QMSuperScan.exeQQPCMgr_Setup.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_9 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd839726a7184adbfe8e17c	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_40 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_33 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa190e476ab7ebd8287247718fad84e8e57ce31bbfffb8d6	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_47 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771bcadaae8ea7ce71bb3ffa5d62d778e67e8ab712d1ab2331c5cde531fcab81406cbbbf7cada4803998a4e	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_54 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c174bdd71caa54d497befac2544cf6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_34 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa190f474db7fdd828726b7192ad92e8	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_39 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e001772dd7bcab24d487be8ac3244d96f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_36 = 3874d037c712e267fc05809e9cffdb765a172ee3	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_26 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_37 = 3874d037c712e267fc05809e9cffdb765a172ee31b9238562ac3f722952e351776dd2bcaf44d	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\LOCALTRUSTCLOUD = 0074df37aa128567a605df9ecbfff1761f1770e37e92735665c3b022cc2e64172add2dca854d107ba2ac1244986fb905698c9903a55ebc7a61eb04b7ef0003abd4ea0eb942286bbc046687271b824efb7385c995b9cc179b0c7034ef9219014760b7b6d81e724171d0adc6e8b77cce1be2ff89d66977c967adab462d49b26a1c0dde601f9db87106b2bbddca8d485b99cd4eb66cd621e1679f197c10340b2f6b9cb1d377a7f7f0a1f1011d5d5f34fa6791888c9735a6256903ceedc56d96ec49c11c1613f147dc1210c977bb79185766396d6c52664c5f79a28510667b92fe6d4da3297a80bf5fe1f6cc719de52a2c3dbcbc5d766464ac853413f12934ba88d714d18173a3d16e67f79118449917f261fc48610ca93c4f267ac5bf7e3eebc818e3e3a5c9e97fb53be556a941e953f3f0b10ae7cbd78e8e79e20c62359c229875f353d7453ca062b581e35884c02f9657dad62a022607ea0b23e9c655ea6f6dde7115be59286a506c5c572a67320105b5e8a7f42f145b9355aa9fc765a5146adc182fcf45110fc9ec03a8949bfcbb422c5475fadfd8b109dcf11754d5edf0b101da68dbe5c49caecd8fbad74f8c060a273342bebaa3e72ed81079c04e9a1d39862714d82ea42695a1498f00172c82e6e7ab74ed4ab8df8ffa1ed3557ccf48ed0ee9de673f80c01239e55e457b140490f209f3c18f3ce2a9209290b63082d8a0d55690ed4df360f99386572543323ae2c1569e61b02eea10a1c90bf8e9520aefc22f8e95513cb573c2f6bc1819390fb05aa4ff4224ca79c4d450f3e6166af3710cfb7f9cdc5081adc8a743106675651c7be5a1ddb0a2ab1c040f4ffde29b537a6c36f15bb996fe13077e5cce23cdfb77c2d081b8d7afd40381c34d8bb5c64a249543a5e92c4744d0986991f55645f5a9d0018305efcfa683513113205d7974f6d33886605024425e114edb4cc88ea5ab9eb4198c3853046cd5082a26da16416af836f604bb25c0ac78bb84e57281ac108191230020fbb9882961eba7ee48e70ac65215a8f3e27d3400f54993c2e65f751606253606e68f3721600dafae3665fdb6e04a01651c82256ee27363c7a936026a00c81d71c31454f587e1114103dd2ae1b8667b5fc669ed8a80c01e13a3d4f9d606ac47003732f059d25772e9e9d5eb044cb928e1c8faa78cbcc7a403ccd1cb52d951c2a26ca00f4cc469bb25c5b52a91494d5e86be96629b81fd698e5cbe4fd320a36e76c0f3a89e4399c6fd30e2f5ed0ab4ee5140056f8dff5055d0a5f380ea9c45ffb0db6d79c682d707b811a333eb2b0cf02cc403d59eaabf1ae6ae047731ebc3286d1d911d621b3d006c167f7c743a3d16708a756856df2ad81bf8d3c06bc22167b6775b6832aa063832f7d9f5c8606ab8c797cf1efb3c5a88b45ed0225075e1181fa421e020424aa177079381ac85e626ebbf66a8daa7538f7e39540b39157d1bf10564bbf0ff0f83a0db8a972cea1cdb39a77a92eadd015f9254e3ed011d2add8e68c58adc0adf259a5837cda39d0bd7cb52416b81a8bd25e35235c3240c3deede0dfb89b2bd76c4f7faf56222374e4fbeba981aadf8ff63413bd996cbdc24c5e2e6c723827528737220152dc39cfc28a57f3c1c5597bdf7c3ec96220ced28f71699b4f2173e9c8af91105d679a48d72ea9e6b2d4fa4d92f57d71a2ee1701d5fab2a83659c07f311afb807538bf2a9ff2844e38a81d3837e33446cfd66ab15432204f27c4fa5eaf53a89303d2479dab1123f8ebccc94e9fe7becd3d311f75b1ee5a77a6cfb203be4c84a96cbeead6903b1b48d9151b420d917b35a1225cdce6620ab3c76353226326ea9d144bac9ee70d6e33d3a33a24461a5461b5e4dd79aa406bc113f10a94a1bb67985ec4efdce45ae6a2fee506c51075a88e99d3003d996f4e0df03812a65fcdb189d7ee8b78c08151d770a37ab0684f40899703066c421b346ae781ad6173d9102c2e68eb1e889c68bfc0454256633351c543319431bb9be62d8148db3ce8dac1eea915746712b210277e1b277cc8e7b60fac9960713af5e8627cc1766c9676f81617bac212bf27ece713c5bb645566d73d76647d91b018f48b75cdfd1dc2e1b4f0ef8f72db6a1e3535650582ebf987683836996647e8a8aa836ee5008daa95da759c106eef1475cfa08e34b72d54da2be12ed3daacf5be062ba5bfb8379ec26c87b502e942dfba6c6a1c1516cb74561cabf0e9f26523e83535bf0eb8fe42f15036f14acc3420cd8141fd1b0fa047903f806193d48c43693c1586f7c092df3d1a1a747c3a467652ecf846936ec90613ec5c4707e0555bfda3326990a5a1ea08e95f44cc63d1f89398a4484da8cf17d3fd73bf55887d98cc86ec031ab3f17d7c2fe77ae1b4b89c30c22cf66685445be9c5e542168e287411566b5fc21de8b127bd1f41e29eaf1d01491d09eef732b85914c965a9cc75d24bdb940546341f405b05c0472d46b4af2c2ff2e073a6be422619112177a2437df68ade01698d7e6353164e27685a62fd6342e8ad00bc62d09b5ab9673c098a2ca58a89358f9ce2e2409258f00e02d5a89b859d20a6da5df35f7c80c7a54ca904caaad226e60bef438c9133faea7814f38ec7c3b9baa1e27caee28ed9ceaef019b88dda1b8869020b4b5f25e4bf5ed31aef07ced6a784a7e22a9ea92ea8051d8c4ae81ce31a10142fecfd343bedbd990a1406e21554552396c6170c62dd426e86b9084656bcf2ad08b15403fb098efbead2a05d60539970ae74ad9b6887aeff3621ebfe07185f1796015a05fd9ac6227bfb0977a8aac760d18da6112376c1213c7919e97db8174252dbb24f9a502c4cd64d401017d25f87e06de8944e50e02a4a3eca1ce243d3376b3bdd341b73cee4a0f237ed7363f3f03ee32f1f4541279250a4cd6c61df15e78a22c88040823dbc84fec446942ff788e314fe2e6f5c0a79160044c98fdc8e3657c344a82042e5459c41d408072f56e7c78624a53fede39db42ce1e410ee626cf775ea28a2cdaa2f488a711d54d599b6442f4052f3357e09b57473b2543b13e3a80e54febc72fd0bce97801f30643dbddc67e5b3b1beff56e23067a7c8b85fe4448185b19626f93d3aab762ad73108b465babdfd361e989b5fea511618e6bd3ae424115c7be1010d68d2647a32060c9305734f2fca5053d93a69a601b3f0eb10332361613a92c6eb6b7aa3d068c7e322e5029f9752b187e004af0f3623576c85f41d2a18cdb495526abc560148a1c1ff956897b55417bebd19a3bc11e3145fcb75691330ec7a9a3f1e9bd7b6d8e55be9ff96b5da35e0e0dc9322775f3b0f180deebf0389db831895b1a980079fc712d4f34d3f0f4f62cc70a690936d96fd26e76d9cbf5fb56bf6d194219603a843bd82f6a5b4f83a5598a36ad9dce9eef578dcbcc5b12976ae53daefbef3c271bc550f31eddc436bd999acbc0e9c5603fb40ef2830819f2f809362ed92a07d09f785f684e908a1cdad29fe986d7eb81caed46c5238091b86b94ce524b18765c742365f81304666abc929e10bafc740d64a51d3c5cdcdc610942a13b9da2c371b4d9b93c1bdf0343d57aaf00e57de0695086dcabd82fdff90c91c49b729e6b1ca2a62d44d7cd35bb2e057ab7988a916448940c3a845f487d538edf302b07b962f4d503208c6051646b193460068b131aa4cef46265f69550bae18350daa746f59ecc96f12f8d175ec164225ff9e8d869bb95d5a5ddd7c2018a0981865161e4bd96b9b73b0bc6f65c62c29fe0b51bfb79e7b2828ea1605a2f892709ec87fc09d9e541205d9e15388f798deac2d565ff03aeb16cfe4f9c8334522f40f8566df59684a190c9690bbeefbd9b0e4b77ba6cd17797de5fac9ae0a09c05e85eb72dd66e1aa018cc8eb72ec7ff0f82f29ee6950ea0710a1070dd054036d756c2e9626141b13021c7f9fa0c3dbcc4222a5aed379484332c251921b93348a7cef728f51e16e984acd3ccb2e2255a3653a61c20b51feb085aaf96fc7df529183ab5fb10dcc545871802c1287b579f6a1855eb15725d3c51289318d838a9d8e9b76b611494b8b53b2b1c8ff0a27f90c5d6cc10fc8154eb703bf48f8b084911714a27da6d4dd14bef0e71db04e2cdc3a7ad7bdd76ee4b60a3d107643cb285c46e7c922dc70deb865f15159151f2242f600c94bdbe8b61e7680c8d8be4526e81bbbef5523fe7ad0df0f2d85b716e68f0c014ef6e8a578d18d0945f3b82e3c5e4a219aeb116cfd1e3eb670c68217c66df975dac7107b3c5dffa47b520893a15021d391f10af795be91bfbb1276dc6d997df98144fb0ff25dd43132276a8f27c4190349e62dce2ec278a6a44054098ae8f8e413003c0800f0c769d91f026cac5c7879b041a9561d49c7397a6d5cecf7d608d7e3b4239044303e57bc95fbf7543c06b9e7fce2059ed764377b753680fceb1380ef9582ab5867a8b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_42 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_44 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44f66fbf052b8cb103fa5e917a4beb61b7ed0058ab80ea5fb90928	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_53 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c1756dd6dcab54d547bf9ac	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_21 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7dad83972697190ad87e8ef7cfe1bbfffb8d6	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_32 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa190e476ab7ebd82872477181ad88e8e67cef1b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_13 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e1d176edd6bcaaf4d5e7b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_24 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771bcadb8e8fa7ceb1ba8ffbfd631778d67	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_25 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c175fdd7dcab54d567beeac3844da6f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_27 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ded82e726d718ead9fe8eb7cf81bfaff98d62c779267eeab772d18b2321c41de561f	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_7 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbcbcac1480e998b4e866c9621d267	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_8 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7dcd83972677185ad85e8fa7c	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_56 = 3874d037c712e267fc05809e9cffdb765a172ee31b92395636c3f7228e2e251769dd7bcaa34d4e7b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_2 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_6 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e16177add6ecaa94d4f7bf3ac2344cf6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_20 = 3874d037c712e267fc05809e9cffdb765a172ee31b920d563cc3ea22952e2317	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_22 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_29 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbcbcac1480e998b4e866c9621d267	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_41 = 3874d037c712e267fc05809e9cffdb765a172ee31b9218562ac3f722b62e1f174cdd2ecaf24d	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_45 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea6eb91f2832bc40669627478210fb6a85c195	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_46 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c175fdd77caa54d487bf7ac3244c46f8805378c	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_11 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_19 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7c0d83972707197ad84e8fc7ce11bfaff98d62c779267eeab772d18b2321c41de561f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_16 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e14177edd6bcaad4d497bf5ac2744	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_23 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_30 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771bcadb8e8fa7ceb1ba8ffbfd631778d67	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_31 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e16177add6ecaa94d4f7bf3ac2344cf6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_35 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_43 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44f66fbf052b8cb103fa5e917a4beb61b7ed0058ab80ea5fb90928	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg	QQPCMgr_Setup.exe
Key created	\REGISTRY\USER\QMConfig	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_5 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e141774dd7bcab34d507bffac3944de6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_59 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa19054751b7fcd832725871a2ad9ee8fc7ce41b	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_0 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e14177edd6bcaad4d497bf5ac2744	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_28 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_14 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e061772dd7ccaa34d527be9ac	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\LSPCheckNetworkEntry = 7f74ea37	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_55 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c174ddd71caa24d587bf5ac2444	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_38 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_48 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbd9cad1480299904e9c6c8a21d167d3193a10660b696bc6b1d877fff7faa1d901095d7634d067a388	QMSuperScan.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exetencentdl.exeQQPCMgr_Setup.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\ = "QMContextScan 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\TypeLib\ = "{445E3964-15B0-472a-95F4-6242DD2EA066}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1\CLSID\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\NumMethods\ = "3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}\1.0\HELPDIR\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib\Version = "1.0"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\ProgID\ = "QMContextScan.QMContextScanMenu.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMContextScan64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib\Version = "1.0"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qmbfile\DefaultIcon	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}\1.0\0\win32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMContextUninstall64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMGCShellExt64.dll,1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu\CurVer\ = "QMContextScan.QMContextScanMenu.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\HELPDIR\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QMContextUninstall.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCMgrRepairIEExtensions\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QQPCMgr.exe\"%1 "	QQPCMgr_Setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles\ShellEx\IconHandler	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.qbox\ = "QQPCMgr.qbox"	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\QMContextUninstall64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1\ = "QMContextScanMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu\CurVer\ = "QMContextScan.QMContextScanMenu.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu\ = "QMContextUninstallMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\DownloadProxy.EXE	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\VersionIndependentProgID\ = "QQPCMgr.GarbageCleaner"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\ = "PSFactoryBuffer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}	tencentdl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles\Shell	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\ProgID\ = "DownloadProxy.Downloader.1"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\VersionIndependentProgID\ = "DownloadProxy.Downloader"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ = "_IDownloaderEvents"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1\CLSID\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.qmb\ = "qmbfile"	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQPCMgr.qbox\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.3.17201.218\\image\\qbox.ico,0"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\TypeLib\ = "{593BE60A-1C6A-44F9-946D-A5EAB2D53511}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu\CLSID\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}\1.0	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

QQPCMgr_Setup.exeQMCheckNetwork.exeQMSuperScan.exe

pid	process
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
2948	QQPCMgr_Setup.exe
3724	QMCheckNetwork.exe
3724	QMCheckNetwork.exe
3724	QMCheckNetwork.exe
3724	QMCheckNetwork.exe
544	QMSuperScan.exe
544	QMSuperScan.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

656

pid	process
656

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

QQPCMgr_Setup.exeQQPCRTP.exeQMSuperScan.exe

description	pid	process
Token: SeDebugPrivilege	2948	QQPCMgr_Setup.exe
Token: SeBackupPrivilege	4864	QQPCRTP.exe
Token: SeRestorePrivilege	4864	QQPCRTP.exe
Token: SeDebugPrivilege	544	QMSuperScan.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6a6a8bcf2861af81a6a553d1be91c639_JaffaCakes118.exeQQPCMgr_Setup.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeTencentdl.exeQMSuperScan.exeQMCheckNetwork.exetencentdl.exe

description	pid	process	target process
PID 4748 wrote to memory of 2948	4748	6a6a8bcf2861af81a6a553d1be91c639_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 4748 wrote to memory of 2948	4748	6a6a8bcf2861af81a6a553d1be91c639_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 4748 wrote to memory of 2948	4748	6a6a8bcf2861af81a6a553d1be91c639_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 2948 wrote to memory of 2284	2948	QQPCMgr_Setup.exe	InstAsm.exe
PID 2948 wrote to memory of 2284	2948	QQPCMgr_Setup.exe	InstAsm.exe
PID 2948 wrote to memory of 2284	2948	QQPCMgr_Setup.exe	InstAsm.exe
PID 2948 wrote to memory of 4772	2948	QQPCMgr_Setup.exe	cacls.exe
PID 2948 wrote to memory of 4772	2948	QQPCMgr_Setup.exe	cacls.exe
PID 2948 wrote to memory of 4772	2948	QQPCMgr_Setup.exe	cacls.exe
PID 2948 wrote to memory of 5260	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5260	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5260	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 5260 wrote to memory of 5276	5260	regsvr32.exe	regsvr32.exe
PID 5260 wrote to memory of 5276	5260	regsvr32.exe	regsvr32.exe
PID 2948 wrote to memory of 5408	2948	QQPCMgr_Setup.exe	Netsh.exe
PID 2948 wrote to memory of 5408	2948	QQPCMgr_Setup.exe	Netsh.exe
PID 2948 wrote to memory of 5408	2948	QQPCMgr_Setup.exe	Netsh.exe
PID 2948 wrote to memory of 5512	2948	QQPCMgr_Setup.exe	PluginInstaller.exe
PID 2948 wrote to memory of 5512	2948	QQPCMgr_Setup.exe	PluginInstaller.exe
PID 2948 wrote to memory of 5512	2948	QQPCMgr_Setup.exe	PluginInstaller.exe
PID 2948 wrote to memory of 5636	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5636	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5636	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5644	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5644	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5644	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5656	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5656	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5656	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5664	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5664	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5664	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5672	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5672	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5672	2948	QQPCMgr_Setup.exe	regsvr32.exe
PID 2948 wrote to memory of 5688	2948	QQPCMgr_Setup.exe	Tencentdl.exe
PID 2948 wrote to memory of 5688	2948	QQPCMgr_Setup.exe	Tencentdl.exe
PID 2948 wrote to memory of 5688	2948	QQPCMgr_Setup.exe	Tencentdl.exe
PID 5656 wrote to memory of 5760	5656	regsvr32.exe	regsvr32.exe
PID 5656 wrote to memory of 5760	5656	regsvr32.exe	regsvr32.exe
PID 5644 wrote to memory of 5748	5644	regsvr32.exe	regsvr32.exe
PID 5644 wrote to memory of 5748	5644	regsvr32.exe	regsvr32.exe
PID 5672 wrote to memory of 5792	5672	regsvr32.exe	regsvr32.exe
PID 5672 wrote to memory of 5792	5672	regsvr32.exe	regsvr32.exe
PID 2948 wrote to memory of 4864	2948	QQPCMgr_Setup.exe	QQPCRTP.exe
PID 2948 wrote to memory of 4864	2948	QQPCMgr_Setup.exe	QQPCRTP.exe
PID 2948 wrote to memory of 4864	2948	QQPCMgr_Setup.exe	QQPCRTP.exe
PID 5688 wrote to memory of 5080	5688	Tencentdl.exe	tencentdl.exe
PID 5688 wrote to memory of 5080	5688	Tencentdl.exe	tencentdl.exe
PID 5688 wrote to memory of 5080	5688	Tencentdl.exe	tencentdl.exe
PID 2948 wrote to memory of 544	2948	QQPCMgr_Setup.exe	QMSuperScan.exe
PID 2948 wrote to memory of 544	2948	QQPCMgr_Setup.exe	QMSuperScan.exe
PID 2948 wrote to memory of 544	2948	QQPCMgr_Setup.exe	QMSuperScan.exe
PID 544 wrote to memory of 3724	544	QMSuperScan.exe	QMCheckNetwork.exe
PID 544 wrote to memory of 3724	544	QMSuperScan.exe	QMCheckNetwork.exe
PID 544 wrote to memory of 3724	544	QMSuperScan.exe	QMCheckNetwork.exe
PID 3724 wrote to memory of 1772	3724	QMCheckNetwork.exe	QMCheckNetwork.exe
PID 3724 wrote to memory of 1772	3724	QMCheckNetwork.exe	QMCheckNetwork.exe
PID 3724 wrote to memory of 1772	3724	QMCheckNetwork.exe	QMCheckNetwork.exe
PID 5080 wrote to memory of 1348	5080	tencentdl.exe	netsh.exe
PID 5080 wrote to memory of 1348	5080	tencentdl.exe	netsh.exe
PID 5080 wrote to memory of 1348	5080	tencentdl.exe	netsh.exe
PID 5080 wrote to memory of 1420	5080	tencentdl.exe	netsh.exe
PID 5080 wrote to memory of 1420	5080	tencentdl.exe	netsh.exe

C:\Users\Admin\AppData\Local\Temp\6a6a8bcf2861af81a6a553d1be91c639_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6a6a8bcf2861af81a6a553d1be91c639_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4748

C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe" /S ##supply=45137&qqpcmgr=0&recommand=3&DefaultIE="http://www.duba.com/?un_449343_3342"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Drops file in Drivers directory
- Sets service image path in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2948

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\TestMSVCR.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\TestMSVCR.exe" (null)
3⤵
- Executes dropped EXE
PID:228

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\TestMSVCR_64.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\TestMSVCR_64.exe" (null)
3⤵
- Executes dropped EXE
PID:4364

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\InstAsm.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\InstAsm.exe" "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107" "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\TestMSVCR.exe"
3⤵
- Executes dropped EXE
PID:2284

C:\Windows\SysWOW64\cacls.exe
"cacls" "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218" /t /e /c /g SYSTEM:f
3⤵
PID:4772

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s /i "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\\QMGCShellExt64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:5260

C:\Windows\system32\regsvr32.exe
/s /i "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\\QMGCShellExt64.dll"
4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:5276

C:\Windows\SysWOW64\Netsh.exe
"C:\Windows\system32\Netsh.exe" exec "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\firewallLog.txt"
3⤵
PID:5408

C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\PluginInstaller.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\PluginInstaller.exe" /install
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5512

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\npQMExtensionsIE.dll"
3⤵
- Loads dropped DLL
PID:5636

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon64.dat"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:5644

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon64.dat"
4⤵
- Loads dropped DLL
PID:5748

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMContextScan64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:5656

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMContextScan64.dll"
4⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:5760

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMContextScan.dll"
3⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Modifies registry class
PID:5664

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMContextUninstall64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:5672

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMContextUninstall64.dll"
4⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:5792

C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\Tencentdl.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\Tencentdl.exe" /install
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:5688

C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
"C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" /RegServer
4⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5080

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" description="C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" action=allow
5⤵
- Modifies Windows Firewall
PID:1348

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件Crash上报" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe" description="C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe" action=allow
5⤵
- Modifies Windows Firewall
PID:1420

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\program files (x86)\common files\tencent\qqdownload\130\DownloadProxyPS.dll"
5⤵
PID:2656

C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe" -i
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4864

C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMSuperScan.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\\QMSuperScan.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:544

C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMCheckNetwork.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMCheckNetwork.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3724

C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMCheckNetwork.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMCheckNetwork.exe" /AllChain
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1772

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\TestMSVCR.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\TestMSVCR.exe" (null)
3⤵
- Executes dropped EXE
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\BugReportRule.dat
Filesize
3KB

MD5
bbbcaa49c13a4aab5cc7d802693e8606

SHA1
ca97aacff9ff8c5cd41ce4a4d17884654b5d15e1

SHA256
02242c5d2ed699eccc62987d24256eeba09b3ca3f58d9d97b4987641345ce1a1

SHA512
d9426b3ff121e4126b5ed4575dba617ad4ef243a5b9e0e2a4c9c3929f96d3f0b91fa8fb5556be55aabcb5a04d11a228bb70a507c05f8ec35538c41d744925874

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\pic\Both_Disconnected.png
Filesize
31KB

MD5
00ef699da2be626beb8957d69783cf45

SHA1
a381db99b4c39b6af39e39820adab2d38cb5ac18

SHA256
1efc1cdd056be89f2f37253f3845c99708fb6e60ab243179390996915c4be02b

SHA512
8ce2d3be5e9a00b5372c2640ebe3fc8dba492437964a5961b904cb978cea1284a9684d0ac2868e2052d677051023093332a09c9a675b0916b3468ee78929048d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\pic\Check_Router.png
Filesize
6KB

MD5
aa19bfbfedc591a531e1e6bd775f296b

SHA1
a93012d5ed23695c0c2701a4e7ceb430b55f741b

SHA256
fecd26a1fd8bca2f88a758c0df90bf8cb6d9476b61a89806ffb06399037eb502

SHA512
2223a33209c040fd96b13f7bce314116b410864dfa9f9a119271f01de4460c4f18935c6e6ae0cba78bf4399b7b926b8636796b52630122513244c73420bc0497

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\ClinicData\pic\Check_Wireless.png
Filesize
9KB

MD5
752f6ed337ee1f8e8c944400757fa52f

SHA1
9237b59a2d0c9dc2ed06bb61e444ff5dae1027ba

SHA256
433c2f423344f967de20e933cc9134ad7b2fa3e669d144b620500946960b3ec1

SHA512
2945980632b15e3dbcc49b5c7342f81397f97e9862a841e21fb027d297c448ae70b7c36475fecc8de9ff6f698071d006cdcad98d5f6cd9de01d84f236641af02

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\FZLTCXHJW.TTF
Filesize
1.7MB

MD5
a58a499bddbda398e1275972e56b06f6

SHA1
24dfab81236612d596c97eb38b3adf5de99f669c

SHA256
7094b0c994e073c8d01cdbbd1e574bf7d02430bb8848758ff467a0ce415f6d49

SHA512
e0fc0fe3a5c47be219ca84c74cfa018cf022a1774a988aff19a34490334a6e776e3557ec8e1341a637a18d1312d669b21bc2d320d5d1c80563de407e5c7ba1fb

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\FileMon\x64\TFsFltX64.sys
Filesize
85KB

MD5
f77bd38f95c563ecdf64217ab53d6430

SHA1
807758af9ab995f5f815a509d4d1a40e32f02a3e

SHA256
038b499bfa3d4b72900631e27b53a4593970a5801d62e7a4be226337c1641e0e

SHA512
45d55d274171cea8711ebfbf61c7739967cf48356354f9a42be344dd626b0d0502e0dedd0e491184d8ed114c234c8beee2feb50073e84d80e13c194e2587b566

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\GFCustom.dll
Filesize
550KB

MD5
0481a136599f5367909e0eeaa1301435

SHA1
7caec2f0b0cbb7c74fc2c67e194dc01dcbf563e5

SHA256
e1e9d5fc2e393776744f15da70cd755215f84cb9c589cf5d756f9feadae0ca69

SHA512
816734524182ea14bf0c66cd78ac8a9c431bc92fc9a9941b6b2b5de00a185c414a302616d12fb17d77f0032b5ae644aa7899477d5bda2a7c36721298596b2f19

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameLogo\defaultlogo.png
Filesize
1KB

MD5
92c94435540af76b9f12390398aa5953

SHA1
af824afb3914b3e9cecafadabc244e2ac21f3cef

SHA256
13cf618aed9fea804841025558f79adde633f6d9a2f367df4f41a79e30499330

SHA512
4f28167484420add4c4150aefb652d44cbc271ef1b742bb074c2c89492a47f6d6271ee0242ad5dca134300dd9c0594fd5bdca78ad38d3bea6be6bfb03725a72e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\Image\net_err.jpg
Filesize
14KB

MD5
d916dd725680e4071ce10651f512ed6b

SHA1
4226398478a0e221b8d880feef9264c796729af8

SHA256
64000b4e116faddba565537ba741088ecce2133d0ea1130b6be200ceb96ae0db

SHA512
19bebb6ee83508ec58fad6446556df22663a92588092dbef200d699472513fb707a4dd45261b7699269172280149c1553b6cb2adf6d0b9a4b4b06025b78692a6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\Image\point.png
Filesize
3KB

MD5
d1a50b8e94c6a1e05e7f56f5f8536667

SHA1
5f2d15204b4e69fb450e7b6eb3ff56d885de5c12

SHA256
6fad8542ce67198cab418e56eb2523e2a9937852dd557afb7ce0c77656e892b3

SHA512
512eeb1b6538fa8501184bdd4d30b8668199e90b12403f8deca9592aedc4d1193f6a940548429002508f8e10914b14a249de0feebc3aa4cf8540c736187db01d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMCommon.dll
Filesize
698KB

MD5
697e5c4bc7b338810abce015d7fda972

SHA1
7cececcff25b58c8f275ddc60b8482a8cc1b2ea8

SHA256
9b0de00b4b8578660d7d3a42ec8366245a01151cd0b97da537bc7508a375b9b5

SHA512
47116f52c620a3eaeb6d02039d0b4c2be7ba882e0296fdfdedca9b66c59a1e4549ef1bca0de81e1fa77e14db8536d89e3b7e83e22f614297f01e90dea6fe3f8c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMNetworkMgr.ini
Filesize
66B

MD5
41eb17baad605779b76011ead23c8bfa

SHA1
d5ad3e1d7b4c90ec49e369252f2e5ffc148bf779

SHA256
b64f2c165c2c9b80dbe8de35a411f460afeb420256f03c2252dc6f733117cd8e

SHA512
e32f9d501ae12494959f77c04a5a320a577fd98fa8a0a6de0de44758940b039258a1d78602376fda2057213f61f1b5518a9de2e57215ec06baeaee51f2cbf55a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMRealTimeSpeedupSkinCenter.zip
Filesize
84KB

MD5
e291240e396630d91d8c7929df800c5d

SHA1
5178690279e506116ea74af7158520f5b49027f5

SHA256
97c71b118eb9e00c8737cc33ad4bcf5abc396cc1c40ca3a6c2b819dacda89a22

SHA512
d544531e0ece2e978f6e6723aef3ebe1168188abcd65669ee794569a7b2b4cad10752771f13bba41b241f24b836ed625b4516dbb4d4cbbf5941781db738419c4

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\QQPCMgrUpdate.dat
Filesize
656B

MD5
8a5f11febf388fcbd704e249e674b866

SHA1
a187c49c32f64f2845101607552414ff6f1a762c

SHA256
b4375b5bc436df4dc67fb5d6bc99a328c56ffee063fe71afdb25d296a397f27b

SHA512
5b249c17f61f1b14a8c8d110dd855a484fa6ff006d4ab5321cb95810b534ee95eefaf690ddd853e6a9c2d1f76c0afb0d30eb82581f2f198bc2ec699087ed81a1

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\QQPCMgrUpdate.rdb
Filesize
359KB

MD5
05d9f356ab51230f4042b7ab0fbd0794

SHA1
8df7d04d01ba5ac5d801c9312d91d3dc9949aed0

SHA256
3c798dd79db080642790e026fe44f1eddcf5a98f44ccba3607d11e65517e6776

SHA512
c8dfe28cff69b156a0d9e97604b12e5a5c55f205af27030dce6964f61a4199ae67b314da7cfb1c78ef3b73cefcba6f0019bab02c86a6b8eeb38734dc4fbc8024

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\QQPCUpdate.exe
Filesize
546KB

MD5
f303b5eaa6c944095a4c0cd7881a4145

SHA1
527c13dc80f32fdd768ba7142ddff0bc1f1e3f47

SHA256
b57b9a8b40a55c899f92824393d46fc8be97c7a287ea5732a6365a30aa83a608

SHA512
c923dad6fe03a91dc59d046d39c180da2f1ac3ee384d15fc9eb9a19d09035d916012af42a814786e484af7ce148bfa573227e265e1dd364d6925f44a76388dc8

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\tinyxml.dll
Filesize
98KB

MD5
989f284c2c9c9e0eecc2486fd35cac69

SHA1
708cfabb8f2eafe20ac7b92a0e44395fe7ee2b70

SHA256
33e5c8b4769434f25c0bcbc900aa8bf67dd31fb1c91beefe2fb5b30e9493b1f3

SHA512
39b31ed295cdb82d7f4ec2c63e35d6eaf36afe38bfad42a12fd13a2eb984b44526d6e1eb3de0e40c163284bbc584b2aacb133452da13d6ef8110fcff7f09d55e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\xGraphic32.dll
Filesize
90KB

MD5
8ccb026c3939c1e003df4dab099b7169

SHA1
fc30e8d5ebb4c36e1e5ec00b3ff7e1c6f0bf3890

SHA256
a0ddc1d5a04ce902b3f51da9a776a852a8bf1493afbb8363da85eb5f9a633208

SHA512
13a87b34eafb1237c3e3b76a2dcb6f02b79a15ce625a3fe4e1a881eefc3697d149258208c044b15d0936ca0750802105a2da64a0a177459f3f7161fff13c811c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\xImage.dll
Filesize
190KB

MD5
80f265806d0e0e89d6e4d32f8d612ea5

SHA1
d1ebf930391713a88527114e57c551724a370886

SHA256
3336b50f83930cd4b35a53358f0460678fd25e416d91ca5d885ff8de150198cd

SHA512
1fa5cd21e468085da65bd1867c87bc46f8666aa819e2bf8b594979fecacca7b3248abaa5030ea576dcef4897c17169989dbe71470d7f244508c534ec1edd9514

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUpdate\zlib.dll
Filesize
86KB

MD5
bd6c48ba68daeb86833aa6b850541f2c

SHA1
092aef7aadce020ed99523f043436c9b4e1f088a

SHA256
7edcb2f6e382e9f38e061be8fe3d6e60e9a750c3baf29791adf900b5d396d363

SHA512
6eee47c41b670637e33a82cad3baef197e462561d6b1d94467875199683e24a9b7cbbef72c06b37b9a8b04fda03025b3f15bb296b1fb6be0dc6159124fd9f76e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCCommonMgr.rdb
Filesize
2.1MB

MD5
87b27864228a7a266c96cb43490c0824

SHA1
7d7fab21b649ec4e7679b60733f1c3234704716c

SHA256
85aed0f9b0ea5c41126e2acbe28bfc8530baba2ccf6d33d2f0e30188b9452a72

SHA512
0e09c74f8375943156ca706cdf1144e28a32225056624b835c88c942221623d36010c5e5525f64fe3c6726b2727149c6708e1f356a07eec5aa4cee27379158dd

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCSoftMgr.exe
Filesize
1.6MB

MD5
0c4b8d51933a22009282b47e38df745b

SHA1
d364d5cda17ec811793da889114f780ebeb711fc

SHA256
3ba4892ceaa422559c1b03e29e5712b84083b22cdad4c1164fb929c6b4a62a3b

SHA512
751d0cdb6de86ac3118119ec5faf7a63e5926c6dd426917a20c8ea74a942a9e1d6ccb3c5f19567c09f83c02dcef1784ea25f914d01a64f8948178cc3f36c1a7c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe
Filesize
346KB

MD5
f14424c5f462f9560a87a6aa4df2089e

SHA1
6af6238b7f7e48dfc99091479fcf33af5feecc24

SHA256
d9b0eaad0bdd52fc644857b63067fe84c8c0f243d4fe6e9bdef6573697a4789e

SHA512
4c510ca6d7da7068339639a8df570e192ed2ae204386092e59f908712a4d66bfd6dfd3260c87497a890bb93852b7803c50e970de92b35c0485b218d7c489a720

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\Tencentdl.exe
Filesize
1.0MB

MD5
16e27465fc02e6974704fd2187e92144

SHA1
010a8f7ddb6d6b3263cb710d9f80e481db54be51

SHA256
7d33f460ff3c391a35402c3eb850f07996b1d94019b3d4505444ffab26bccda2

SHA512
b70e96aa3c185fbbdad56ffdd9bf9b6d5fdb1fa34bcde197085940adc453b9c4d7784dd37e9e1b137caf9d93dbdf8e379c20d3624aa961838f58ff8f1838ce1d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\bugreport.exe
Filesize
714KB

MD5
f9e9b340f036551e7f1968c0501d3364

SHA1
e3471fef3deb049366da2714769f46ac17bfe2b8

SHA256
3efcd25b38b640fc43633ab6e40342718a8c757dc2382537b58a719300432817

SHA512
e96bb429c48efe3baff1dac0fe72aeb683f0a4eb066217aed976c9d8c1a8d4275212798ac2cc770f52482d85356ab8c1ff7272e5e41c27feb0ec432c993befa7

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\dlcore.dll
Filesize
2.1MB

MD5
1123cc85ff12a2a9c44395e5362220cf

SHA1
6e886d10ee0ffaf118e13065283ddb7408099407

SHA256
544b58015ab218dfe4fbf1cbbea7fe9173f023edb254d4a9932a0656237e2a56

SHA512
8693d4fd1f2a83322f262af5a094c6bca57df734514106ddf1c2613f772c2aa2de16ca90a4aa275723cd336163634abecd85742883652c5f3f94d8bb58211d86

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\extract.dll
Filesize
361KB

MD5
e28497e0e9266ce04271815fac080f12

SHA1
9757f0b40b89201e16aae09339530d75d6f51cef

SHA256
81f92b3e0b9687b2258f521eb2ab25d65516494ae7cb08b4bc5bc290f2a2e0cc

SHA512
d46f60f2bbc3b811cd0bf2de199dca6f5a14a742614f093938ec6ffd7adbac5b3997d4e6e1062485842142a2f614dc4ada7170bbda84706a07fb86786d30c529

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\AddMore.png
Filesize
172B

MD5
020e693e12d5857dab9522c9822f9ac8

SHA1
25f02fe9626ca6064fba8f53471c8eeb685ed64d

SHA256
2a1d08aa13d300f9bc40c0e2de79a6f474700c3223a7dacc05fe051810fec665

SHA512
aa9c9892b2a73481d6162868a39b307b592a0d10cb683527ff25a08cd69b1f2e592879f536c4f893647fed69e6454ad6aa1389b4a11986cd9d505b341f8ffc53

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\AppMarketPlugin.png
Filesize
1KB

MD5
f6a6f22f5f5328887f6f0c91c8b9896c

SHA1
c1cb75597fc72a4970a5a6e5198646b615605518

SHA256
10fa93e981dcaee45f4f689f9984a91996d606488882965f5d33d08986950c4f

SHA512
91b5ec0e31720b69522e5613c51b6a91da05c859f9ac9b069e81c26028f4952ffc7f651b45de46c726bad74e116cca512386ea02eb4aa378e70418e44b36ba5f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\DownloaderMgrUI.png
Filesize
537B

MD5
71b7eca7aadc0a7a85040d6b14a74784

SHA1
423152c2b01c8bf7aaef426af09eb5175254585f

SHA256
58c2e8a5009b04e213e0537861108bce13772acd0917bf8c70cc33660343c7d5

SHA512
8eb1b47bd98787274cafef4dec5bd3cba9c9fd9e4a9d6a0d3e77db36d7c7771e345aaa01ff9d0946b21b58513de689d89c36200a6a2bc4ed7583b148b4a4f0bf

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\FileSmash.png
Filesize
315B

MD5
85e5659f6932261f6b130068441f6cb7

SHA1
ad9905f11ee26115c57dacf5397a6d7ec0930063

SHA256
c1b0466b806e64b22d0a1d370aecc0323f9c0281071130e43507473aba6428a3

SHA512
379d674be041f4c4fb7c30b2c44746b5229277edb031e343a0cacefa8d0775c2e7cc944a59e69c81b7b1abd853ebf532ec1747757305faf9ed66cb4a03610b77

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\GameBoxPlugin.png
Filesize
1KB

MD5
fe0072573ce7a53bf0ac07327675824a

SHA1
969fbaa6a44d99a365cc8fd8fcdc762f26598c68

SHA256
3e110ee89cc1059bf04d20f3ed468c763659e296c9dae9d22c583afbf65aee6e

SHA512
699792124da24cd1066f7a8aa8500e8844ac7c9f53888ab4a881fcf86bf60d3d7d8f062e59f3160774d2313eebb9c11e18710ac67b69b4520d570134e1a9c6f0

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\HWPlugin.png
Filesize
404B

MD5
328b96b5a3d6a62e36017198d22f381c

SHA1
2b45c53aaf837b822b0806c4dc8de0d517d09201

SHA256
2559175d3316801d5e2caf8ea6de7d14afe47502ddd281da6bac486da2e5b43b

SHA512
a097ea6ee30b325fb2ccfaf07d036422fe7306b125c59eed5add7b2a437dd2667cf1645771985b9b6afe4652b7a4cb7d1d7fbcaed783135926de199fb88af5c2

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\IEStartPage.png
Filesize
302B

MD5
a14544aed56b9cf997804739ba5a1f83

SHA1
2cfe804d28fee5017e7a6646705434dee64a1838

SHA256
4b70ae82ec7ac07cbfe128974a94d5fba19c630357596672f150e7f610570bd1

SHA512
c8676f7dd0d94be885f008b42fe1ae75369ba30959a9be0a82ad8c5ea7e87fc3a46cf9b417f916dbd9f67a5fa6979d2c7524a8fd487a81988f8d1a6c63996ae0

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\KingRoot.png
Filesize
1005B

MD5
6401f07be535a6502ff2ef741dbf02ac

SHA1
cd0b5268d5140a0b5f7a093e0241da570a53b0ed

SHA256
b90186365adaea367367cd41dec45f856a91ba791471941ea93c5b0dcfdf52f6

SHA512
057b7d5b001bd4f83e5ae56d55bc8be882df9137fb2d30361fec7f6057e93e339920d224e452993e3216b5ae4a30244f218c67dc4c09a4a717d663ed439258ed

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\MenuManager.png
Filesize
605B

MD5
93c9545b9b8ead195a535c97dc35468c

SHA1
719ebfb20504e6d92afabecee6d575378aab6c00

SHA256
7d9f41e869f0f3d0fd6dfc3ca1f42ef164cc731fcf4087e50f0a19f9ad63c6ae

SHA512
da44f18a1fa41c98311a977c3c1f352a59426736dc0bf7fd13898b45e279aadfea96cae5fe7a7f5ea43fb0444dfff124bf1664397f104525f3dd264a9879d5cb

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\More.png
Filesize
448B

MD5
80fe569694d11141afdd0cceafe0a188

SHA1
81030454b767f176cd7b1ba70650d17aea7ae147

SHA256
ec518469a3a18d94fe556b0e0d93037bd9062778fbb774ab155c367f5d413c78

SHA512
edadb70fc700f269600828cc01b3b9de4a71fc06d73b153aafec8ee89ce41f860cbc1e454cd250e1b9872a53ae3c71b9647da303b051fede139e6a4351eea5e8

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\NetMon.png
Filesize
681B

MD5
fc82b79031fdecd8e2cbc689df920673

SHA1
30f830f438d15f8122fda05bba6dcc89911846e3

SHA256
43c4606b605276f0a1bba40858c4c7473d964e54bc5fd602bfa5fb5343f8b562

SHA512
403a9be5bf72300345de0695a2185590b99368e1334719c0b2d9468b1b90ba25ed024892d6d886ba2fc738526b9e06c0b4a6fac6d2440e790d3b34e8c68c5ae1

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\PhotoCraftPlugin.png
Filesize
1KB

MD5
9a0b187246bdb36ffe60123d06d6576d

SHA1
f4425cff74e28132dffc007969631a20ec3ffc03

SHA256
60e6d8e0ca1acb91d1bc6f5ad868060474c07622a32c8e0147f1130dc4e9e43b

SHA512
1f6a0c2061dab89c2089807b4369ae7dee5390a7b4d827c57f7ca350f502ea11d2f24cf7e296a87caeb8c94deb79aaa8453f21da5176dc76b3259b17ce1a067c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMAdBlock.png
Filesize
565B

MD5
b3381cbd1137afdc1f43c44faad27806

SHA1
ae3942cf0463e5f5a3cb03ded34d61f56a9fa8c9

SHA256
d3dd8a97968640f7ddfd03c5f66ff3c229a2d40972ab24460acaac0dfd37b760

SHA512
ead2e9680ed4ead09b0028ad631f480cf7a37e069faa5f944484ea28c94f42f31b7dff4221720843b640454476f1780cdee3b1d1c4efad49f4e18e7faf80899d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMAdFilter.png
Filesize
942B

MD5
e0f256230c7ef6e4daa5b3d4dc036c41

SHA1
75f4f8605c80c698447b903034ed6008917a7094

SHA256
a7084b2c1b57aa29bc583ecdf3f25e0f26d51c0f0d48349b3cacd52f673a3322

SHA512
9b6d39f2bd5b9ba81f470c9006973fe6a0e59ecd80eb479f4c05a3bc2b7e92f272d673897a00717dda7f57549d99c81b45c0e6049abadd47a74cb80e83315e41

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMArpMgr.png
Filesize
789B

MD5
d047379030af94efb0679efd9bfd1c44

SHA1
f697f300d6f195762ac0e611bc1e25b48904b066

SHA256
2821efc48640b05e6f36e60abc581127aca8d8503309a6b3db87977f0f60953c

SHA512
7fad870465906be6810686c6cb6f6b36909110565931cd6b7f20704e9329d34fbeb2d79bcee34e0f69d55c78f6d7d32a4c13570df594a0ca2ff9119f38bc5b10

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMDnsPlugin.png
Filesize
247B

MD5
def24dd2f58022eeb9ac4353d0d2dd47

SHA1
c3be92f10d6b0d6ef2a13d34d5c0a1d4d18013b2

SHA256
5afedd5f4e1ae045a3e9101364c40fd7a0233a45c20d4f80e1b5bdcc0671cb73

SHA512
53047ecc688fcf1bd9820bd31691f63bf39bab8330c321ca3bae38f34cc1506537c9e097d84e573ab4c4548820f247ab66608532b9185e5d9006b938ecdd6851

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMGameSpeedup.png
Filesize
1KB

MD5
22012d7d57cfe7e137a3ce80115a0f3a

SHA1
67a12d1f745de5c3e40e68ac9e069c0ea7794ff9

SHA256
11ba72d24377b380ed46662b172a9e584a6f5bb4483830bbbd1b47018de08889

SHA512
40481471b65b51fa9b356b6d3d501ce883eb51072ffb0e58636c9bb4cad1fde5f061607ee23aaf3dfa90e4824f4fcda631e05953ea215900e976ea773c99bdfe

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMHealthAssist.png
Filesize
803B

MD5
09f931400bb03f4e545951c77a991f5b

SHA1
619e732d205742d28a207a61a49b8ff3aa5dc198

SHA256
f0e4f691d30e7ef91b0986ec51d7b22fd24112f95de463a6717defe25089839d

SHA512
e6c5d3322565c33a76cfee971710f24e6984aa1014ecc713a9fca8bb97a6ecdea52e9d9a7a48fbe95ac714a0055b3e162918eba97cb07e35806a5462c10fc7ec

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMNetConnect.png
Filesize
912B

MD5
89621f31b719cff4ee4359e31fb78117

SHA1
28469715faf9de031dbd2266f58d579d26818ac3

SHA256
4199cda5e9192d9531bdce55af84933f5302eefeed9b4635aaf4972a3a6f5981

SHA512
06bfc812d3e2b58ac546f0a1bbd88383c78d23b1353954b4b28d8e0bda5f6062033b3c28503c38a255a68ee67abec3da1a340f5d58fd5f0f510b6092efc74607

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMNetMobileFlux.png
Filesize
734B

MD5
1c15f447e7b968e29c74aa724dda22a6

SHA1
520ba5c33ce3d93b24560074de998dc00d8dc72b

SHA256
33d07daf29f8fd638d954a7b66c04c9bf168b30688043f5fd2a962abc4637fc2

SHA512
2dd2b97f3daae319d33911f166af68e1efb44d6cdd36baea0be369b384449e8bc6ddfe0ee664652f44614cfb7f19546a5dcd4c157c83a918c708eb75d3df40bf

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMNetSpeedTest.png
Filesize
894B

MD5
a2c598c38745e9f40b60fd486adafddc

SHA1
14a358c0fd3f7646f4d44846ee197086e9455a01

SHA256
00546cd54bdb484287daa1c839e237c66cb4c3b886d26f0ffb224777ab175cd7

SHA512
0a47ef719d29f8a0ef6717fa6093ecf258eb9b055105127bbd1d83f1ee053f32c328dab56ba1366a7b598a6de4e1be4ab2bcea70c5b0580ca9db20ff77563e84

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMNetflowOpti.png
Filesize
734B

MD5
65ed5aa2c1fc3ecd85cce5ea24312ef9

SHA1
e1972cc6120fad1c6ce5f15d1bcef44c6d6b73da

SHA256
a57882c398166ada89bca210115b76f711d0be2ea4c844a0c602433dcc81eb91

SHA512
b54b1d083b5045ec17c1c147a1ceb4c0a3229c94fceb9261bf12a9afd28efcc4c8dc29bceff4fd7f6647d1e927440763649139c665a083699d62cb0187b1bcc9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMRouterPlugin.png
Filesize
1KB

MD5
fa58decff050f8d8bdfebd3c447685de

SHA1
60498e281d197c9ae21e61c89fb7c00b376e9fc8

SHA256
ea859c6e85e83f4b8c2f442d911015fc1945637c089a44aef0342b508516cb15

SHA512
a45d55d3b7c010ccf530a26b46b380f5c0dc8fe0a0f0ee6470c1b1ae5d4aac556474ecb1bdace58011d383739e83d27fb0a7b0f1140b941cbb7153e52fd6077a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QMSysSlim.png
Filesize
1KB

MD5
bf934f590b858c4d1a1509df5f051ad8

SHA1
36c1376247da96eecfc0c66cd4b94ce2d92f8b9e

SHA256
9c89ddc60d5aa0be508ddb18c3a7f2040acd0be25184a2f5ff355cb9f04e1df5

SHA512
cf257c96001678c3302f707e25397898ff35f0eb17839a882e6d88c5015190d2bca79d8a4c155a72532f3fa5d3dd04e8c0155702291f4268445e8acdce26242e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCB1AndroidJmp.png
Filesize
789B

MD5
df8871c5c0e1fd627aea043529a47c0a

SHA1
ade6a15bf6af67bcbfc3b899c5895320cc9de2c4

SHA256
6ba789ea1c5250eef5176464e1138fcb53e29c92e226a4162c063691aea7fe81

SHA512
7ce510f1910da47c6784696aaec7b7e00a1a4c699c2c9992e4cca5325c2a3302ee048dfe19369e1ae54f885c0d298c0e7a0075fb3be5da82a74d950722ba6138

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCB2AndroidJmp.png
Filesize
208B

MD5
54709f454a9f8d58351a81ed0e4ee0ba

SHA1
6758d520af476b607e7aaa0245d3d85015bbf72a

SHA256
d3f892b89e5e9967d8cb7bcce0a737c5a38a44b5b7970558e26261d0f7d3687e

SHA512
23ffa95a0eb0ed441cb6f981d6324e82f73f6d7d63261ed4180522487d93bf7f7df671bdfa8d55523d54b9f18e8ee4368c8a4f3a7e02708e75a306d350975515

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCClinic.png
Filesize
930B

MD5
0a3cdff5ff5f1c02f5a6fb8d6006b69c

SHA1
624949cf9c893b7813e3ceedbe28a253d319f7de

SHA256
c46352088d9f427887f7b67cfca5bc4aba0f920f4e6aa334daa1059043d30d1c

SHA512
e477db5ec930a7200b13d88fe9229fe0e662ccd59f596bbf7c934fac8e92326883e436f68afc70f0ddecc81b8acb25dc43e2f4dbe760b5613dbbbd372f258ae1

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCClinicNet.png
Filesize
946B

MD5
6ac9015bd0822b75bc4a83d27b725cfd

SHA1
896491af6de0952fdf1834ee4879f34c18088392

SHA256
597ca40a2c684828599a79bd6a83b4a4a0074e91759311b197e2be513b8b4f01

SHA512
b3014f9e1dbfa7c47a62c539a81abd5316c37a1bb7bb678df52dc2a489b080f34d301599d54d5d9080dc6402b997d61f5ed9ffdbe3fa332ac767c98218683c57

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCClinicNetRepair.png
Filesize
721B

MD5
89aa12879fa512a591c198f570f3a687

SHA1
added42db9d114c4596c393701b6f0b78f6e4bc4

SHA256
dcfd053f6037b14846879577c9c7eff54ada0bd82b701625fe3f152994e1af22

SHA512
f3d7d240343c04661682a8088177a3cd9950924b26515ec6ad9eb5decaceb6b06256bd36290b3e36fe2a6ee05caec88fdca8799c59ac451f310ee70cee22f7ab

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCClinicSys.png
Filesize
993B

MD5
65f17afd20c9fced008536a51e2ab0b2

SHA1
b60745a3a744c05cddf85e393c1a8fb8dcdff25b

SHA256
362cd34753b9e29a98d11d92906764a21c1c52be3d7ceaced86b6fd8f863adf9

SHA512
15e2def0011b7dca58026c4d48c6a66a7cccf4936797a418562eb1b17526d40a04c4b22521189c6b40072e06d26bc4b71bd61c814bc06978b14f6162ea841fdb

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCLeakScan.png
Filesize
1KB

MD5
81604a78d5888508f63fea205b635363

SHA1
5c2c002d2103d475d8fccc2dfc7d7fdd2ae8ee39

SHA256
92685c58a213fa52ca26942e10193c626a8b15c370f7b7847e96d97f05ff37c0

SHA512
6f9b38b34d4fd22c4081aaf9d45887a8340ba27a173b7d517897ce7e767580709f1d84c5e0a4160d9bf55db33d4586840a7c92d2a68283bc2e72d085bf95baff

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCSoftMgr.png
Filesize
711B

MD5
a4c75a0d7d9fd0ce8b8286506222b0e7

SHA1
a34b5c5c5e281a62ae79a9691b2872b84fc66b2c

SHA256
fa3e54db15d5d9740a6427a482e3afcfda1ac91da9644a5a6013f50063daca03

SHA512
252b87850cb6a3c351887d496cb9b9c98ffa708db8fcb34576cca3cb60dc0c80f270daee825009b798b5f2642dc16f625d91a6df04863a7c570f022760cfc8be

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\QQPCWifiSafe.png
Filesize
1KB

MD5
3afe88fd6f6c622a9067fe633fa094eb

SHA1
af0d4b121a0b1e2b80b1993caafc118a10a1a084

SHA256
63bf1f88aa06ade9bf02204c484304a1e347e12f868ef37a2a258503da1d8be7

SHA512
eb9bed090df3760ff96885fb674775d74c7a26e1465cd6110877c9dc40817594e4b94962451abb5760064641ff6ba7802beee342e345b6d611cb7c07ca1eead2

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\RemoteAssistance.png
Filesize
686B

MD5
00e526e1e182bcde7300a5733f7d72c3

SHA1
5344c40c7b27a50fb15a6f3c5c9fdb243d9ec567

SHA256
05d7d7ea4a3bbff4d230a786bc92cfc08c156aec198b78c2272a5e42b2f64d5e

SHA512
0f5df82603412f1c0b8a7456a617effc72db1faf05a7ba27d689a6d80ac705bc5dcf1ec927b436b6ec82498e56fecb205809aec1e6d93bbcce5f75ee7a31fa46

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\SoftMove.png
Filesize
552B

MD5
4dd9a4190ce231fd03de1044473b1505

SHA1
d6cbc9f1d199351f784022b74eabfc534ae1611a

SHA256
63bd2883be22a23856fc97a0ce05b8b8b9020c242067ad81679d799a92c7ccf3

SHA512
6dd0bfdd031a0e44ca4fcd7b4721cd43cbec59fb4dddfad637325dd73cf2b276b3c4481675b21e904e80aae8045bfa3b3bbe819b2d10b7b601ad883482da20e3

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\SysGarbageJmp.png
Filesize
735B

MD5
7a3b3184d4b388dcc0ef52af86687f1e

SHA1
0b2f68fe940b8ea641dfeaa57592a589bc0fee01

SHA256
54fb1a75d994b686520a4e3015a6581dde91cb4a23af807b0b6cdb0c79d00a28

SHA512
181fd1dcaf292926db878e76f9f5ddd9862015f4c7841f15a8dd7e0e796bdbd1b79657088a908c84fb45a0f8828ef63ebdc4259c8da3969815e3b2d88991f6c6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\SysMalwareJmp.png
Filesize
565B

MD5
ce7204a2df88157c184cd4b588f6db8b

SHA1
412853a4e2aa8ad7b63f9ebec0c1470f7d68c93c

SHA256
1207d986102b89404ac2e8ce965bb101b94190cd8da5b4c73faa47da21e55068

SHA512
5eeff1152ecfa508eca5c58a9fd184a00c33e7bf7b03d7bf6328fa6549728a50bac499dbe62e25cd3b769aaf253352949d4f9d914a18cfea56b6102720e97f38

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\SysOptimize.png
Filesize
591B

MD5
3f9a4c58c576a3230d9c83958d0da981

SHA1
f63d056ec80bc4761c4c271885f4d6d10a011738

SHA256
ad9410389fbc93914eb934f2a3c38325295762839c57b3e60435e0aeec6c0211

SHA512
e6e8576be956e338052d70022d85adf10fa1e5bee479b539fb639e52731fa19407ef5d702bc34686a0e54740a64fa68d320ba136e72c29bf287fc2822efe31ea

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\SysStartupMgrJmp.png
Filesize
1KB

MD5
0ca64388d08dc88d8e0d1f039c47d932

SHA1
2ef6af230f6b8be7ec3c48397f842e4d054a0825

SHA256
46cf89e61a237c21fabc454c2a94cc810119e6e0e11cd38fdb53579b9a17d607

SHA512
45c1bed6e31c87ec1ea201118147cb77616dff1bc5470c6f96e78e664f328542bb10fccb571a1c885608d3a2a6597260f0b45db2095beacaae69f91fee941c56

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\TencentNews.png
Filesize
1KB

MD5
d8cd2d178860ecd5062821644af08218

SHA1
72e18b9022b4b57c09f0bd634b22bd10628467f4

SHA256
d74776186b5ca11d1c259a127f1c9aafa727b1b9d70ff4059e40b9ab945d0969

SHA512
0e4810cb9be8a0e0b1e071d788f0714dd7761f2e0d8a147648ffe522e5f3a12f3f5a42930c67a0167da4ef4cd775907ab8e317ae78794918a2ea2ecaeadfab19

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\WechatBackup.png
Filesize
864B

MD5
7d008143b0fe253d7dd6e66212aa8c85

SHA1
458433d405f1042f018474665940a37fb31a3200

SHA256
1ed35da1ff9b18949de47a2b0f47537b1c1799ce6784c9925a1843787eb17c79

SHA512
c86c272bb88a99060785aaa241ef6d9e18f4a2bbcfda6779d65b9db24a9e079741c4f82635c07b8235af7ea21cc26dd0dc371c0cf7f492b65fa19906f271a1df

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\qmsxtboxplugin.png
Filesize
593B

MD5
edac56c071c4060631f026b183abb130

SHA1
43852052e8e48d4732ce0bbb35da7a8055df475e

SHA256
eba85c4c5524b639272828ec38428160de2b334c3e8af9688b757ed8a4d37468

SHA512
3ab06446b2e604c04fb17d8a54cf5d5c38be4e376ea5141e6c31457f6edeb782d6d0e1e7f5972302ac2b026e0a33d3cb7a6ab0a473c7897a9ab1a8945a05b45d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\qqpclaunch.png
Filesize
1KB

MD5
aaeb43eba56f3287a790418708419dd4

SHA1
589c40d57cbd28289d5d64d74da73e71c03c724c

SHA256
def7270f57f401a1f536dcca0592bbea344f905b61e40c259a751f5ca74fe4f9

SHA512
f550a95e28552421bcb0a785d6a8ca3bd10482c7abefe7ef218e88d94293fd48b55a488b9bf7e910f4915ad5c7f65162e5c97e8f296c505eadb37eaed649149f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\qqpcuninstalljump.png
Filesize
514B

MD5
daa913f733c8cc054bc1ec95a1edb7bd

SHA1
1092266ca2c4817342eeb2bc068063718095db47

SHA256
e93e8669529a0f7b7bd6ade71bd80661baab4f7c36f527d4a766b5d9bbdd254d

SHA512
7c3a903624fec43555f8de2c9ae566ecf72463af491a9a2eb57e77990cf7e125817066435f3c8b024e19fa6b23d7b6b0638303997ed35a2b80bdd8e87483a6f3

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\qqpcupgradejump.png
Filesize
483B

MD5
07f0717ea5099b1adeca053e05e28aa3

SHA1
e5aee8d10c4d352552e310baa491875f973b64ac

SHA256
493982f87fdb48c3b12558149c84f0ed5901e498792cdc6191fbf8124af4b7a2

SHA512
791904a9d15b5abc6eb6cf9489fcfbcdf4590203ceb5dbf80d946efcea8213516488fbc1be7802d370f02fb982441d181bd9042b1e4460a2e0d20b8b4aeed626

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\ClassicLogo\qqpcweiyundiskjmp.png
Filesize
1KB

MD5
a188a5f0cbc0e22376bff626652fc005

SHA1
03b8a6b263c7e204d73ccb7c5b46d066852d933c

SHA256
d816c70bd7f895580103a2286ed90b4a05759961da5e68ec2665374b13998715

SHA512
7673515eca8f5ac3eb7a2bd6e791a7f978a8b9033a3092a59a5a15f00a3de5b83df10b3885a1dc49f55058170218dc03cdaa2ee7117ff5fa101624b88e57dbdb

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\NewPlugin.png
Filesize
1KB

MD5
3b720cdb4657cffcd1b787515945760a

SHA1
6c1b085005294cae8eb757eb152fa645b46bb047

SHA256
5ceab4c92a6ea2988e5a3923c58b88226d6b3dca0bebc16ec7316fd2178f201e

SHA512
0dc816134d69610874fb1292454aa58322c38375b6e1783b1e4d84b1a391f051a18b5769b2f2f5cf8960a2f2da15589710508df96223eebe2e372fc8457bccca

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\Common.dll
Filesize
1.8MB

MD5
9f97986db2dc0b1984c5b86d6e6cb277

SHA1
d842f83b3f6c92bdff10d19307f165dae1034c03

SHA256
44536e1001edbf1b6060bcf76c0e1b7f52868396efcf41f61b3bb346c605f121

SHA512
4af63af15ac67e807d297c45adf65ae198e4a033e89fc6f35c0e4c43abcf57334a4266fa1aa13f4f6605dd2058a74f56e757369079ea11ce8cbca0800c8a313e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\GF.dll
Filesize
2.1MB

MD5
98537ed2b637ee9fe613d356d6a2315b

SHA1
0567a032d2824dec33ee306cd57ba88f55f06dd2

SHA256
52b303f8cd7cf5f958b4a726d6c15f19d26e15a067ec8fdd8924ce930f386bba

SHA512
cb14eb2aa509fa74857c5c8431b1333c92b2ad9c5a87edf747e281066c2073e09ba139e02d8596ab0f7114a58aa6a9bf12c40c0e018423f8c80d739d2f122c73

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\arkGraphic.dll
Filesize
334KB

MD5
6e67cc17373df5c4f0d4c911b8abd190

SHA1
cec68c7f6ff3830654e7adc7e168729e325a12be

SHA256
a0877adadf0609814676c01c0073687edc9fbb9a2dbef77599e8cf33cd3becca

SHA512
8d4da081e92aeeb39c0bdae5172eb0360ff14952670632d2226bab9cc1faeb60ce89c3326d5c2eac24fbcc5600c1b5a772850d16963898b219636e99da5965e9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\jgIOStub.dll
Filesize
13KB

MD5
81078ce3a928d63f9611a132e9deb6bd

SHA1
0181fb1340833cbe4f9a268b01239b28e01f80fb

SHA256
e5b9766a0ce2183d16120247ea40734c6e35d8c6a31dad3f00b541e9078d74b0

SHA512
8b5415adcb28bf7e19305cbe11aee65612abf78677f1d8166b7d605abcf842c9ed11b9ed3d81893c3c92f57e7986c30eedcdf32bc6fd4c3926627f164f499c3f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\jgImage.dll
Filesize
44KB

MD5
46e22ea434f8181894233d29201c51f8

SHA1
2bdd24ec7d638363f522463b52f6ac8c17353ee1

SHA256
5552936556414a2210ca41a274518ec80fa4ec7b8940d5dcf26cc76a0708b146

SHA512
c37b145ef7d6c58e373706c76e097922f7092c48eb801a0e537868108157e28cf4472ac548a3fdb1f7485830b48acc4f8194d6622a4533889c3f5553350367da

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\libexpatw.dll
Filesize
134KB

MD5
015c6f01b16a55cb24bebcc3c8d94f1a

SHA1
de2df059b878bafece411e98c63fd4c02125ffd4

SHA256
bce56a73d43e5d83e618bdc45ac7be450d7d11f86672928213edcd48e25a13db

SHA512
40bdee40e517e81ae1e996863f4606e07c2838b3a74240da27693b2dca18866dd8ba12599c3c250bffbaf193156bf1052c1eccc6d182318c666fabf4987535e9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\libjpegturbo.dll
Filesize
278KB

MD5
d4a6b70e64e19884a80b8f0b205c1045

SHA1
14f821acb93ff13b9d6bcaa40316f9605d958589

SHA256
7cfb2c8456ebc2c0dceffca96a7f63ed2c293b99d4a115bb01590b87761c2b37

SHA512
42575802b48f16baa5024fe186c5b7c1f348888896dfcc8c88425b4cfad8428a354c10c782cd8498558a1084fc0800968aaf50da0c90dc2d276da6ccd8378f49

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QQPCWifiSafe\libpng.dll
Filesize
154KB

MD5
772bc1ecc5f7e5655145dd61e6ece349

SHA1
14553cb511d3cbd2056ddea7a1e019abad5f9b25

SHA256
092d9313e4456c0d36385dc1d76975e4c574e4806e01e7de340b6f6c651c0173

SHA512
be7a54c5f79ba0334ce16193a9c8744cc8f24438af5515677f30b3b2056913a962d4a6d1893000a92cef325f9c07ea6d1f3e51a9af520dbddf05b35557b8ecf9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\SoftUninstall\SoftUninstall.dll
Filesize
497KB

MD5
7c9265fd82336a13a80052d3b1210d24

SHA1
edfdd4fb958b986e8f0d6590bcaf2347c02013c3

SHA256
69f6b4162e87cfa7931007c14a66fc1dac977a2ab5a984aea9c13ed0267cf9fc

SHA512
a925eec484b0a9678cffebfee9bff056b21492b18af02a80e1d99272473eeef32c06675c4d44f96bd94664d2f556a5ebbfe456bb7521b11c6f5b0aba177f3133

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\adplugin\QMAdFilter(big).png
Filesize
5KB

MD5
33a350ed39ba86596329938654911c40

SHA1
bb8648916a4a0480fb000821bf3b0aa69f6e64b6

SHA256
8fdc4e0cda41cf07bb25b5da34094c9192a0654fe86e46fcd950991e29ee20ca

SHA512
1bc3e969e4969e44b48fd26efd279ec2714f2ed9dcf250049b924b1a21c10a48448a7820f40178dcc46dec9772644da5121457a11ff7d8f528ece3475ca5301a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\sqlite.dll
Filesize
470KB

MD5
856767957cde3156d05265c175468973

SHA1
798192e8883181638679abd66ae970aaf949317f

SHA256
7da90541af73e460ec815dfc2d20c9457d4ec6de6daf00bbc27274fed608ce72

SHA512
e50b79eb5b28fcac6ec144fa4e74ca60a5af950f7d6aad02b8136b2a72692b1c2b4e3425c3bcee1a8d0f9a00bb47807c3375a5b59cd81350142b17bf7cc4df50

Download Submit
C:\ProgramData\Tencent\QQPCMgr\QQPCMgrInstall_20240523090015.Log
Filesize
5KB

MD5
0ebf748e46936df292454f36e57f767e

SHA1
64b0215f355b170944a0f8b3c969de2c96de826a

SHA256
68c4342e61a75734ca95aa8931f1ec114fdc63e01b248d35ed58d8102092ebc4

SHA512
22ed5ed54cd594337d42351274a61385dbfd9d6a498103e135a8f189c3589c75aaa68eb9119d6213248541bea2cffe417fd2c987734b496ce149542438923df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe
Filesize
49.2MB

MD5
d9bd2c2ea09075d1647f0541385c5b65

SHA1
79e6e2f4e368db11e0b2371c907737cb618a6f73

SHA256
45eddf57fd9b7a4bad7758991fb19b01ec68dc3d4f003104b055688b8d84d669

SHA512
c2c3223eabdf28a9abcfccd72dd4465569c9345ac2899ebd4177bb1d87ea051943c8dc3f2e7a3a8eaf4a5ba8d26044ab061907d1c07611d14687e9d5d65a0f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\InstAsm.exe
Filesize
100KB

MD5
2cf3201553b4eabb62a35143a808381f

SHA1
e70a8f68ae3b8761a2ae75ace72f97bde0b3aa81

SHA256
3de1b79a41e5deb6366ba9f13ff65e47697fddbf7f355995fdd45f50c3668249

SHA512
2665d0fc15620c2125e65d27664ed80936e8b281293f0726fb7c3ca4590462bc13c7c607d85e74f67c91bbd61868a1f30710b0469db3657d5aee99983751b059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\PackageConf.dll
Filesize
286KB

MD5
cbe8afe380fff9c520ac6c1721dc47fc

SHA1
9e1cf0b7fa0f3fd65bcc9f838d3c23cc57ba3043

SHA256
672495fce05dd1864e2040f7f3ae6c1c942b7e583bb10552067fc2db9ec51c32

SHA512
b913d2e9e4dff8748c388743523c04814ad1e89e6972642a1b00034a840edb82225a9801acd0869ae41143b1aaac77d3d890466509b31fbe3aadf8291a75d114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\TestMSVCR.exe
Filesize
16KB

MD5
4b847825788ec131032f106500638b92

SHA1
b5948921e9d3331eda2906cb664d32ab05564434

SHA256
3313c7606698e6721f65a8ec84e7e1f95859b39a7e2ca40463164788ab00565d

SHA512
e1390df49d8c101aa946ec01600ea7a55953ca950011e64c6343d672179ffbe5e1eff98fadc1b38464702e20c7c1e830eb928a1886dbd4ed4c95a57abbd29146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\TestMSVCR_64.exe
Filesize
16KB

MD5
03d4d6e095bd4883ffdb1d2efdb113f5

SHA1
617a1eb4455389d29b4c4aa225d9ed36685d79a3

SHA256
b5c01124d80d96ceff8829f3623044151bb14e4111a8d241abe00dfbfd173601

SHA512
c4047c355da3cdfa6a359c7e4c0e170ab75ff53f6ea3dfd754b215991b9de158b8fc0c41b79a38a9591801ce4062a6af44ce8104e647c6a492fff75c4c4f0643

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e578107\dr.dll
Filesize
427KB

MD5
68a34245c650829c613e9068bdc6f79d

SHA1
f877ad637c2097915ba894fdccb1a596a52a726e

SHA256
c72cc19b9ee4546378d22483d5cbe612805be585658df9d28677174b19c2b3bf

SHA512
1c9181c1693f3fb4c3044f57f9113f1858cb709c56ea7beec1d41026c4a64070e221dcb61669fbdab63fc0669df24f4a126ea517a157a738b9a35d784cef9afe

Download Submit
memory/228-47-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/544-2396-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2948-39-0x0000000006890000-0x00000000068D8000-memory.dmp

Filesize
288KB

Download
memory/3724-2398-0x000000006F390000-0x000000006F3A0000-memory.dmp

Filesize
64KB

Download
memory/3724-2494-0x000000006F390000-0x000000006F3A0000-memory.dmp

Filesize
64KB

Download
memory/3724-2495-0x0000000076250000-0x00000000762B3000-memory.dmp

Filesize
396KB

Download
memory/4864-2369-0x0000000077AC0000-0x0000000077D41000-memory.dmp

Filesize
2.5MB

Download
memory/4864-2366-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download